Notices Specifications may be changed without notice. This document is provided for informational purposes only. I/O Software, Inc. makes no warranties, either express or implied, as to the accuracy of this document. The entire risk of the use, or the results of the use, of this product remains with the user. This product may have a small possibility of granting access to persons other than those who have registered their security token. In no event shall I/O Software, Inc.
Table of Contents Chapter 1: Welcome to SecureSuite............................................... 8 ABOUT THE GUIDE .......................................................................................................................... 8 NAMING CONVENTIONS AND TYPEFACES .................................................................................... 10 SYSTEM REQUIREMENTS...............................................................................................................
Locking Your Workstation............................................................................................ 34 Unlocking Your Workstation ........................................................................................ 34 Chapter 6: Account Management ................................................. 35 MY SECURESUITE SETTINGS ........................................................................................................ 35 USER PROPERTIES – SECURESUITE POLICIES ..................
SECURING A FILE OR FOLDER ....................................................................................................... 84 SECUREFOLDER EMERGENCY RECOVERY UTILITY ...................................................................... 85 Choosing your Emergency Recovery Passphrase ........................................................ 85 Changing your Emergency Recovery Passphrase........................................................ 86 Disabling the Emergency Recovery Utility ................
POLICY ........................................................................................................................................ 118 AVAILABLE SETTINGS................................................................................................................. 118 LIMITS SETTINGS OF…................................................................................................................ 118 DEPENDS ON SETTING OF… .....................................................................
Chapter 1: Welcome to SecureSuite Chapter 1: Welcome to SecureSuite About the Guide The SecureSuite XS User’s Guide is designed to introduce and familiarize you with SecureSuite’s many features and applications. It also provides the information necessary for you to customize SecureSuite to meet your specific needs and security requirements. This manual has been divided into 12 chapters, providing an overview of SecureSuite as well as operating instructions for the various SecureSuite applications.
Chapter 1: Welcome to SecureSuite User Manager, add a new user account to SecureSuite, and make new methods of authentication available. • Chapter 8: SecureSuite System Settings describes the various system properties, including system policies, device management, event logging, database management, SecureFolder policies, SecureSession policies, communication settings, and logon settings for identification devices. It also covers the basics of how to secure applications with SecureLaunch.
Chapter 1: Welcome to SecureSuite Naming Conventions and Typefaces Information within this guide is clearly structured with descriptive instructions as well as many step-by-step examples on how to implement or configure a particular feature. These are supplemented with graphics that make the instructions easy to follow. Note: Notes generally represent information that requires special attention. Notes in the manual will be displayed in this typeface.
Chapter 1: Welcome to SecureSuite System Requirements Requirements Recommendations Windows 2000 w/ SP1 Windows XP Professional or Windows XP Home Edition Windows 2000 w/ SP2 Windows XP Professional For SecureSession for Internet Explorer, IE 4.x or above Internet Explorer 6.
Chapter 2: SecureSuite Overview Chapter 2: SecureSuite Overview SecureSuite is an enhanced security software solution that seamlessly integrates with the Windows 2000 and Windows XP operating systems to provide biometrically enabled user authentication services and additional functionality. SecureSuite supports stand-alone workstation installations, as well as full client/server functionality.
Chapter 2: SecureSuite Overview • User-friendly wizards facilitate the installation and enrollment of authentication methods including smart cards, tokens or biometric devices. • SecureSuite provides efficient administrator tools, such as the SecureSuite User Manager, which enables full user management, from system policies to biometric enrollment. • SecureSession captures and stores information for application windows and web sites, and releases the information upon authentication.
Chapter 2: SecureSuite Overview SecureLogon: SecureLogon enhances the normal logon procedure for Windows, enabling you to log on to your system securely and easily using one or multiple authentication methods and devices supported by SecureSuite. SecureSession: SecureSession is composed of two applications: • SecureSession for Applications (SecureSession/Apps) stores passwords and other text-based information for application windows, and enters the information for you.
Chapter 2: SecureSuite Overview Architecture This section provides an overview of product operation, including details about SecureSuite XS Server, SecureSuite XS Workstation, and SecureSuite user roles. SecureSuite XS Workstation vs. SecureSuite XS Server SecureSuite XS Workstation: SecureSuite XS Workstation is a complete package that can operate with or without SecureSuite XS Server installed.
Chapter 3: Installing SecureSuite XS Workstation Chapter 3: Installing SecureSuite XS Workstation Prior to running the installer, please verify that you have at least one network client installed on the target system. This can be verified by viewing the properties of any available connection in Network Neighborhood or My Network Places by right-clicking the connection icon and selecting Properties.
Chapter 3: Installing SecureSuite XS Workstation Product License Key: Enter the product license key provided on a label on the SecureSuite CD envelope. Click Next to continue. If the product license key entered is invalid or already in use, you will be prompted to enter a new one after restarting your system. Release Notes: Select the Yes check box to review the Release Notes for important information about installing and using SecureSuite.
