• An Image Slideshow
  • An Image Slideshow
  • An Image Slideshow
  • An Image Slideshow
  • An Image Slideshow

user1

user2

user3

user4
FAQ - Product Questions
Which operating systems are supported?
Beyond-Encryption BeyondEncryption currently supports Windows NT, 2000 and XP, Windows NT Server, Windows 2000 Server, Windows 2003 Server. Dual Boot PCs, Linux and Apple MAC are NOT supported at this stage. Beyond-Encryption is also working closely with Microsoft to provide support for Windows Vista.

How Long does it take to setup the BeyondEncryption Enterprise Server?
The BeyondEncryption Enterprise Server can be setup in your organization within 60 minutes.

Can the BeyondEncryption Enterprise Server be run on VMWare?
Yes

Is it possible to install BeyondEncryption's clients remotely?
Remote client installation can be managed using your company's software rollout tool, such as Active Directory, SMS, HP Openview etc.  Alternatively, you can use a standard Windows login script to install the client, or it can be sent out as a very small email attachment. The BeyondEncryption client is provided as a MSI file.

Is it possible to do a silent install?
Yes, we provide details on how to setup and do a silent install.

Can I roll the client software out after office hours?
Yes, the client software does not need any user input during installation. It can be rolled out overnight.

How does the automated/silent install work?
The BeyondEncryption client is provided as a .msi installer.
An .msi file contains a database in which we store the IP address & department ID.  A free to use tool from Microsoft called ORCA allows user-defined properties to be added to an .msi file. It’s relatively easy for the Administrator to customize an MSI by simply opening the MSI in ORCA, adding the two BeyondEncryption properties (for IP Address & Department ID) and then saving the .msi.  The Administrator can then deploy for remote install via Active Directory.  During installation, the client installer will read these properties from the .msi and will generate a configuration file named RSSetup.ini. This file is present in the same install directory as the client exe's and contains the fields: IPAddress, DepartmentID & UserName.  The Username is optional and would be read as the machine name by default if not present in the .ini.  Thus, the client would detect the presence of this file, see if the properties are present and if so, update the registry and enter a silent install mode.

Does BeyondEncryption interface into Active Directory?
The client software can be pushed out and installed silently using AD.

What level of tamper proofing is in place to protect and conceal the client?
When the client software is installed on the system it is totally invisible. It does not appear in task manager and is invisible in the services list.  You will not be able to find it in the registry and will not appear in add/remove programs. The only way to remove the client software is by sending an Uninstall command from the BeyondEncryption server.

Has BeyondEncryption been tested with virus scanners and software firewalls?
The BeyondEncryption client has no problems with virus scanners, and can transparently communicate with the server using the default setting on most software firewalls, including Symantec, McAfee, and similar products.

What communication ports are used in communication between client and server?
All standard HTTP ports are used for client-server communication.

What does it mean that the BeyondEncryption server uses secure communications for sending and receiving commands with the client?
All commands sent from the BeyondEncryption server to the client are encrypted. This means that the communications cannot be deciphered by a hacker, preventing a hacker from replicating and sending an unauthorised or bogus BeyondEncryption command to a client. In addition to secure communications from the server to the client, each client has a unique encryption key which is not stored on the client.

Is there an issue if communications between a company's data device and the company's network take place via an encrypted tunnel, such as IPSec?
No.

To what extent can communications between the server and the laptop be replayed to thwart security?
Communications between the server and the client are safe from replay attacks.  Each communication session has its own unique key pair, generated using Diffie Helman.

Can a hacker write a virus to activate BeyondEncryption commands locally on a device?
No. The BeyondEncryption server talks to the client using encrypted communications. When a BeyondEncryption command (such as "encrypt" or "decrypt") is sent to a client, only that client can understand that message enabling that command to be executed. The command has to be sent from the parent BeyondEncryption server, otherwise it will not contain the correct encryption key required to activate the client.


At what stage does the initial authentication take place?
The initial authentication takes place at the Windows login.

Will BeyondEncryption affect any of my current applications?
No, the software is running underneath Microsoft operating system, so none of the normal applications will even know that the information is being encrypted/ decrypted in the background. You can even use other file encryption products on top of the Beyond-Encryption BeyondEncryption.

Will BeyondEncryption slow the machine down?
No.

What if the operating system crashes?
As long as you are a valid user to the PC, you will be able to boot from a Microsoft system disc as normal.

