FAQ

1. If a user forgets the account credential....

 

The user can use the Help Desk Recovery feature to recover access by generating and exchanging codes with a Help Desk administrator. The code exchange can happen offline (over the phone or over email) and requires the administrator to have access to the help desk console.

The second mode of recovery will allow the user to recover access entirely on their own. To use this recovery mode, the user selects and answers questions about themselves at install time and then answers them whenever they need to regain access. The questions are similar to the ones you would see when accessing or performing security operation on your bank or email (e.g. hotmail) account.

 

 

2. Can the computer be used while the whole hard-drive operation is proceeding?

 

Typically the whole encryption takes a couple of hours but the computer is totally usable. The encryption will carry on in the background until it's complete. The background encryption yields to user activity, and therefore should make no noticable impact to the user experience. The computer can be rebooted or shutdown; the encryption will resume from where it left off when the computer is powered on again.

 

 

 

3. In case of system failure, what are the options for HDD data recovery?

 

The entire disk can be decrypted, which takes a long time. As an alternative, we provide a SEAhawk Recovery Utility (which can run from a bootable CD).  The utility poses questions and leads an administrator through several recovery strategies (for dealing with a variety of failure cases).  It attempts to perform the minimal work required to fix failures.

 

 

 

4. If a user leaves suddenly and we dont have any of his credentials, will the administrator be able to log into the PC and recover/access the info in it?

 

Yes, all data is recoverable by an authorized administrator without the original users's password. If the computer is connected to the network an administrator can login directly using his admin credentials. If the computer is disconnected an administrator can login using the HelpDesk Console Recovery option.

 

 

 

5. How to delete a user account?

 

If the user is no longer employed, and must be removed from the overall system, we call that "Revoking" the user.  A Revoked User will be removed from all Trust Boundaries, so that he/she will no longer be able to access encrypted information (e.g. encrypted files, USBs, virtual disks, etc.)

 

 

 

6. If a user is moved to a different department, how to implement it in SEAhawk?

 

This can be implemented in one step called re-assignment. By this process, user(s) that are already enrolled can be assigned to a different policy, trust boundary and/ or department. The properties are updated at the user's side immediately if the user is logged-in at that moment or the next time user logs-in.

 

 

 

7. What are the levels of security SEAhawk provides?

 

Full disk encryption:
The whole hard-drive of the computer is encrypted and no information can be retrieved without a valid user login

 

Personal disk space:
Every enrolled user gets a personal space, like a separate drive where files can be stored and only that user can access the contents in that space

 

Full control on other media types:
Users can be given any level of access (Read&Write/ Read-only/ No Access) to different media (CD/DVD, Floppy, USB..)

 

 

8. What is the default Client-Server communication interval?

 

The poll interval is adjustable through the polling frequency option and should be tuned down for real production systems to a more reasonable value (like 5 minutes).

 

 

 

9. What are the password complexity options available in SEAhawk?

 

The password complexity can be set by an administrator through Management console.

 

The properties are:

 

• Minimum length

• Number of retries before access denied

• Complexity option (mix of uppercase, lowercase, numbers and symbols)

• Users can setup up to six questions (two minimum) and answers while they enroll which can be used to gain access if they forgot the password
• Users also have an option to contact the helpdesk to reset the password

 

The password reset method can also be set by administrator which allows users to reset the password only through helpdesk only/ questions only/ any of the two.

 

 

 

10. What is the recommended architecture for geographically separated locations?

 

The SAMS (Site Active Management Server) can serve any geographically or functionally dispersed user population. Its recommended to have SAMS installed at the same server where AD is setup for your organization, the management console (application to control the users and features) can be installed at any location accessible by administrator(s). The current model works well with distributed IT management configuration.

 

 

 

11. What are the logging options available on SAMS and client systems?

 

We collect SEAhawk related events from the client side and store them locally until the client connects to the SAMS. Then the events are forwarded to SAMS and become available for reports. The event logs can be used for forensic audits and compliance.

 

 

 

12. How folder encryption (apart from individual files) is done?

 

With SEAhawk, folder encryption can be done in a number of ways:

 

To encrypt a folder, such that you can keep using the files, move the folder contents into a SEAhawk Disk. All files and folder within a SEAhawk Disk are automatically encrypted.

 

You can move the folder to an existing SEAhawk disk (using Windows Explorer) or also by right clicking on the folder, select “CryptoMill SEAhawk | Move to a New SEAhawk Disk”

 

To encrypt a folder so that it can be sent securely to someone else, follow these steps:


     
a) Right click on the folder, select “Sent to | Compressed (zipped) folder”
      b) Right click on the zipped file, select “CryptoMill SEAhawk | Encrypt File”

 

 

13. Can different users have different policies on the same machine or the same user on different machines?

 

SEAhawk policies are user-based. Each unique Windows user can be assigned a policy.

 

Therefore:

 

Different policies can be assigned to different users on the same machine

A user will be assigned the same policy on different machines (AD only)

A user can be assigned different policies on different machines (non-AD)*

*In non-AD environments, every user on every machine is unique and is managed separately (even if they have the same user name)

 

 

 

14. Pre-requisites and system requirements for SEAhawk installation:

 

SEAhawk SAMS component - recommended to run on a server

 

Operating system

 

Microsoft® Windows Server 2003

 

    - 866 megahertz (MHz) or faster 32-bit (x86) processor

 

    - 256 megabyte (MB) RAM (32-bit)

 

    - 200 MB available hard disk space

 

Microsoft® Windows Server 2008

 

    - 1 gigahertz (GHz) or faster 32-bit (x86) processor

 

    - 1 gigabyte (GB) RAM (32-bit)

 

    - 200 MB available hard disk space

 

Ensure that .NET 2.0 or above is installed prior to installing SAMS on Windows Server 2003/2008

 

SEAhawk Management Console component - can run on the server with SAMS or workstation which can connect to SAMS

 

Ensure that the SAMS server is reachable. To determine if SAMS is reachable, Open this url on a browser “http://<sams_ip_address>/sams”

 

SEAhawk Client component

 

Operating system

 

Microsoft® Windows XP (Home, Professional)

 

    - 866 megahertz (MHz) or faster 32-bit (x86) processor

 

    - 128 megabyte (MB) RAM (32-bit)

 

    - 100 MB available hard disk space

 

 

 

Microsoft® Windows Vista (Home Premium, Business, Ultimate)

 

    - 1 gigahertz (GHz) or faster 32-bit (x86) processor

 

    - 1 gigabyte (GB) RAM (32-bit)

 

    - 100 MB available hard disk space

 

 

 

Microsoft® Windows 7 (Home Premium, Professional, Ultimate)

 

    - 1 gigahertz (GHz) or faster 32-bit (x86) processor

 

    - 1 gigabyte (GB) RAM (32-bit)

 

    - 100 MB available hard disk space

 

When installing on Windows Vista with an SED drive installed in the machine, the following MS Windows Knowledge Base (KB) hot fix will be required if an error stating “Older ATAPI driver version detected. Please install Hotfix KB950096 and try again.”: (These hot fixes can be downloaded from Microsoft site.)

 

For Windows Vista 32-bit use Windows6.0-KB950096-x86.msu

 

For Windows Vista 64-bit use Windows6.0-KB950096-x64.msu

 

Ensure no other encryption software is installed in the system

 

Ensure that anti-virus is temporarily disabled during installation

 

Ensure that the SAMS server is reachable. To determine if SAMS is reachable, Open this url on a browser “http://<sams_ip_address>/sams”

Proudly Canadian