Chapter 3: Installing SecureSuite XS Workstation Initial Logon Procedure To log on to your system after installation: 1. Press Ctrl + Alt + Delete as prompted by the SecureSuite Authentication dialog. 2. Enter your user name and password. 3. Click Options to change the target domain on which to authenticate. Select the Authentication Details check box to view instructions specific to your account. 4. Click OK or press Enter when finished.
Chapter 3: Installing SecureSuite XS Workstation The SecureSuite Welcome Screen Upon successful authentication, your desktop will appear and you will see the SecureSuite Welcome Screen. From this screen, you can register your SecureSuite software, create a new user account, or exit to the desktop. Register SecureSuite: Click this tab to register SecureSuite and take advantage of product update notifications and technical support. Your Internet connection must be active in order to register SecureSuite.
Chapter 5: Using SecureSuite Chapter 4: SecureSuite Key Features System Integrity Verification On every system restart, SecureSuite makes sure all installed SecureSuite binaries have not been tampered with, replaced, etc. If any corrupt or missing files are detected, SecureSuite will display a message alerting you of the problem.
Chapter 5: Using SecureSuite Credential Caching Credential caching is a feature that allows the credentials of the last successful logon to a remote domain to be securely cached (stored) on a client computer. This policy can be enabled at the system level, or set per user via the SecureSuite User Manager.
Chapter 5: Using SecureSuite Windows System Tray SecureSuite adds a SecureSuite shortcut icon to the Windows system tray. The SecureSuite system tray icon allows you to access most SecureSuite functionality quickly and conveniently. If enabled, the SecureSession for Applications icon and any method icons will also appear in the system tray. SecureSession for Applications Icon The SecureSession for Applications icon allows users to register and manage SecureSession data.
Chapter 5: Using SecureSuite Chapter 5: Using SecureSuite SecureSuite License Manager The SecureSuite License Manager is an easy-to-use tool for managing your Product License Key and User License Keys. The License Manager Properties Dialog From the SecureSuite License Manager Properties dialog, administrators can enter a new Product License Key in order to upgrade SecureSuite and utilize features that may be disabled in a demo or evaluation version, or add new User License Keys.
Chapter 5: Using SecureSuite Figure 4: SecureSuite License Manager Product License Keys Your SecureSuite Product License Key, which you received with your SecureSuite software for use during the installation process, is synonymous with a serial number. You must have a valid, unique Product License Key in order to install and use SecureSuite. This Product License Key determines the version of your SecureSuite installation.
Chapter 5: Using SecureSuite User License Keys With SecureSuite installed on your system, all users may use the password method for authentication. However, in order for a user to employ any other authentication method supported by SecureSuite, a user license must be available. Each user license enables a single user to have any SecureSuiterelated authentication method (or combination of methods) assigned to their account. Enrolling a single user with multiple methods does not use multiple user licenses.
Chapter 5: Using SecureSuite Duplicate License Keys If SecureSuite detects that you have entered a Product License Key or User License Key that is already in use, you will receive a message asking if you would like to enter a new License Key. Click Yes to enter a new License Key and continue using SecureSuite. If you click No, SecureSuite will be disabled the next time you restart your machine.
Chapter 5: Using SecureSuite SecureSuite User Authentication SecureSuite is an advanced authentication infrastructure designed to provide secure and convenient forms of authentication. Before allowing users to access a protected computer, application, web site, file or folder, SecureSuite will prompt them to authenticate (prove who they are) via an authentication dialog.
Chapter 5: Using SecureSuite Verification vs. Identification In order to understand SecureSuite’s authentication dialog, you must first understand the difference between verification and identification. • Verification answers the question: “Are you who you say you are?” • Identification answers the question: “Who are you?” With Sony Puppy fingerprint identity devices, it is necessary to first identify yourself to the system by typing in your user name.
Chapter 5: Using SecureSuite The Authentication Dialog To authenticate using a password: When accessing a secured resource on a SecureSuite-protected system, the SecureSuite Authentication dialog will appear. To log on to your system using a password, type your user name in the User name text box and your password in the Password text box. (Optional) Click Options to change the Log on to location to something other than the default local machine (this computer) or network domain server.
Chapter 5: Using SecureSuite Figure 6: Multiple Authentication Methods, Password and Fingerprint Like Windows, SecureSuite retains the last user name of the last user that logged on, and the domain to which that user logged on. On subsequent system boots, this information automatically appears in the SecureSuite Authentication dialog.
Chapter 5: Using SecureSuite SecureSuite Icons and the Welcome Screen SecureSuite Icons Once you have logged on, SecureSuite will automatically place an icon in the Windows system tray, from which you can quickly access product information, help files, and your user settings. If you are an administrator, you will also be able to access the SecureSuite User Manager and the SecureSuite System Settings dialog (on Windows 2000).
Chapter 5: Using SecureSuite The SecureSuite Welcome Screen The SecureSuite Welcome Screen will also appear. From this screen, you can register your SecureSuite software, view your user settings, or exit to the desktop. Register SecureSuite: Select this tab to register SecureSuite in order to take advantage of product update notifications and technical support. Internet connection must be active in order to register SecureSuite.