What encryption is used?
BeyondEncryption is using AES 256-bit encryption where each sector is encrypted with a unique key. This offers the same protection as many Government organisations are using today.

What happens when I want to decommission the PC?
This is another reason to use BeyondEncryption. When it is time to decommission the PC, you can simply reformat the disk and the information will never be available to recreate for anyone. A non encrypted disk can almost always be restored, even if it has been reformatted.

Does virus scans work when the information is encrypted?
Yes, as the anti virus software read the information from the disk, it will automatically be decrypted before being scanned and then encrypted again when written back to disk.

Can key data or decrypted files be recovered by various forensic means, such as entropy-observing methods?
Tests with forensic recovery software, such as Encase, have been unable to recover these files.

Does the Local Encryption component encrypt ZIP files?
Yes.

Can I drag & drop files from one folder to another?
Yes.

Is the recycle bin and page file encrypted?
Yes.

When a file is being read it is placed in cache, is this encrypted to stop another user viewing it?
The cached version of the file is also encrypted.

What if a computer's hard drive is removed from one computer and slaved as a second hard drive on a different computer?
BeyondEncryption's Real Time Encryption System is an additional security component that encrypts all non-system files (.docs, .xls, .pst, etc) on a computer's hard drive(s). These files will always be fully encrypted, and will only be decrypted as the user needs to use them. Pending a successful and authorised login to the computer, the user will have all the necessary rights to decrypt files on the fly. Once a file is closed, it will be encrypted again. If the hard drive is taken out and slaved, the data thief will be able to see the encrypted files but will not be able to open them.

BeyondEncryption 4th Line of Defence - Reactive Remote Security

What are Server Side Smart Options and how do they work?
Smart Options allow the administrator to target specific files and folders on a compromised computer which not only makes the software more efficient but ensures that compromised data is neutralized much faster.

Example: A user calls the helpdesk to report their device stolen. The only important data on the machine is stored in a folder called C:\SALES. By using Smart Options the administrator can target this specific folder on the computer. Instead of sending an encrypt command to the entire hard drive for example they can simply use Smart Options to select C:\SALES. When the command is sent it will go straight to this directory and execute.

What is the Remote Encrypt command and how does it work?
The administrator can send a remote encrypt command to the computer and based on what Smart Options have selected the organisation can encrypt anything from a single word document to an entire hard disk. Once the command is received the BeyondEncryption solution locally encrypts the files. Once encrypted these files cannot be opened.  Further, once the encryption process has started it cannot be stopped. After this command has been sent to a device the administrator can see real time updates on the encryption progress from the History screen on the User Interface. Data can be decrypted by sending a Decrypt command.

What is the Remote File Transfer command and how does it work?
The Administrator can easily recover data from a stolen or misplaced device by sending the File Transfer command.  Any or all data can be recovered from the device by combining Smart Options with this command.  When the File Transfer command is received on the client the BeyondEncryption software locally compresses and encrypts the required files and sends the packages back to the server.  When the files are received on the server they are decompressed, decrypted and stored in a user specific directory.  File transfer is completely invisible to the end user.  After this command has been sent to a device the administrator can see real time updates on the File Transfer progress from the History screen on the User Interface.

What is the Remote Silver Bullet command and how does it work?
If necessary the administrator has the option to send a Silver Bullet command to any or all data on the device.  When this command is received by the client device all files targeted are destroyed beyond recovery.  Once the process has started it cannot be stopped.  The BeyondEncryption Silver Bullet command exceeds the United States Department of Defence standards for file destruction – (DOD 5200.28).  After this command has been sent to a device the administrator can see real time updates on the Silver Bullet progress from the History screen on the User Interface.  Under current internal tests, files deleted using the BeyondEncryption Silver Bullet CANNOT be recovered using software recovery tools, such as Encase and R-Studio.

What is the Remote Lock command and how does it work?
Within seconds of receiving the Lock command the device is shut down. When the lock command is received on the client the BeyondEncryption software locally disables all user accounts on the machine, resets the password for the local administrator account and shuts the device down.  The BeyondEncryption software keeps the device in a ‘Lock down Loop’ until an Unlock command is received.  After this command has been sent to a device the administrator can see real time updates on the Silver Bullet progress from the History screen on the User Interface.  A device can be unlocked remotely by sending an Unlock command.
 

Privacy Policy | Terms & Conditions | Contact Us | Sitemap
Copyright (c) 2003-2010 beyondencryption.ie | All Rights Reserved. Intellectual Property Rights Policy.
Design by FWC