Two-factor authentication by OTP for TSPlus remote desktop access

We have tried out Terminal Services Plus (TSPlus) solution for Remote Desktop access for Windows 7/8/10 with Rohos Logon Key installed. Both TSPlus web based access and MS Remote Desktop Connection application uses target Windows authentication system. This is the point where Rohos Logon Key applies 2-factor authentication control. The following screenshot demonstates 2FA requirement upon successfullt password based remote access with  TSPlus web :

Learn more about Rohos Logon Key benefits with TSPlus remote desktop solution.

Read more

Registering multiple 2FA users with Google Authenticator configuration delivered by Email

Rohos Management Tools provides a secure way to setup multiple users or authentication devices. Now it is easy to setup a list users with Google Authenticator 2FA. It is also possible to automatically send an email message to each user that includes Google Authentication setup instructions. The most secure way is to use corporate email.

New ways to register multiple user or 2FA tokens: by using CSV file or PowerShell script.

 

Read more

How to setup 2-factor authentication with One-Time-Passwords delivered by Email

Rohos Logon Key allows to protect Windows Terminal Server by using 2-factor authentication with One-Time-Passwords. Using Google authenticator as OTP generator requires to deliver and store OTP secret key on the mobile device of end-user in mobile email, SMS or Google Authenticator application.

In order to improve security you can setup your Windows Server to generate and deliver One-Time-Password to the end-user by using SMS messages or Email which is also reliable and free. With this feature there is no need to send OTP secret key and setup Google Authenticator on mobile device of end user.
Read more

Data leaks prevention system StaffCounter DLP is available now

We are glad to present you a new product designed to prevent the leakage of information: StaffCounter DLP. This cloud-based solution allows you to protect your business from insiders and possible leakage of commercial information to competitors.

StaffCounter DLP includes: Read more

Setting up shared access to an encrypted disk

Rohos Disk Encryption allows you to set up shared access to an encrypted disk for various purposes:

  1.  Common access to all users of a single computer.
    This is default behavior of Rohos Disk letter access mode. All users on a computer or terminal server is able to access and work with encrypted drive letter. Users do not need to know the disk password, and they do not need to run the Rohos Disk program. Nobody knows where  the disk file container and cannot delete it. The password for accessing the disk is entered by the Administrator or the owner of the Rohos disk.
  2. Access rules on a Windows Terminal Server.
    In this case only selected users knows the password for the disk. Each user enters the password for accessing the disk independently whenever necessary. Secured Disk is accessed by using plain password or a hardware based key.
  3. Shared access through a shared network folder.
    The Rohos disk drive letter will be open for common access on the local network from the computer which acts as the file server. Entering the password to enable the Rohos disk is done by the Administrator or owner of the Rohos disk once per day. He or she will also grant users privileges for network access and is also responsible for making backups and shutting down access to the disk.

 

Common access for all users of a single computer.

In the Rohos Disk options you must enable Enable shared disk drive (local and network) – this option is ON by default .

In this case, when one user connects a Rohos disk, the drive letter of this disk will be immediately visible to all users when they open Explorer.

When the read-only option is set, users (including the owner) cannot change the contents of the Rohos disk.

You can set up different rights for reading and writing to the folder  within the disk itself. You give some users full control, while other users will have read-only access, and a third group will not be authorized to view the contents of the secret Rohos disk at all.

Advantages of this method:

  1. Only one user, the owner of the disk, has the password.
  2. Ability to limit access to certain users.
  3. The disk can be located in a place where only its owner has access to it, which limits the possibility that it can be copied or deleted by others.
  4. Users do not need to know the password for the secret disk, and the drive letter will be immediately visible in Explorer.
  5. This setup is also suitable for users on a Terminal server. Work folders with especially important and confidential files and programs can be converted to a Rohos disk using the “Encrypt folder” function. This will make the disk protection transparent to users of the remote desktop.

Features of this method:

When opening Rohos Disk for other users, the drive letter will be visible among the computer’s additional disks. If it is suddenly turned off, it will become inaccessible for all users. To avoid this, you can deny users the right to launch Rohos Disk on the server by protecting it with a password.

In addition, you must untick the option Show Rohos Icon near the clock so that users cannot manage the disk by clicking on the icon near the clock.

Access rules on a Windows Terminal Server.

 

To set up this form of common access:
1. You must turn off the option Enable shared Disk drive. In this case the secret disk letter will be accessible only to a session or user account where the password for this encrypted disk has been entered.

2. The file container should be placed in a common-access folder and different access rights should be granted for different users in order to prevent unauthorized copying or deletion of this file. Some users will be able to open the folder for reading and writing, while other users will have read-only access. Other users still will not be able to view it at all.

3. It is necessary to create a shortcut for accessing this disk and copy it onto the desktop of the selected users. To do this, in the main window go to Rohos Disk Encryption > Disk > Tools > Create disk shortcut. Then a file with the given shortcut will be visible on the desktop.