Chapter 5: Using SecureSuite Using the SecureSuite Help System Use the SecureSuite Help system to get help on specific topics or dialogs. the Start menu, select Programs, SecureSuite, and click SecureSuite Help to open SecureSuite’s Help system. You can also access From Help via the SecureSuite icon in your Windows system tray or on your desktop. Context-sensitive help topics are available by pressing the F1 key while using a SecureSuite dialog, or clicking the Help button in SecureSuite dialogs.
Chapter 5: Using SecureSuite Workstation Security SecureSuite allows you to protect your computer and its contents when you are away from your desk. Locking Your Workstation To lock your workstation: • Click the SecureSuite icon in the Windows system tray and select Lock Workstation. - OR - • Press Ctrl + Alt + Delete to launch the SecureSuite Logon To Windows dialog and click the Lock Computer button.
Chapter 6: Account Management Chapter 6: Account Management My SecureSuite Settings My SecureSuite Settings is a SecureSuite tool that you can use to view and modify your SecureSuite account properties.
Chapter 6: Account Management User Properties – SecureSuite Policies SecureSuite’s behavior is determined by a number of policies, which are typically set by a system administrator. Administrators can configure many of these policies separately for each user. Users can set some of their own policies. Which policies may and may not be modified by each user depends on the configuration options made available to each user by a system administrator.
Chapter 6: Account Management Authentication Methods SecureSuite allows users to verify their identities using one or more authentication methods. A user’s associated (enrolled) authentication methods are listed in the Authentication Methods tab of their User Properties dialog. Figure 9: User Properties, Authentication Methods The Authentication Methods tab of your User Properties dialog lists methods and associated devices with which you are currently enrolled.
Chapter 6: Account Management User Properties – SecureSession Policies SecureSession is divided into two separate applications: SecureSession for Applications, and SecureSession for Internet Explorer. Both applications allow you to store text-based information that you need to enter often, and have SecureSuite enter the text for you. The following discussion refers to SecureSession in general since the information pertains to both applications.
Chapter 6: Account Management Changing User-Level Policy Settings Click the User Policies button in the SecureSession tab of your User Properties dialog to bring up the SecureSession User Policies dialog. From this dialog, you can set general user-level application policies, which can override account-specific (web site-specific or application-specific) policies. To set user-level SecureSession policies: 1. From the Start menu, select Programs, SecureSuite, and click My SecureSuite Settings. 2.
Chapter 6: Account Management Modifying Individual SecureSession Account Information To access information for a particular registered web form or application window: 1. From the Start menu, select Programs, SecureSuite, and click My SecureSuite Settings. Your Properties dialog appears. 2. Select the SecureSession/Apps or SecureSession/IE tab. 3. Select the SecureSession account, and click the More Info button.
Chapter 6: Account Management If you change any information for a web site or application that you have registered with SecureSession, you will also need to update the information with SecureSession so that the correct information is provided. To modify your stored SecureSession account: information for 1. Open the appropriate SecureSession dialog (see previous instruction). an individual Information 2.
Chapter 6: Account Management Changing policies for an individual application window or web site The account-level policies for SecureSession are similar to the user-level SecureSession policies (with the exclusion of Require authentication when registering applications) and can be configured in the same way. To set account-level policies for SecureSession: 1. From the Start menu, select Programs, SecureSuite, and click My SecureSuite Settings. Your User Properties dialog appears.
Chapter 6: Account Management User Properties – SecureFolder Policies To set user-level SecureFolder policies: 1. From the Start menu, select Programs, SecureSuite, and click My SecureSuite Settings. Your User Properties dialog appears. 2. Select the SecureFolder tab. 3. Double-click a policy to modify its setting. 4. After setting the policy, click OK.
Chapter 7: System Administration Chapter 7: System Administration Administering SecureSuite on Windows 2000 and XP Professional The SecureSuite User Manager on Microsoft Windows 2000 and Windows XP Professional is a Microsoft Management Console (MMC) snap-in, which enables management of authentication processes for all workstations and users from the same application that was used for user management prior to installing SecureSuite.
Chapter 7: System Administration Creating a New User Account Note: During this process, you must enter a password for each user even if a password is not one of the selected methods of verification. This is a requirement for Windows. To create a new SecureSuite user account on Windows 2000 and XP Pro: 1. From the Start menu, select Programs, SecureSuite, and click SecureSuite User Manager. The Local Users and Groups dialog appears. 2. From the Action menu, select New User. The New User dialog appears. 3.
Chapter 7: System Administration Figure 16: New User Account, Microsoft Windows 2000 4. The User Authentication Methods dialog appears. If another method of authentication is selected, a devicespecific enrollment wizard will guide you through the enrollment process. For more information, see the Adding Additional Methods of Authentication to a User Account section below. 5. Click OK.
Chapter 7: System Administration Administering SecureSuite on Windows XP Home After SecureSuite installation, all users are converted to SecureSuite users. This conversion process does not affect a user’s Windows account profile in any way— it simply involves setting up and initializing a user’s profile in the SecureSuite database.
Chapter 7: System Administration To access the SecureSuite User Manager on Windows XP Home: 1. Click the Start button, select Programs, SecureSuite and click SecureSuite User Manager. 2. Type the user name and password of a SecureSuite administrator when the SecureSuite Authentication dialog appears.
