ld USB ash media be so terrifying if you
could harness its business advantage while
ensuring network integrity and data security?
Corporate IT needs are becoming increasingly
complex. Simply blocking access to I/O devices is
no longer a viable solution. Enabling portable
storage to be used freely can place your
corporate data and condential customer
records at serious risk.
THE CHALLENGE WE FACE
Our increasing use of plug-and-play media,
coupled with government and market-driven
compliance standards, such as those outlined in
HIPAA and Sarbanes-Oxley, and the publics
growing demand for personal privacy, present a
signicant challenge for responsible
corporations and network administrators.
At Reex Magnetics, Ltd. we recognize that while
organizations must use and exchange data in
daily operations, today both management and
the public demand that customer data be stored
and handled with utmost care and sensitivity.
Thats why Reex Disknet Pro enables IT staff to
enforce security policies, while allowing
employees to use technology in a controlled and
managed fashion to perform job functions.
Content and virus checking, along with
transparent data encryption and ltered
auditing, were further built into the solution to
ensure that only authorized devices are used in
business operations.
Granular I/O device
management
White and Black List
security support
Transparent data
encryption
Seamless content and
anti-virus integration
Configurable messaging
Filtered audit capability
Device Management
The Reex Disknet Pro Device Manager (DM)
controls access to both known and unknown
devices. Using kernel mode lter technology, both
Black List and White List security controls are
achieved. Device access is controlled on a
user/group/machine basis and is dependent on
device type and/or model and brand of device.
Irrespective of connection protocol, Disknet Pros
Device Manager can manage access to all ports
including USB, Firewire and Bluetooth.
Removable Media Data Management
Additional controls can be put in place to manage
data ow to removable media devices using the
Removable Media Manager (RMM). RMM ensures
that all removable media devices are authorized
before use is granted. A unique digital signature is
written to a device to mark it as authorized, and
contains unique information about the device
contents. The digital signature is automatically
updated during le modications/transfers within
the protected environment. If changes to the media
are made outside of the organization, the device will
require re-authorization before it can be used again
within the protected environment. The system can
perform a complete content and virus scan using a
third party antivirus scanner of your choice.
Transparent Removable
Media Encryption
The Encryption Policy Manager (EPM) provides
transparent encryption of removable media storage
devices including USB pen drives. Utilizing AES
128/256 bit encryption, EPM requires no user
training and enforces that all devices are encrypted
prior to any data being transferred. Encryption
policy is centrally managed on a user, group or
organizational unit basis. Ofine access or access on
trusted sites can be congured
(see Access Encrypted Media Ofine section). SECURITY TALES
D I S K N E T P R O
E N V I R O N M E N T
U N P R O T E C T E D
E N V I R O N M E N T
Program Security Guard
(PSG) prevents unwanted
software installation
Application Management
prevents any unwanted software
or file types from being introduced
into your protected environment
User logs
on
The Receptionists Tale
Receptionist attempts to
install and use instant
messaging so
ftware
Removable Media Manager
(RMM) detects dangerous
content and blocks the device
from being used
Media Content and Virus Checker
enforces that the device is
content checked and virus scanned
before it is digitally signed for use
The Marketing
Managers Tale
Marketing Manager inserts
approved digital camera
into a corporate laptop and
accidentally introduces a
virus and/or malicious code
onto the network
Encryption Policy
Manager (EPM)
secures the data on
the device in the event
that it is lost or stolen
Transparent Encryption
secures any new or existing data
copied to removable media.
Organizations can ensure that all
sensitive information is
transparently secured from
external breaches
User logs
on
The Executives Tale
Executive copies sensitive
files onto USB flash media
Device Manager (DM) prevents any
unauthorized wireless connectivity
Device Manager Settings
ability to build white or black lists
of authorized I/O devices
MP3 player
USB flash media
Built-in wireless cards
Bluetooth radio
Digital camera
Printers
Tries to connect corporate laptop to
wireless home network
The Account
Managers Tale
Account Manager attempts
to connect corporate laptop
through untrusted home
wi-fi connection
connection.
