|
Encryption is the
transformation of data into an unreadable form. Its purpose
is to ensure privacy by keeping the information hidden from
anyone for whom it is not intended, even those who can see
the encrypted data.
 Back
to Top
When
OfficeLock software is installed on a computer, the user runs
a one-time user setup tool and is prompted
for an initial password. A hash of the password is made using a
cryptographic algorithm and is used, along with other
information, to protect user-specific keys and tamper-detection
information. When the user later logs in he/she
enters the password; the hash is generated, tamper detection
information is cross-checked, and if correct the protected
user-specific information is retrieved.
Back
to Top
OfficeLock components protect
your data from theft, hacking, inadvertent disclosure inside and
outside the secure perimeter, across communications and at rest
anywhere the data travels. They automatically encrypt the documents
and messages you create so that they are unreadable to anyone but you or
the people with whom you decide to share them.
Back
to Top
The OfficeLock client seamlessly integrates with other
Windows applications. Once installed, it automatically encrypts
files when they are closed and decrypts them again when they
are opened. When a protected application is running, it is
impossible to tell where that application ends and OfficeLock
protection
begins. OfficeLock software lets you work the way you always do - there
is nothing new to learn or to remember.
Back
to Top
Yes. Firewalls are only designed
to provide protection against outside intrusion via the Internet.
They do not provide protection from the full range of data
security risks. For example:
-
Laptop computers are physically mobile
and regularly travel outside the protection of the network
firewall. Because laptops are easily stolen, their data therefore
remains entirely at risk.
-
Firewalls do not protect data which
travels outside the network. Files attached to email messages
are easily intercepted while in transit between sender
and recipient.
-
When a user leaves his desktop computer his
data is at risk from co-workers, temporary employees, janitorial
staff, visitors to the office, etc. This is because firewalls
leave data vulnerable to be stolen by anyone on the
friendly side of the firewall, i.e. anyone who has physical
access to the keyboard.
Back
to Top
Yes! To protect the
data on laptops, users often rely upon either a device
password and/or the operating system's password; without
typing one or both in, the laptop will not run. What most people
do not know is that this kind of "protection" represents no more
than a momentary obstacle; it is similar to the flimsy locks
found on suitcases.
A device password
is usually stored on a chip known as the BIOS. The protection
is therefore only in force on that particular PC. To access
the data, the thief simply removes the hard disk drive and installs
it into another PC. In the case of the operating system
password various password crackers or replacement tools are
available..
Back
to Top
Yes. Once OfficeLock software encrypts your files they'll
remain protected even if it is not running, even if the OfficeLock
client were uninstalled.
Back
to Top
Your
log on password is one way that OfficeLock authenticates the
authorized user in order to allow decryption. In other words,
the log on password confirms that you are you. (Other compatible
methods include biometric identification such as fingerprint,
voice, or retinal recognition.) OfficeLock prompts you for
your log on password when Windows starts. From that point onward,
OfficeLock automatically decrypts files as you open them and
encrypts them again when you close them.
Back
to Top
No.
After a period of inactivity (no keyboard entry or mouse movement)
OfficeLock will automatically log you off. Once logged off,
your encrypted data is again inaccessible. You can set the automatic
log off time-out to be as short as one minute or as long as
sixty minutes.
Back
to Top
Yes.
Because OfficeLock integrates seamlessly with Microsoft Office,
it only encrypts your data but leaves the "Summary" information
intact. So while your data remains encrypted, the documents
are still searchable by the Office "Find" feature and
other document management systems.
Back
to Top
OfficeLock can do
what other automatic encryption programs cannot: simultaneously
protect the data created by multiple users in shared locations.
Users can share network drives and folders or even share a
single PC. Every file created by each user is unreadable to
all other users - unless a user specifically chooses to share
it.
Back
to Top
Yes. OfficeLock allows the creation of protected
groups, with each group containing any number of authorized
members. Once you join a group, no further steps need be taken.
OfficeLock automatically encrypts and decrypts group files for
group members. And only group members can access files encrypted
for the group. Members can always choose which files they want
or don't want to share with the rest of the group. The OfficeLock
group feature allows you to share encrypted files both over
a network as well as via e-mail. You can therefore invite people
from outside the network, such as vendors or consultants, to
join specific groups.
Back
to Top
Yes. OfficeLock automatically
encrypts e-mail file attachments in Microsoft Outlook, Outlook
Express and Qualcomm Eudora.