Chapter 7: System Administration Creating a New User Account To create a new SecureSuite user account on Windows XP Home: 1. From the Start menu, select Programs, SecureSuite, and click SecureSuite User Manager. 2. Type the user name and password of a SecureSuite administrator when the SecureSuite Authentication dialog appears. 3. From the User menu, select New User. The New User Enrollment Wizard appears. Click Next to begin the enrollment process.
Chapter 7: System Administration 4. Enter the User Name (required), Full Name (optional) and a Description (optional) for this user and click Next. Figure 19: New User Enrollment Screen, User Information Screen Table 2: User Information Description Option Description User name Identifies the user account (required). Full name The user’s complete name. It is a good idea to establish a standard for entering full names so that they always begin with either the first name (Louise G.
Chapter 7: System Administration 5. Use the Add and Remove buttons to select group memberships for the new user. Click Next when finished. Figure 20: New Enrollment Screen, Group Memberships SecureSuite allows administrators to assign a user to one or multiple standard Windows user groups. The different levels of group memberships are: Table 3: Levels of User and Group Memberships Option Description Account Operators Members can administer domain users and group user accounts.
Chapter 7: System Administration 6. The Completing New User Enrollment Wizard dialog appears. Click Finish to proceed to the User Authentication Methods dialog. Figure 21: New User Enrollment, Completing Screen 7. In the User Authentication Methods dialog, click the Add button to add one or more authentication method to the user account. The Add Authentication Device dialog appears. 8. Select the appropriate device, listed under corresponding authentication method, and click OK.
Chapter 7: System Administration 9. If the password method is assigned to the new user, enter and confirm the new user’s password. Click OK. Important: Please note that when you are setting up a new user, you must enter a password for the user, even if the user will not use the password method. However, you may leave the password blank, which assigns a blank password to the user. In this case, though, fingerprint authentication will not provide security to this user account.
Chapter 7: System Administration Adding Authentication Methods to a User Account Note: During this and the following examples, the fingerprint authentication method is used for illustration purposes only. Also, this sample procedure assumes that a system administrator has previously installed the fingerprint device with SecureSuite. User License Keys SecureSuite uses licenses to delegate how many users may employ authentication methods other than the standard password method (which has no user limit).
Chapter 7: System Administration 7. Scan your fingerprint four times (the default number). The first three times enroll your fingerprint, and the fourth verifies that the fingerprints sufficiently match for later use in the verification process. Click Next. 8. Click Finish. The User Properties dialog appears. • Use the Add button to add an additional method of authentication. • Use the Remove button to delete an enrolled method of authentication. 9.
Chapter 8: SecureSuite System Settings Chapter 8: SecureSuite System Settings System Settings refer to SecureSuite tools that allow administrators to manage SecureSuite options and policies from one easy-to-use centralized access point. An administrator can use these tools to view and modify system properties for a target computer or for a domain.
Chapter 8: SecureSuite System Settings To use the SecureSuite System Settings dialog on Windows 2000 and XP Professional: • From the Start menu, select Programs, SecureSuite, and click SecureSuite System Settings. • From this dialog, select the SecureSuite feature that you want to access from the left pane, and then double-click an option in the right pane. The SecureSuite functionality that can be accessed from this dialog is described in the following sections.
Chapter 8: SecureSuite System Settings To use the SecureSuite System Properties dialog on Windows XP Home: 1. From the Start menu, select Programs, SecureSuite, and click SecureSuite User Manager. 2. From the Options menu, select System Properties. 3. From this dialog, select the appropriate tab to access the desired functionality. The SecureSuite functionality that can be accessed from this dialog is described in the following sections.
Chapter 8: SecureSuite System Settings System Settings – Policies The SecureSuite System Settings – Policies dialog allows an administrator to configure the policy settings for a specific workstation or an entire domain. These policies are effective for all users on the target workstation or domain. Some system-level policies also allow administrators to configure the policy for individual users at the user level. Note that system-level policies override userlevel policy settings.
Chapter 8: SecureSuite System Settings System Settings – Authentication Methods The System Settings – Authentication Methods dialog allows a SecureSuite administrator to install, configure, and uninstall any authentication device supported by SecureSuite. Devices must be “added” to SecureSuite after they and their associated methods are installed on a system or domain.
Chapter 8: SecureSuite System Settings Managing Authentication Devices on Windows 2000 and XP Professional Note: The following instructions assume that the OEM’s device module was previously installed with SecureSuite. For information on installing an OEM device module, refer to the Installing OEM Device Modules section in Chapter 12 of this manual. To add an authentication device to your system: 1.
Chapter 8: SecureSuite System Settings System Settings – Database The SecureSuite database stores SecureSuite user data, settings for SecureSuite policies, and other program information for the local machine only. The SecureSuite System Settings - Database dialog allows administrators to view and edit local SecureSuite database options, including the database backup schedule. Normally, there will be no need to change the default settings.
Chapter 8: SecureSuite System Settings Local Database Backup - Setup and Operation To create a schedule for automatic backup of your local database: 1. In the Start Time box, click the up and down arrows to select the local database backup start time. 2. In the Every…Day(s) box, click the up and down arrows to select the frequency of the local database backup. 3. Click New to set the start time and duration of the new local database backup schedule.
