BII Compliance - Becrypt Disk Protect, Hard Disk Encryption

Navigation * Home / Services / Becrypt Disk Protect

Becrypt Disk Protect

DISK Protect is a software security solution for Laptop and Desktop computers that secures data by enforcing strong User Authentication and fully encrypting the hard disk(s).

DISK Protect 4 provides

Full disk encryption. DISK Protect transparently encrypts a computer's hard disk(s), automatically encrypting and decrypting data on the fly so that applications can be used as normal. If, however, an unauthorised user attempts to access the hard drive directly, without going through the User Authentication process, the data remains encrypted and unintelligible. In addition, if the hard drive is later disposed of, any data it contains is unintelligible, even if recovered using specialised data recovery tools.

Boot-time authentication. DISK Protect authenticates the user at boot-time, and can be configured to require a strong password or a token and PIN. Authenticating the user at boot-time allows DISK Protect to encrypt the Operating System to prevent unauthorised data access using low-level tools.

Removable media encryption. Removable media encryption encrypts mass storage devices, such as USB memory sticks, and floppy disks, to protect data in transit. It may be performed using a shared Transport Key or a personal Media Key.

DISK Protect 4 supports up to 26 password user accounts or an unlimited number of token and PIN user accountss per protected machine. Each User has a unique password (or token and PIN) which is used to authenticate him or her, and 'unlock' the computer. A user may have DISK Protect accounts on several protected machines.

DISK Protect 4 features Single Sign-On for both password users and token and PIN users and provides secure mechanisms for unlocking the protected machine if the user has forgotten his or her password or PIN.

An easy-to-use Management Tool permits an Administrator to create and manage user accounts and to reconfigure the local machine policy, and permits users to manage their own DISK Protect accounts and their Removable Media Keys.

Two CAPS-approved versions of DISK Protect, DISK Protect Baseline and DISK Protect Enhanced, are also available, with features tailored to the handling and storage of protectively marked material

All versions of DISK Protect provide

Pre-boot authentication.

DISK Protect authenticates the user by password, or by password and token (see the table below for details). If the user fails authentication, he or she is prevented from logging in to Windows and the data of the machine remains secure. DISK Protect and DISK Protect Baseline also provide a mechanism (Challenge-Response) which allows an authorised user, with the aid of an Administrator, to unlock the computer and log into Windows without compromising data security. DISK Protect then forces a password change.

Full-disk encryption.

When first installed, DISK Protect encrypts the computer's hard disk(s). From then on, data is decrypted and encrypted on the fly and applications can be used as normal. If, however, the hard disk is removed from the machine, and the thief attempts to access the data by bypassing User Authentication, its contents are unintelligible.

Summary of features

The table below summarises and compares the features of DISK Protect Version 4, DISK Protect Baseline and DISK Protect Enhanced.

	DISK Protect	DISK Protect Baseline	DISK Protect Enhanced
CESG certification	NO	YES to Baseline	YES to Enhanced grade
FIPS certifcation	YES AES, FIPS197 SHA-256, FIPS180-2 FIPS140;2 pending	N/A	N/A
Full disk encryption	YES	YES	YES
Encryption algorithm	AES 128-bit Key	AES 128-bit Key	AES
Hashing algorithm	SHA-256	Fireguard (CESC defined algorithm)	SHA-256
Operating Systems	Windows 2000 Windows 2000 Server Windows Server 2003 Windows XP Windows XP Tablet	Windows NT4 Windows 2000 Windows XP Windows XP Tablet	Windows 2000 Windows XP
Token Support	Optional Aladdin R2e and eToken PRO USB tokens RSA 5100,5200, 6100 and SID800 Smart Cards Cryptoflex Smart Card Setec Smart Card	Optional Aladdin R2e Token (USB)	Mandatory Dallas IB
Passwords	Length, format, the time and history can all be defined during installation User can choose his or her own password (in accordance with the password policy)	Fireguard Clearview Username + 2x7 characters or 1x9 with token	Refer to policy
Tablet support	YES	YES but not soft keyboard	NO
Secure hibernation	YES	NO	NO
Removable media encryption	YES	NO	NO
Multi-user	YES	NO	YES
Device Recovery (remote recovery after password failure)	YES	YES See S(E)N 05/06 for guidance	NO Recovery diskette
Protect Key Manager support (remote Encryption Key distribution)	YES	NO	NO
Key Material	automatically generated high quality keys	Supplied by CESG	Supplied by CESG
Generation of deployment packages for remote deployment	YES provided by ProtectKey Manager	NO	NO

Please contact a member of our consultancy team today;

Tel: +44 (0) 1622 812333
Email: sales@bii-compliance.com

Home »
Solutions »

Disk Protect - 54.8kb

Disk Protect Enhanced - 56.3kb

Disk Protect Baseline - 57.3kb

PDA Protect - 61.1kb

DISK Protect™ Version 4

DISK Protect 4 is a full-disk encryption solution for Laptop and Desktop computers running Windows 2000, Windows XP and Windows XP Tablet.

Dual-factor authentication. DISK Protect 4 supports dual factor authentication by Aladdin eToken and password, or by Smart card and PIN.

Single Sign-On into Windows. Disk Protect 4 can simplify start up by setting its own password to the same value as the user's Windows password. This allows the user to log on to the machine and into Windows by entering a single password.

Secure Hibernation. Disk Protect fully supports hibernation.

Remote deployment and management. DISK Protect 4 supports remote deployment and management via BeCrypt Key Manager or standard network management tools.

Please contact us for more information on hard disk encryption or for pricing enquiries »

enquiries@bii-compliance.com ¦ consultancy@bii-compliance.com