2. Access protection
● It's all about local accounts
● - necessary for standalone boxes
● - useful for support
●
● Usually same Administrator password on
all or many workstations/notebooks
● - side effect of imaging
● - support people like to use „easy to
remember“ passwords
3. Access protection
● Don't doubt about known facts:
● - when you know a password to one particular
workstation, you have access to all of them
● - administrator's password will always leak
● - administrator may simply leave you
●
● Conclusion: Each workstation has to have
own unique and secure password which is
not known to anybody
●
4. SecureWinBox solution
● Workstation agent
● - changes the password(s) every single day
● - handles single user account or all members of
configured user group (administrators)
● - needs no connection to the server
● - agent configuration is one-way encrypted
● - checks the password regularly, so any
unauthorised changes are reverted back to
SecureWinBox's password of the day
5. SecureWinBox security
● Password recipe:
●
● SEED makes your SecureWinBox instance unique
● WORKSTATION NAME makes it's password unique
● CURRENT DATE makes today password unique
●
● In case of group management, add:
● USER NAME name makes user password unique
●
6. SecureWinBox security
● There is no connection in between the server
and the workstation
● There is no passwords database on the server
side
● If the workstation password is requested,
server simply calculates it
● This is really secure until somebody has a
chance to remove the harddrive from the
workstation
7. SecureWinBox security
● Tickets – useful for automated scripts and
access of people without company account
● All activities are recorded
● Most important security information, the seed, is
encrypted by so called „configuration password“
● You can't copy or even start the SecureWinBox
system without this password
●
● LIVE DEMO
8. SecureWinBox enterprise - SafeBox
● Group and private SafeBoxes
● Each safebox can contain many records (accounts)
● Protected by:
● - LDAP authentication
● - PERSONAL ACCESS CODE
● Uses:
● AES for SafeBox encryption
● RSA for AES key protection
●
9. SecureWinBox enterprise - SafeBox
● Browse and search (fast!)
● Tags
● Notes
● Address/port
● User Name
● Password
● Authors
● History