Chapter 8: SecureSuite System Settings System Settings – SecureFolder Policies for SecureFolder can be configured from the SecureSuite System Settings – SecureFolder dialog. To set system-level SecureFolder policies: 1. Double-click the policy that you want to set. A SecureFolder Application Policy Setting dialog appears. 2. Select the desired setting, and click OK.
Chapter 8: SecureSuite System Settings System Settings – SecureSession for Applications Policies for SecureSession for Applications can be configured from the SecureSuite System Settings – SecureSession/Apps dialog. To set the system-level SecureSession for Applications policy: 1. Double-click the policy that you want to set. The SecureSession for Apps Application Policy Setting dialog appears. 2. Select the desired setting, and click OK.
Chapter 8: SecureSuite System Settings System Settings – Communication Settings An administrator can configure the communication settings in order to ensure proper communication between a server and its clients. This is necessary when the server is protected by a firewall that uses Network Address Translation (NAT) or a similar mechanism and one or more client machines are outside of the firewall.
Chapter 8: SecureSuite System Settings Port Settings Changing a port from 0 (which allows the use of any available port) to another port allows SecureSuite to function over a firewall or similar security component. The Server TCP Port Setting allows an administrator to specify which TCP port the server will use to receive messages from client machines during the ping process. The RPC Port Settings allow an administrator to specify which ports will be used in order to ensure proper RPC communication.
Chapter 9: SecureSession Chapter 9: SecureSession SecureSession consists of two different applications (related in their basic functionality): • SecureSession for Applications (SecureSession/Apps) stores passwords and other text-based information for Windows applications. • SecureSession for Internet Explorer (SecureSession/IE) stores passwords and user information for web sites. SecureSession will remember user names and passwords for application windows or web sites.
Chapter 9: SecureSession SecureSession for Applications SecureSession for Applications remembers passwords and other text-based information that you would normally type into Windows dialog boxes, and submits them for you. Each of your application accounts is unique. Therefore, you must follow the registration procedure individually for each application window that you wish to access with SecureSession. The SecureSession for Applications system tray icon is located in the Windows system tray.
Chapter 9: SecureSession Registering an Application To register an application window with SecureSession for Applications: 1. Click the SecureSession for Applications button and select Register from the menu that appears. The SecureSession – Window Registration dialog appears. Click More to view detailed information about the application window you are registering. The data you entered in the target window is automatically listed in the Control Data field of the SecureSession Window Registration dialog.
Chapter 9: SecureSession 2. Confirm that you want to register your information by clicking Yes. Figure 32: SecureSession - Window Registration Note: You have the ability to turn off SecureSession for this application window. If you select the Turn off SecureSession for this window check box, SecureSession will not automatically display the Logon Helper window (which allows you to have your information entered by SecureSession) when you open this application window in the future.
Chapter 9: SecureSession 3. After registering the application, you are prompted to enter a description and select a storage location for the registered information. Depending on your system configuration, you may have one or more options for the storage of your registered information. Your local machine is always an option. If your machine is a member of a domain, you will have the option of storing your information on the domain.
Chapter 9: SecureSession 4. Click the Advanced button to view and modify the policies for the window being registered. Double-click a policy to modify its setting. The SecureSession for Applications Window Policy Setting dialog appears. Figure 33: SecureSession/Apps Window Registration For more 5. Make the desired changes and click OK. information on individual policy settings refer to the Managing SecureSession/Apps section in Chapter 3 of this manual. 6.
Chapter 9: SecureSession Activating SecureSession for Applications Every time you return to a registered application window, the Logon Helper window will appear to automatically enter your registered information. To have SecureSession provide your registered information: 1. Open the registered application. window appears. The Logon Helper 2. Select the description for the information that you want SecureSession to submit for you.
Chapter 9: SecureSession Editing SecureSession Information If you need to change your password, user name, or other information for a registered application, you must also update that information with SecureSession. To modify registered SecureSession information: 1. Open the application window you wish to update. 2. Type your new information in the appropriate fields, as if you were logging on to the application. 3.
Chapter 9: SecureSession Removing Registered Application Information If you no longer want SecureSession to remember and provide a certain set of information, you can remove the stored information for that registered application window. To remove SecureSession registration from an application window: 1. Open the application window for which you wish to remove registered data. 2. In the drop-down list of the Logon Helper window, select the description of the data that you want to remove. 3.
Chapter 9: SecureSession SecureSession for Internet Explorer SecureSession for Internet Explorer allows you to log on to a web site without having to type your user name and password. The SecureSession Web Site Registration dialog is only accessible when SecureSession recognizes that you are at a web site that requires a password. You will then have the option of allowing SecureSession to remember the password you entered for the web site.
Chapter 9: SecureSession Registering a Web Site To register a web form with SecureSession for Internet Explorer: 1. When you access a web site that requires a user name and password combination, log on to the site as normal. The SecureSession Web Site Registration dialog appears. 2. Click Yes to allow SecureSession to remember the username and password you entered for the web site. The SecureSession – Registration dialog appears.
