SecureDoc v6.5 SR2 Release Notes

すべて表示

Product/Feature Deprecation Pre-Notice

Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.

Do NOT install SecureDoc 6.5SR2 version in conjunction with any previous versions of SecureDoc.

This version of SecureDoc Enterprise Server has been designed and developed to meet the security standards of Commercial Product Assurance (CPA) of the Communications-Electronics Security Group (CESG), UK (CESG is the National Technical Authority for Information Assurance within the UK). Basically, this version contains all SES Version 6.5 SR1 features with certain modifications and/or limitations to meet the compliance requirements for CPA. This version of SecureDoc CANNOT be installed in conjunction with any previous SecureDoc Versions, and also it CANNOT be upgraded to future versions of SecureDoc because there may be conflicts with such an upgrade. This version of SecureDoc is recommended when you would want to implement and/or comply with CPA standards in your organization. NOTE: For information on setting operational environment that is required to use this product, refer to the Generalized Security Considerations section of the WinMagic Knowledge Base.

 

System Requirements

System requirements and supported devices, including tokens and SmartCards, for SecureDoc v6.5 SR2 are listed here.

Note:  It is strongly recommended to initially install Full-Text Indexing feature (Full-Text Search) into the Database Engine, before performing an SES installation. More information can be found here: msdn.microsoft.com/en-us/library/ms143786(v=sql.100).ASPX

During the installation of SES, if Full-Text Indexing has not been installed, a message will appear indicating the absence of the Full-Text Indexing. This message will not allow the user to stop the installation of SES which will require retrofitting Full-Text Indexing into an existing SQL Server.

Note: Use of the SES Console will require the user to have at least local admin rights on the server or client device (e.g. Admin desktop) on which it runs, in order for the console to function properly.

Note: WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.

 

Features

Reference

Description
SD-11726

Least Use Previleges

Now, SecureDoc Enterprise Software (SES) can be run by a custom Windows standard (non-administrative) user. This ensures CSEG mitigations requiring running an application with minimal sufficient privileges. The SES Administrators can create this custom Windows (non-administrative) account in SES console by granting certain additional permissions and access rights. For information on how to customize Windows Standard Users for Operating the SES Console, refer to https://knowledgebase.winmagic.com/admin/preview-articles.php?id=459.

Known Limitations

Reference

Description
SD-11442

Heap Hardening, Stack Protection, DEP and ASLR

Due to CESG CPA mitigation for enabling the compiler security enhancing options, there is a limitation on integration with third-party software caused by non-compliance of the vendor provided modules with the CESG CPA mitigation.

As a result, the following third-party products are NOT supported:

  • The UPEK Finger Print Reader
  • Lenovo's Rescue and Recovery Solution
  • Lenovo Hardware Password Manager
  • CompuTrace Software

It is recommended that you do NOT install SES 6.5SR2 version in the environment where the features not supported due to this limitation.

NOTE: The SecureDoc Self-Extractor is NOT shipped with the product for the same reason.

Also, it NOT advised to enable or configure the above non-supported functionality in SES console. It is important to note that the options that could enable thse features have not been disabled in the Version 6.5SR2 user interface, so to remain compliant with the CESG-CPA, the above features should not be enabled.

Please note that WinMagic is deprecating SecureDoc V4 Pre-Boot Authentication (PBA) support for SEDs in favor of the fuller function, more capable, V5 Pre-Boot Linux (PBL). The existing V4 support for SEDs will remain in the product for the time being but will not be maintained or enhanced. We recommend that customers migrate to V5 PBL over the course of the next year.”

 

 すべて表示 Release Notes