Back
to Top
No. OfficeLock seamlessly
integrates with your email program to provide security intelligently.
Whenever you attach a file to an email message, OfficeLock
displays a dialog that asks you how you'd like the file processed
before it is transmitted. Choices include: (1) Encrypt with
Unique Password, (2) Encrypt for Group, (3) Standard Encryption
(for sending to your second PC), and (4) Send Unencrypted.
Back
to Top
Yes. You can send
protected documents to associates who have not purchased OfficeLock.
Just encrypt files as you would normally so they will be transmitted
securely. Your associates who do not have the full OfficeLock
software client can download
the no-charge collaboration and reader utility
(analogous Adobe's Acrobat Reader, but supporting full
collaboration). The no-charge version will
automatically decrypt protected files upon opening, just
like the full version. The difference between the light version
and the full version is that the light version can not
originate encrypted files or email messages.
Back
to Top
Yes. OfficeLock uses the 448 bit key Blowfish
encryption algorithm. Blowfish is a symmetric block cipher that
was designed in 1993 by the renowned cryptographer Bruce Schneier.
Since then it has been analyzed considerably, and has gained
acceptance as a strong encryption algorithm. At its maximum
key length, Blowfish is so strong that the United States
Federal government restricts its export. Blowfish is also
fast, encrypting up to 8.3 megabytes per second on a Pentium
150. For more information about the Blowfish encryption
algorithm visit: www.Counterpane.com.
Back
to Top
Most publishers of security software do not
make the source code, and therefore the soundness, of their
encryption engines readily available for public review and critique.
In contrast, OfficeLock uses "open source" encryption
from OpenSSL.org. The open source code of the OpenSSL encryption
engine is freely available for cryptographic peer review and
has withstood years of rigorous scrutiny by international experts.
For more information visit: www.OpenSSL.org.
Back
to Top
Competing
encryption software solutions which claim to be automatic actually
require users to save files in specific drive or folder locations
which have been designated as "protected." The
problem with this approach is that users usually don't know
(or care) where their files are located. If questioned where
they've saved their documents, most would answer "in Word," or "in
Excel." It is unrealistic to demand that users understand
the file system. To do so requires a level of user involvement
and technical expertise that exposes data to the risk of
user error.
Conversely, OfficeLock protection follows
files regardless of their location. Instead of just protecting
specific file locations, OfficeLock protects everything
that a protected application creates, wherever it creates it
and wherever the user chooses to send it. OfficeLock requires
no alteration of your work habits, thus removing the possibility
for user error causing a breach in security.
Back
to Top
During installation,
OfficeLock creates an escrowed key. This key enables recovery
of encrypted data in the event a user forgets a log-on password
(or in the event of employee termination). Using the escrowed
key, the system administrator can generate a new log-on password,
as well as gain access to any encrypted data.
Back
to Top
OfficeLock includes
an automatic recovery feature that ensures the integrity
of your data. Even if your PC were to lose electrical power
and reboot in the middle of encrypting or decrypting your data
would not be corrupted.
Back
to Top
OfficeLock is fully backwards and forwards
compatible, working with Windows 98, NT 4.0, 2000 and XP
Professional, as well as Office 2000, XP and 2003. Popular email
programs are also protected, including Microsoft Outlook, Microsoft
Outlook Express, and Qualcomm Eudora. Additionally, OfficeLock
provides automatic data security for Adobe Acrobat, the world's
most popular file distribution format (and the leading choice
of government agencies). Other protected applications include
Microsoft's WordPad, Notepad and Paint. OfficeLock's architecture
is extensible so it can be easily modified to protect additional
applications. The ability to reliably operate under varied conditions
is critically important to meeting the needs of enterprise customers
who most often manage large and diverse environments. OfficeLock's
program architecture is extensible so it can be easily
updated to protect additional applications. The OfficeLock process
of seamlessly integrating with other applications comprises
an original and proprietary technology for which a patent
has been filed with the United States Patent and Trademark
Office.
Back
to Top
When
a file is "deleted", it is not really gone from
your system. Hackers can still easily recover the original
data. OfficeLock, however, shreds a deleted file by thoroughly
wiping its binary data from the hard disk at the sector level,
so it cannot be recovered. OfficeLock exceeds the U.S. Department
of Defense mandated standards for secure file removal necessary
to prevent unauthorized disclosure of sensitive information.