Chapter 9: SecureSession Figure 36: SecureSession for Internet Explorer Registration 3. Use the up and down arrows next to the text box near the top of the dialog to specify the level of truncation for the web site's URL. This allows you to log on to multiple web pages that use the same logon credentials. For example, you may have the same user name and password for logging on to your Hotmail account and your MSN Messenger account. In this case you would want to truncate the URL so that only "passport.
Chapter 9: SecureSession Activating SecureSession for Internet Explorer Every time you return to a registered web site, the Logon Helper window will appear. To have SecureSession provide your registered information: 1. Verify that the correct logon information is selected in the User Name drop-down list of the Web Site Logon window. 2. Click Log On to have SecureSession fill in your information.
Chapter 9: SecureSession Editing SecureSession Information If you need to change your password or user name for a registered web site, you must also update that information with SecureSession. To modify registered SecureSession information: 1. From the Start menu, select Programs, SecureSuite, and click My SecureSuite Settings. Your Properties dialog appears. 2. Select the SecureSession/IE tab. 3. Select the SecureSession account that you wish to update, and click the More Info button.
Chapter 9: SecureSession Removing Registered Web Site Information If you no longer want SecureSession to remember and provide a certain set of information, you can remove that stored information. To remove SecureSession registration from an application window: 1. Using Internet Explorer, open the registered web site for which you wish to remove registered data. 2. From the User Name drop-down list in the Logon Helper window, click Remove. 3. Click OK to confirm removal of your user name and password. 4.
Chapter 10: SecureFolder Chapter 10: SecureFolder SecureFolder provides a powerful, yet fast and convenient way to protect sensitive data in secured files, or groups of files in secured folders. Once files or folders are encrypted, only the owner (the user who initially secured the file or folder) and users to which the owner has granted permission can view its contents.
Chapter 10: SecureFolder Securing a File or Folder To secure a file or folder with SecureFolder: 1. Right-click the file or folder, and select Secure. 2. If you are securing a folder, the SecureFolder – Secure dialog appears, asking if you are sure that you want to secure the folder. Click Yes to confirm that you want to encrypt the data. (Select the Do not show this dialog again check box if you do not want to be prompted for confirmation when securing files and folders in the future.
Chapter 10: SecureFolder SecureFolder Emergency Recovery Utility Since SecureFolder manages encryption keys for your files and folders, if SecureFolder is uninstalled from your system while files or folders are secured, the encryption keys for those files and folders will be lost. Furthermore, if a user account is removed from the system while that user has files or folders secured, the encryption keys for those files and folders will be lost.
Chapter 10: SecureFolder Figure 39: SecureFolder Emergency Recovery Changing your Emergency Recovery Passphrase To change your emergency recovery passphrase: 1. From the Start menu, select Programs, SecureSuite, and click My SecureSuite Settings. Your Properties dialog appears. 2. Select the SecureFolder tab. The the Recovery Passphrase button. SecureFolder Emergency Recovery Passphrase 3. Click dialog appears. 4. Enter and confirm your new passphrase. 5. Click OK.
Chapter 10: SecureFolder Disabling the Emergency Recovery Utility There are two ways to disable SecureFolder’s Emergency Recovery Utility. One way is to disable it the first time you secure a file or folder by selecting the Disable SecureFolder emergency recovery check box in the SecureFolder Emergency Recovery Passphrase dialog. The second is to disable it in your Properties dialog via your user-level SecureFolder policy settings, which can be done at any time.
Chapter 10: SecureFolder SecureFolder Sharing Once a file or folder has been secured, the owner can choose to share it with other users. To share a secured file or folder: 1. Right-click the file or folder that you wish to share, and select Share from the menu that appears. 2. Verify your identity when the SecureFolder Owner Authentication dialog appears. The Properties dialog for the file or folder appears with the Share tab selected. 3. Click the Add button. A Select Users dialog appears. 4.
Chapter 10: SecureFolder Figure 40: SecureFolder Properties – Sharing To remove a user’s share privileges: 1. Right-click the file or folder that you wish to share, and select Share from the menu that appears. 2. Verify your identity when the SecureFolder Owner Authentication dialog appears. The Properties dialog for the file or folder appears with the Share tab selected. 3. From the Authorized User(s) list, select the user whose access privileges you want to remove, and click the Remove button.
Chapter 10: SecureFolder Working with Secured Files and Folders After the file or folder is secured, only the owner and users to which the owner has granted permission can unsecure it or view its contents. To access a secured file: 1. Double-click the file as usual. 2. Verify your identity when the SecureFolder Owner Authentication dialog appears. The file becomes unsecure. 3. View and modify the file as usual. 4. When you are finished with the file, re-secure it if desired. To access a secured folder: 1.
Chapter 10: SecureFolder Removing Security From a File or Folder To unsecure a file or folder: 1. Right-click the file or folder. 2. Click Unsecure. 3. At the prompt, click Yes to confirm that you wish to unsecure the file or folder. 4. Verify your identity when the SecureFolder Authentication dialog appears. Owner 5. The security icon will no longer be displayed on the file or folder. Any user will be able to access the file or folder without authenticating.