User logs
on
User logs
on
Tries to download software
application
Inserts digital camera containing
virus and/or malicious code
Copies files from corporate workstation
onto USB flash media to work on the
plane ready for tomorrows sales meeting,
but leaves the device on the plane
ISV
PARTNER DEVICE MANAGEMENT
G
Supports both Black List and White List security
G
Controls I/O devices/removable media on all
connection ports (USB, Firewire, IDE, etc)
G
Devices can be managed by type, brand, model
or individual device
G
Utilizes kernel mode technology that can even
secure against local admin attacks
G
Custom devices can be added easily by the
system administrator
G
Retrieves unique device information
G
Fully plug-and-play compliant
REMOVABLE MEDIA MANAGEMENT
G
Uniquely identies approved devices using a
digital signature
G
Where permitted, detect changes performed
externally from the home network and enforce a
device policy verication
G
Enforces a virus check of new devices by
automatically integrating with most 3rd party
AV systems
G
Enforces a congurable content check of new
devices (dependent on policy)
G
Dene an acceptable usage policy regarding
device
G
Allow only dened applications to write to
removable media
TRANSPARENT ENCRYPTION
G
Enforceable removable media encryption
utilizing AES 128/256 bit algorithm
G
Centrally managed with global key encryption
infrastructure
G
Enables secure ofine access of encrypted
devices without the need to install software or
local admin rights
G
Provides the ability to share encrypted data on a
user, group, organization or site level
G
Encrypted devices can be pre-congured and
assigned by the system administrator (allows
only approved devices)
G
External access can be prevented where
required ensuring encrypted devices are
accessible only on dened networks
Key Features
G
Secure challenge/response system enables
remote password recovery
G
Supports encrypted device revocation and key
recovery
AUDITING
G
Detailed auditing of attempted security
breaches
G
Complete audit of device usage (oppy disk,
CD/DVD, USB ash media, etc)
G
Client side ltering to ensure that only relevant
information is sent to the server
G
Fully congurable lters and audit analysis
reports
G
Stored in an MS SQL database
G
Congurable email alerts
DEPLOYMENT AND SCALABILITY
G
Supports MS Windows NT/2000/2003/XP
G
Integrates transparently with MS Windows NT
Domain, MS Windows 2000/2003 Active
Directory & Novell eDirectory
G
Highly scalable cross-platform architecture
G
Customizable user messaging
G
Online and ofine settings enable diverse
management of standalone and mobile workers
G
Silent client deployment (Fully MSI enabled
installer)
3RD PARTY CERTIFICATIONS
G
Common Criteria
G
FIPS encryption
G
CSIA Claims Test Mark
G
UK MOD (DIPCOG)
G
Novell YES certied
Generic Active Code Protection
The threat from malicious code and unwanted le
types (mp3, mpg, avi etc) can be controlled using
Program Security Guard (PSG). PSG prevents users
and untrusted sources/applications from
creating/modifying and deleting dened le types.
PSG ensures that only trusted staff, sources and
applications can modify the system conguration.
Users can be blocked from introducing unlicensed
software, virus-infected les, spyware and trojans.
This system is completely generic and does not rely
on outdated signature-based recognition.
Centralized Administration/Auditing
Reex Disknet Pro is centrally managed using a
familiar Microsoft Management Console (MMC)
interface. By transparently integrating with the MS
NT Domain, 2000/3 Active Directory and Novell
eDirectory user/group information, the
administrator is able to assign prole based policy
across an organization. The Reex Disknet Pro
Enterprise Server is highly scalable and runs on an
MS SQL back end database, enabling server
replication and congurable audit report
generation.
Remote/Mobile User Support
Remote and mobile workers can be managed in the
same way as network users. Reex Disknet Pro
supports VPN and RAS connections and can be
secured to run in a completely standalone mode.
The client software lters and securely stores
essential audit information until the server is next
available.
Access Encrypted Media Ofine
Removable media offers great versatility for the
transportation and on demand access of data
anywhere. Unlike other systems available, EPM
Explorer enables authorized users to access
encrypted media on any system, without the need
to install any software and without the need for
increased security permissions. SYSTEM REQUIREMENTS
MS Windows NT 4 (SP6)
MS Windows 2000 (SP3+)
MS Windows 2003
MS Windows XP (SP1+)
MS Internet Explorer (5.5+)
Integrates with Windows Standalone
Clients, NT Domain, ActiveDirectory
and eDirectory (requires Novell Client
v4.91+) without extending t