4. You can give the password for the Rohos disk to all users or hand out access keys such SafeNet ikey,  eToken or  any other PKCS#11-compatible.

Advantages of this method:

  1. Only selected group of users will be able to access Encrypted Disk letter.
  2. The secret drive letter will be protected from other terminal sessions.
  3. By using hardware USB token you protect disk password from being revealed on a thin client side.
  4. Open source and strong AES-256 bit encryption by using open and NIST approved data security standards.

 

Shared access through a shared network folder

The entire Rohos encrypted disk or some folders on it can be opened up for common access over the network. Select the disk in My Computer and enter its properties through the context menu.

Assigning access to this disk for different categories of network users can be done here with the Permissions command.

Connect the Rohos disk network folder to the workstations on the network:

Advantages of this way of assigning access:

  • The encrypted disk can be located on both on a computer or a connected USB storage device.
  • You set it up so that when a USB storage device is disconnected, the encrypted disk will be automatically disabled, the network folder will disappear, and it will no longer be possible to access it.
  • You can set up a hardware security module (HSM) for accessing the secret disk, e.g. USB tokens like ruToken, iKey, or eToken. You can entrust such a token for the disk to the employee responsible for activating the disk. When the token is disconnected from the PC, the disk will automatically turn off.
  • Activating a secret disk can only be done by means of a password or automatically by connecting a USB token.
  • Network users do not necessarily have to know the password for the disk to begin working with all, but all data will be reliably secured on the file server.

While one network user is working with one file or directory, another user can work with another file or directory. It will appear as a simple common-access resource. However, as soon as you leave the system, access to it will automatically end.

Using Google Authenticator OTP for Windows login

The access to your computer or user account is usually password-protected. But sometimes it is not enough, especially, when your data requires high level of confidentiality. You don’t want to provide attackers with the chance to get hold of your most secret stuff – your data, don’t you? We has included Google Authenticator and Yubikey HOTP support into Rohos Logon Key. Now Windows login is performed in High-Safety mode by using Time based One Time Password and HOTP codes.

Read more

How to securely disconnect encrypted disk after defined timeout

Rohos Disk program creates hidden and password protected encrypted partitions on your PC or USB flash drive. You can lock access to you applications, to hide folders. It is strong on-fly disk encryption tool.
Today we would like to announce Rohos Disk new feature – automatically lock Rohos disk after defined timeout. You can enable this security option to protect your sensitive data on Rohos Disk. Enforce password security after grace period. If you often use Sleep or Hibernate mode to save power of your computer or laptop this feature is very useful. After awaking up from Sleep or Hibernate Rohos Disk will ask you to enter the password or to plug in the USB key with password. Auto lock/unlock solution for unattended computers. Sometimes you cannot manage to keep an eye on everything that’s why we add Timeout option.
Assists compliance with federal regulations such as HIPAA, Sarbanes-Oxley, Gramm-Leach-Bliley, and FISMA.

How it works in other encryption software

There are many disk encryption tools (TrueCrypt, OTFE) over the web with the ‘disconnect by the timeout‘ feature. It may work in a few plain and simple ways:

  • if there is no disk activity for a long time – it will be disconnected forcedly.
  • if there is no user activity for a long time – it will disconnect the disk forcedly.

But this may lead to data loss because the disk will be disconnected forcedly.

How it works in Rohos Disk Encryption

Rohos Disk uses the same principle but in a more elegant way.

  • Once you paused your PC or closed the lid of the laptop – your virtual encrypted disk is got “locked”.
  • The passphrase window will appear after you resume your PC or open the laptop. You’ll be able to enter password or to insert your secure token within 25 seconds. If the password wasn’t entered the disk is dismounting automatically.

  • Your encrypted information, Internet applications and hidden folders will remain out of reach for other people. Private data became inaccessible.

How to enable this feature:

 

Open Rohos Disk> Options > check on “Re-authenticate rohos disk after Windows resume”

Your security advantages with this feature:

  • Just close your laptop – to lock your Encrypted Disk
  • When you use Sleep feature in Windows – you are locking your private disk automatically.
  • The opened Applications and Documents from the disk remains open but in order to continue to work with it – you need to enter disk password again.

Download Rohos Disk Encryption (Shareware-30 days)

How to access your encrypted partition on a guest PC in Windows 7

Rohos Disk Encryption and Rohos Mini Drive software presents tools that encrypt and hide your private, confidential data on the USB flash drive or HDD. Both programs include Rohos Disk Browser utility that gives possibility to access your encrypted disk even as a guest or user with no Administrative Rights. You can open and look through encrypted disk, add new information, even if you do not have administrative rights. It is also possible to view content of the encrypted disk on computer where Rohos Disk was never been installed.

On a guest computer where you have no administrative rights Rohos Mini Drive Portable will be automatically launched and you will be able to work with your encrypted partition, which is seen as Windows Explorer.

Read more