Chapter 11: SecureLaunch Chapter 11: SecureLaunch SecureLaunch prevents unauthorized users from running Windows applications. SecureLaunch is ideal for accounting software and databases that contain sensitive and confidential information. It can also limit access to applications such as web browsers and games. In general, only files with an extension of EXE are supported, although other (unsupported) file types will be listed in the Select Program File dialog.
Chapter 11: SecureLaunch Figure 41: SecureLaunch, Browsing for a Program 5. Click Add. The Select Program Files dialog appears. 6. Browse for the application you want to secure and click Open. 7. The SecureLaunch Access Policies dialog for the selected application appears. 8. From the Access Policies dialog, you can select the Administrators and/or Users (the default groups), and grant permissions. To add another user or group, click the Add button.
Chapter 11: SecureLaunch 9. From the Look in drop-down list, select the domain on which the user/group you wish to add is located. The names of available users/groups will change according to your selection. If you know the name of a particular user/group, you can type the user/group name in the Search Name text box and click Add. To complete the selection click OK. Note: An administrator must log on in order to display the list of users/groups on that domain.
Chapter 11: SecureLaunch To set user restrictions on Windows XP Home: 1. From the Start menu, select Programs, SecureSuite, and click SecureSuite User Manager. 2. Type the user name and password of a SecureSuite Administrator when the authentication dialog appears. 3. From the Options menu, select System Properties. 4. Select the SecureLaunch tab. 5. Click Add. 6. Browse for the application you want to secure and click Open. 7. The Access Policies dialog for the selected application appears. 8.
Chapter 11: SecureLaunch 9. From the Look in drop-down list, select the domain on which the user/group you wish to add is located. The names of available users/groups will change according to your selection. If you know the name of a particular user/group you can type the user/group name in the Search Name text box and click Add. To complete the selection click OK.
Chapter 11: SecureLaunch 10. In the Access Policies dialog, select users or groups and set permissions. The default permission is “Access with Authentication”. Other available permissions are “Access Allowed”, and “Access Denied”. Note: Any user who is not assigned an access policy (or associated with a group that is assigned an access policy) in the SecureLaunch Access Policies dialog will automatically be denied access the secured application.
Chapter 11: SecureLaunch Removing User Restrictions To remove user restrictions from an application on Windows 2000 and XP Professional: 1. From the Start menu, select Programs, SecureSuite, and click SecureSuite System Settings. 2. In the left pane, double-click Applications. 3. Type the user name and password of a SecureSuite Administrator when the SecureSuite Authentication dialog appears. 4. Double-click SecureLaunch. 5.
Chapter 11: SecureLaunch To remove user restrictions from an application on Windows XP Home: 1. From the Start menu, select Programs, SecureSuite, and click SecureSuite User Manager. 2. Type the user name and password of a SecureSuite Administrator when the SecureSuite Authentication dialog appears. 3. From the Options menu, select System Properties. 4. Select SecureLaunch. 5. Select the application from which you wish to remove access restrictions. 6. Click Remove. 7.
Chapter 11: SecureLaunch SecureLaunch Access Policy Rules There are several scenarios you may encounter while configuring access policies for individual users and groups. The following list demonstrates, by way of examples, the rules associated with the different policies and the level of importance given to each of them when deciding which policy to associate with each user and group. Individual user access policies have the highest priority.
Chapter 12: SecureSuite Program Maintenance Chapter 12: SecureSuite Program Maintenance The SecureSuite Installation Wizard allows you to make changes to your SecureSuite configuration, repair SecureSuite in the event of damaged or missing components, or completely remove SecureSuite from your system. Changing your Configuration To modify or repair SecureSuite: 1. From the Start menu, select Settings, Control Panel and double-click Add/Remove Programs. 2.
Chapter 12: SecureSuite Program Maintenance Installing OEM Device Modules In order to utilize any of the advanced authentication devices supported by SecureSuite, the corresponding OEM device module, which contains the files necessary for your new device to work with SecureSuite, must first be installed on your system. If you followed the installation process in Chapter 3, you will not need to go through the following steps. To install an OEM device module: 1.
Chapter 12: SecureSuite Program Maintenance 4. Click the Browse button to specify (or verify) the location of the OEM files, which are necessary in order for your new authentication device to work with SecureSuite. • If you received the device with SecureSuite, these files were included with your installation software, and the current search folder may be the correct location.
Chapter 12: SecureSuite Program Maintenance Removing OEM Device Modules If you no longer want an authentication device to be available on your system, you must either deactivate the device, or completely uninstall the OEM device module from your system. If you plan to use the same device model in the future, you should simply disable the device. The files necessary for operation of this device will be left on your system. To disable an advanced authentication device: 1.
Chapter 12: SecureSuite Program Maintenance If you do not plan on using this specific device model in the future, you should completely uninstall the OEM device module from your system. To uninstall an OEM device module: 1. From the Start menu, select Settings, Control Panel and double-click Add/Remove Programs. 2. From the list of installed programs, select SecureSuite and click the Change button. The SecureSuite Installation Wizard will appear. Click Next to continue to the Program Maintenance screen. 3.