Most
Windows programs create temporary files which contain exact
copies of your data. These temporary files are supposed
to be deleted by the programs which create them. Hackers can
easily recover this data, as they can with any deleted
file. Because OfficeLock integrates seamlessly with the applications
it protects, it automatically shreds temporary files so
they can't be recovered.
Back
to Top
The OfficeLock Enterprise Edition includes
all the features described above while also meeting the centralized
administration needs of corporate and government enterprises
who typically manage installations of 1000+ users. The Enterprise
feature set enables administrators to remotely control all
aspects of the OfficeLock user experience. Administrators need
never personally visit employees' PCs to install or support OfficeLock.
OfficeLock Enterprise's features are designed to provide "top-down" management
capability so that OfficeLock protection can be extended to
completely control the storage, retrieval and transmission
of business data.
Back
to Top
Yes. OfficeLock protection
follows files regardless of their location: on laptop and desktop
PCs, on networks and on the Internet.
Back
to Top
Yes. Attacks against
applications such as Microsoft Word, Excel, and other programs
create havoc with many Rights Management products. Standard
OfficeLock protection encompasses the complete system and file
life cycle. With regard to the system, OfficeLock’s primary
Application Protection Tool (APT) guards against attacks from
Trojans, keystroke loggers and other malware. APT also protects
against malware by protecting OfficeLock system resources and the
applications and files that are protected by OfficeLock. Interfuse
also provides an optional APT-Pro upgrade that “hardens” user PC
systems from other attacks.
Back
to Top
OfficeLock-protected PDF
files are encrypted until actually opened under OfficeLock’s
run-time protection, thus PDF converters will not be able to
perform their conversion. During run-time, OfficeLock’s APT will
terminate any process or event that tampers with or attacks a PDF
file.
Back
to Top
OfficeLock secures Microsoft
Suite application files and Adobe PDF files. When malware attacks
application files, it expects to see a specific known file
structure. Malware attacks against OfficeLock-protected files are
unsuccessful if the application file is encrypted and has an
unknown file structure.
Back
to Top
Both virus software and
OfficeLock’s APT-Pro software are recommended to properly protect
PC systems from what some major companies report to be malware
attack rates that exceed 3 GB of data per hour! These attack
mechanisms are usually not stopped by standard anti-virus
software, which typically uses pattern recognition to match
incoming messages against a list of known threat patterns.
Unfortunately, by the time pattern matching takes place, the
system has already been breached. Also, the pattern-match approach
is inherently reactive and demands timely and very frequent
updates to keep up with accelerating emergence of new and damaging
threats. APT uses behavior and pattern recognition technology.
This technology acts as a system monitor, identifies potentially
suspicious activities and threats, neutralizes the problems, and
logs information before the problems can compromise information
security and privacy.
Back
to Top
Common anti-virus software is
reactive, in that it responds to malicious events late in the
attack cycle. OfficeLock APT is proactive, detecting types of
known malware by recognizing their behavioral traits and usage
anomalies and then stopping or killing them before information
and/or system integrity is compromised. OfficeLock effectively
protects resources against most types of malware, including
Destructive Trojans, Remote Administrative Trojans, Key Logger
Trojans & Spyware, Multipartite Trojans/Worms, and Polymorphic
malware.
Back
to To
OfficeLock APT-Pro is based
on a "Layered Security Model". Low-cost tools such as SpySweeper
are point solutions that provide one aspect to the total defense
of an enterprise. SpySweeper, Ad-Aware, etc are basically disk and
file scrubbers that follow the anti-viral model of checking file
contents for Spyware or Trojan "signatures". As such, they provide
minimal real-time protection against threats such as those
initiated by malicious interactive users (intent on information
theft). Furthermore they have NO capabilities to judge real-time
anomalous program or user behaviors and thus react only to threats
already identified and characterized as of the last signature
update. APT operates more in line with tools such as the Cisco
Security Agent, but with an emphasis on protecting the individual
host (i.e. PC) within the enterprise-computing framework – thus
complementing the network and perimeter-based defense layers.
Back
to To
Unlike common application
programs (such as Word, etc.), web browsers are often, by design,
built to accommodate extending functionality via plug-ins, etc.
This strength of extensibility, combined with the increasing use
of the browser as the basis for information/application access,
has unfortunately made them a rich target for virus and malware
developers. Fortunately, OfficeLock APT-Pro protects against
malware regardless of the path or how the malware gained access to
the system – and therefore protects system integrity.
Back
to To
|
