Maintaining the security of an organization's laptops and desktops is never an easy task, with many a sleepless night worrying if all devices that come into contact with the enterprise are secured against theft and compromised data. Managing all this can be an overwhelming task.
GlobalAdmin is a management application that is used in conjunction with GTGI's other products, CryptCard and CompuSec. Our review kit came ready prepared on a Dell Optiplex GX400 PC running Windows 2000. We just had to plug in the relevant devices for reading smartcards.
We had to take care to put one of the card readers into the ElKey PCI card, as it uses an RJ-45 connector and could mean a harassed administrator spending ages figuring out why the thing doesn't work when the reader may be connected to a standard Ethernet port (this happened to us).
Once properly connected, the PCI card kicks in and presents a login screen. We put our license card in the reader and entered in our password. So far so good. After that, a normal Windows boot-up takes place.
The main console is wide-ranging, but poorly laid-out, and could do with a redesign, because there was nothing to suggest where a user should start. Here, administrators can use this system to program, test and manage the CryptCards as well as create user accounts.
Other functions include the ability to generate reports, reset passwords and keep records of the CryptCards by their serial numbers. The cards can be reset and reused, which is both convenient and economical.
Users have to be set up before a CryptCard can be configured and used. A database is created within the application that stores information about each card. Once we figured out what we had to do, it was simply a matter of setting up the user, then programming the CryptCard. Setting up a new database requires a random key to be generated and then confirmation of this for validation. This was a time-consuming process and the program asked us to write the key down for safe keeping, which we did not think was a very secure thing to do.
Blocking obvious passwords
Next up was choosing a password option. The application allows administrators to block obvious passwords from being chosen, which we thought was very useful and should be standard in most security applications. The software picked up on obvious passwords; it told us to choose something less guessable to hackers.
There is also an "erase" password that lets users erase the CryptCard and discard keys. This prevents users from accessing the notebook until the card is reset and reprogrammed.
Programming the CryptCard was a reasonable exercise, but not as fast as we'd hoped it would be. The card is programmed via a tab on the user screen. The serial number has to be entered before the card is programmed. We like the option to allow either pin users down to using one notebook in "single user" mode or let them access other user's notebooks in "Group Member" mode.
Hard disk encryption options include a 56-bit Data Encryption Standard (DES); 112-bit DES going up to 256-bit Advanced Encryption Standard (AES) and triple DES Cipher Block Chaining (CBC) encryption. We welcome the inclusion of AES in this release.
Profiles helped in reducing the amount of administration needed to assign rights to each individual CryptCard. Each profile contains a set of encryption options, user rights, key groups and user groups. Each card is assigned a profile and user and group rights and so forth are automatically added to it.
The next test was installing the card in the notebook. This turned out to be relatively easy, and the level of security offered by the product impressed us. Encrypting the hard drive does take a while, but full encryption is worth the wait and peace of mind it brings.
We also liked the protection against boot sector viruses. As the CryptCard creates its own master boot record, redundant backups are automatically saved elsewhere on the hard disk. If the PC becomes infected with a boot sector virus and CryptCard is installed, the CryptCard boot sector restoration utility can fix things.
GlobalAdmin also offer to program Elkey smartcards, CompuSec e-identity tokens and IPCrypt clients. We liked the variety of security options on offer, as well as the level of encryption offered. But again, the user interface did not make the process an easy one, and it took time to work out what needed to be done.
On the whole, the application goes a long way to secure both laptops and desktop in the enterprise. The level of security offered was well thought out and could help in preventing data getting into the wrong hands. However, we felt that this was at the expense of the interface and documentation, which could have done with polishing up. It really let down what should be an otherwise excellent product.