Home    SecuLution Dokumentation back next
Welcome
SecuLution technique and terminology
Quick start
Test setup in 30 minutes
Best practice in everyday use
Full setup and deployment in 5 hours
Installation of components
Install Appliance
AdminWizard installation
Agent installation
Syslog server installation
Initial configuration tasks
Configure basic settings
Agent configuration
Configure automated tasks
Manage whitelist
Initial whitelist generation
Import trustworthy software
Learn mode
Check deployment and learning progress
Audit
Add entries to whitelist
Drag'n'drop
Individual lernmode
Import from directory
PermanentLernUser
Log alarms
Cleanup whitelist
Manually delete unused entries
Delete entries using a pattern
Clean up classifications
Managed Whitelist
Managed Whitelist
Actions
Actions
Referring rules to objects
Offline mode
Offline mode
Devices
USB device management
USB device encryption
RCM
Agent deployment (RemoteClientManagement)
ArpWatch
ArpWatch
Logs
Logs
FAQ
setup.ini

USB device encryption

SecuLution can encrypt USB mass storage devices without interaction with the user (e.g. entering a password).


Using encrypted devices on computers inside your network

To turn encryption on, select the mass storage device and set the action to "Allow, encryption on":



Specify a password and a "valid for" range of objects.


In the example above, encryption is configured for the hash that represents the USB mass storage device called "storage media". Because "valid for" is set to "0.0.0.0/0", the device will be available as an encrypted mass storage media device on any computer in your network where the Agent is running.

As long as the device is connected to a computer in your network where the Agent is running and the "valid for" object applies to this particular computer or user, encryption when writing and decryption when reading files from the device will be completely unnoticed by the user. Users can use the mass storage device the same way they would if the device weren't encrypted.

Only files are encrypted, not the entire file system.
Files are only encrypted when a file is newly created or modified (written). Unencrypted files that already exist on the USB mass storage device or that are written to the USB mass storage device by a computer without an installed SecuLution Agent are not encrypted.


Using encrypted devices on computers outside your network

You can decrypt files on an encrypted mass storage media device on a computer that's not in your network (and not secured with the Agent) by starting a program called "SecuLution Stick Encryption" that's available on each encrypted USB mass storage device:


Note that users only need to know the encryption password of the USB mass storage device if they need to access encrypted data on a computer that's not secured with the Agent.