WinMagic Hard Disk Encryption - The most secure and versatile disk encryption software.

CORPORATE INFORMATION

	Corporate Information
	About WinMagic
	News and Events
	Press Reviews
	Product News
	Testimonials
	Awards & Certifications
	Careers at WinMagic
	Contact Us


	Corporate Info // Press Reviews DISK LOCKDOWN Excerpt from Two disk encryption products provide last line of defense By Maggie Biggs \| Published on Jan. 24, 2005 - FCW If you want to protect desktop computers from cyber attacks and sensitive data in stolen laptop computers, disk encryption could be the last line of defense. Encryption can be done in one of two basic ways: You can choose to encrypt individual files and folders or encrypt the entire disk. Built-in support called Encrypted File System (EFS) in Microsoft Windows 2000 and XP enables users to encrypt individual files and folders. But this approach does not encrypt other parts of the disk where temporary files, the paging file and the Recycle Bin exist. If an attacker or thief accesses the disk, they can see unencrypted portions and potentially obtain sensitive data. A far better approach is to encrypt the entire disk. To eliminate the possibility of an attacker or thief accessing an unencrypted disk, the disk-encryption process should start automatically when a computer boots, prior to the launch of the operating system. We recently examined two products, WinMagic's SecureDoc and PC Guardian's Encryption Plus (EP) Hard Disk, that encrypt the entire disk and insert themselves prior to operating system start-up. The magic touch The WinMagic solution exceeds the capabilities of other disk-encryption products by encrypting removable and fixed drives. PC Guardian developers plan to add support for removable drives in an upcoming release of the product. We had no trouble installing WinMagic's SecureDoc on several Windows 2000 and XP machines. The product's documentation is rather sparse, but a PDF is delivered with the program disks that contain more detailed information. Agency administrators, particularly those unfamiliar with encryption, will want to view this PDF online or print a hard copy for review prior to installation. Developers could simplify this step for administrators by automatically launching the PDF at the start of the installation process. After installing the product, we ran the SecureDoc Wizard to configure encryption on our machines. During configuration, we could choose whether to use passwords, tokens, smart cards or biometrics to confirm the identity of users trying to access the disk. In some cases, we selected passwords only, but for other machines, we selected passwords and USB tokens. We created an emergency disk and then moved on to SecureDoc's Control Center to select disk drives for encryption. Based on the computers' configuration, some machines took 45 minutes to encrypt while others took closer to 90 minutes. The difference is a result of the size of the disk drives and the processor speed. For example, the product estimates that a 30G hard drive on a 1.8 GHz machine will take approximately one hour to encrypt. After completing the disk encryption, we configured the boot log-on via the Control Center. This step enabled SecureDoc to initiate before the operating system starts up. Once logged on, we were able to interact with applications and data as usual. From a user's perspective, the only indications that SecureDoc is at work are the presence of the boot log-on screen and a bit of performance degradation, but the latter was not very noticeable on machines matching the latest configurations. SecureDoc gives agency administrators several choices for encryption and authentication. They can choose one of several encryption methods, such as Federal Information Processing Standard (FIPS) 140-2, and the methods can be updated or replaced. SecureDoc is validated with Common Criteria Evaluation Assurance Level 1, and company officials have applied for EAL-4 certification. On the authentication front, SecureDoc supports a number of marketplace smart cards, tokens, biometric devices and software- or hardware-based public-key infrastructure technology. Officials provide a list of supported hardware devices on the company Web site. Multiple authorized users can access data on a machine. SecureDoc can store up to 100 main files on a computer. In addition, key files stored on smart cards or floppy disks enable an unlimited number of users to access a particular machine. Officials at larger agencies will want to examine WinMagic's SecureDoc Enterprise Server, which enables administrators to create and maintain a centralized key database for all users. In addition, SecureDoc Enterprise Server provides a mechanism that allows administrators to deploy disk encryption enterprise-wide. This latter point is especially important if you want to schedule an off-hours, centralized conversion of user disks. PC Guardian also has such useful tools to enable remote deployment and centralized administration. SecureDoc's compatibility with other system software is good. For example, we observed no conflicts with antivirus software, disk image software, such as Ghost, or multioperating system boot tools, such as Powerquest's BootMagic. Agency administrators should test SecureDoc against agency disk images to ensure complete compatibility. WinMagic's solution primarily targets Windows-based machines. But company officials plan to eventually support other operating systems, such as Linux.

Corporate Info // Press Reviews