Chapter 12: SecureSuite Program Maintenance Uninstalling SecureSuite XS Workstation Important: You should unsecure any secured files and folders before you uninstall SecureSuite.
Appendix 1: Troubleshooting Appendix 1: Troubleshooting Following is a list of questions that frequently arise while using SecureSuite. For more comprehensive help with SecureSuite, refer to our online KnowledgeBase. Common User Problems Important: Please refer to the Sony® Puppy® installation guide (“Training Your Puppy Unit”) included in your package or on the CD-ROM for specific instructions on the installation and use of your fingerprint identity device.
Appendix 1: Troubleshooting Q: What do I do if my fingers are too moist and I cannot enroll my fingerprints or authenticate? A: If your hands are too moist, wipe your finger before placing it on the fingerprint sensor. Q: What happens if I remove my authentication device while my computer is on? A: Removing your authentication device while your computer is running will cause your device to be unavailable for authentication purposes with SecureSuite. To use your device, reconnect it.
Appendix 2: Glossary Appendix 2: Glossary A Account See User account, Group, SecureSession account. Account lockout A SecureSuite security feature that locks a user account if a number of failed logon attempts occur within a specified amount of time, based on account policy lockout settings. Administrator A person responsible for setting up and managing domain controllers or local computers and their user and group accounts, assigning passwords and permissions, and helping users with networking issues.
Appendix 2: Glossary B Biometrics The automated technique of measuring a physical characteristic or personal trait of an individual and comparing that characteristic to a comprehensive database for purposes of identification. C Client A computer that accesses shared network resources provided by another computer, called a server. See also Server, Workstation. D Decryption The inverse of encryption.
Appendix 2: Glossary E Encryption The process of making information indecipherable to protect it from unauthorized viewing or use, especially during transmission or when it is stored on a transportable magnetic medium. Enrollment The process of collecting biometric samples from a person and the subsequent preparation and storage of biometric reference templates representing that person's identity.
Appendix 2: Glossary I Identification A one-to-many comparison of an individual's submitted biometric sample against the entire database of biometric reference templates to determine whether it matches any of the templates and, if so, the identity of the enrollee whose template was matched. The biometric system using the one-to-many approach is seeking to find an identity within a database, rather than verify a claimed identity. (Contrast with Verification.
Appendix 2: Glossary R Remote Access Service (RAS) A service that provides remote networking for telecommuters, mobile workers, and system administrators who monitor and manage servers at multiple branch offices. Users with RAS on a SecureSuite computer can dial in to remotely access their networks for services such as file and printer sharing, electronic mail, scheduling, and SQL database access.
Appendix 2: Glossary U User account Consists of all the information that defines a user to SecureSuite. This includes such things as the user name and password required for the user to log on, the groups in which the user account has membership, and the rights and permissions the user has for using the system and accessing its resources. The accounts are managed with SecureSuite User Manager. See also Group. User Manager A SecureSuite tool used to manage the security for a computer.
Appendix 3: A Table of SecureSuite Policies Appendix 3: A Table of SecureSuite Policies Domain/System-Level SecureSuite Policies (Start, Programs, SecureSuite, SecureSuite System Settings, Policies) Policy Available Settings (Default settings are bold) Limits settings of… Depends on setting of… Allow users to add/remove/enroll authentication methods and devices Enabled / User Defined Allow management of authentication methods and devices (user-level) None Cache user credentials (only available if
Appendix 3: A Table of SecureSuite Policies User-Level SecureSuite Policies (Start, Programs, SecureSuite, SecureSuite User Manager, SecureSuite Policies) Policy Available Settings (Default settings are bold) Limits settings of… Depends on setting of… Allow user to add/remove/enroll authentication methods and devices Enabled / Disabled None Allow users to manage their authentication methods and devices (system-level) Cache authentication credentials (only available if logged on to domain) Enabled
Appendix 3: A Table of SecureSuite Policies Domain/System-Level SecureFolder Policies (Start, Programs, SecureSuite, SecureSuite System Settings, Applications, SecureFolder) Policy Available Settings (Default settings are bold) Require emergency recovery of secured files and folders Require authentication for all SecureFolder operations Limits settings of… Depends on setting of… Enabled / User Defined Support emergency recovery of secured files and folders (user-level) None Enabled / User Defined
Appendix 3: A Table of SecureSuite Policies Site-Level SecureSession for Internet Explorer Policies (Start, Programs, SecureSuite, SecureSuite User Manager, select user, User Properties, SecureSession/IE tab, select web form, More Info) Policy Available Settings (Default settings are bold) Limits settings of… Require authentication before supplying web page information Enabled / Disabled None Require authentication when managing registered page information Enabled / Disabled None Automatically su
Appendix 3: A Table of SecureSuite Policies Application-Level SecureSession for Applications Policies (Start, Programs, SecureSuite, SecureSuite User Manager, select user, User Properties, SecureSession/IE tab, select web page, More Info) Policy Available Settings (Default settings are bold) Automatically submit registered application information Enabled / Disabled Limits settings of… None Require authentication when managing registered application information Enabled / Disabled None Require authe
