Device Hardening - SYNERSOFT

Device Hardening

Can we block the deletion of a file for the user?

Yes, file permission in BLACKbox can be configured to block deletion for the user. However, it is not a recommended configuration setting due to a practical problem.

Most of the desktop applications create .tmp files when the files are opened. When the files are closed, these .tmp files are deleted. However, when the folder permission is set up to disallow deletion of the file, such .tmp files pile up and multiply as users work on the files in the folder.

Hence, as a better option, BLACKbox is equipped with “Active Recycle Bin” technology to recover deleted files and identify the user who has deleted them.

Does BLACKbox work with GitHub?

Yes. Any folder on the specific system or file server can be mapped for syncing with GitHub. BLACKbox can then be utilized to force the user to work on that specific folder mapped with GitHub. This will not allow the user to scatter the data beyond the folder mapped with GitHub, and all the data will be synced with GitHub.

Does BLACKbox work with VMware or Hyper-V?

Yes. The software agent of BLACKbox can be installed on windows based virtual computers (windows 10 is recommended) configured using VMWARE or HYPER-V.

User profiles on these virtual computers will be hardened by a software agent, and data can be forcefully centralized on BLACKbox hardware.

How can a new software be installed on a user's Windows computer under the BLACKbox environment?

There are two ways to install a new software on a user’s Windows computer under the BLACKbox environment.

  1. Admin rights can be given to the specific user for the purpose of installing the application and can be withdrawn when the installation is done.
  2. Log in to the user’s system with the administrator user credentials and install the application.
Can screen capturing be blocked on a user's Windows computer under the BLACKbox environment?

No. Print screen or screen capturing  cannot be blocked on a user’s Windows computer under the BLACKbox environment. But, this can be done on an ios/android device installed with M-Duo.

Can user-wise groups be created in BLACKbox?

No, user-wise groups cannot be created in BLACKbox. But, a specific user’s policy can be copied while creating a new user. This serves the purpose of user-wise group policy.

Can PST data be partly diverted to BLACKbox by the admin?

No. PST data must not be used live from the network on BLACKbox. It should reside in the user’s local system to ensure good performance.

How will digital signatures work with BLACKbox installed in the system?

“USB Read” can be allowed for users who need digital signatures. At the same time, “USB Write” can be blocked to ensure that data is not leaked via USB.

Does BLACKbox check file contents so that restriction through extension cannot be bypassed by file renaming?

No, BLACKbox does not check file contents. Users will be able to rename any file from any extension to any extension since this is a basic windows operation and cannot be restricted.

Can BLACKbox block access to certain FTP servers?

Yes. This can be done by blocking access to ports used for FTP and SFTP.

Which OS is required for installation of BLACKbox?

The minimum OS requirement on laptops & desktops for installation of BLACKbox is Windows 10. The minimum OS required for installation of the BLACKbox AAA server is Windows 10 Professional.

Will the offline secured folder on a laptop installed with BLACKbox be accessible without internet?

Yes. The offline secured folder resides on the local hard disk of the user’s laptop. Hence, it is accessible even without the internet.

Can BLACKbox force password change for the user periodically?

Password change can be forced periodically through configuration in the user’s windows system. But, this is not a feature of BLACKbox.

How can folder/drive access be restricted only to a specific number of users?

Access to which folders should be given to a particular user can be defined via the BLACKbox console. Only those users for which access to that particular folder has been granted will be able to access it.

What are the rules and policies for saving a file on BLACKbox?

There are no particular rules and policies for saving files on BLACKbox. If the user is granted access to a particular folder and has “write” permission for that particular folder, then a file can be saved in that folder like on any other standard system.

How can BLACKbox prevent data theft via USB?

BLACKbox can prevent data theft via USB through three use cases:

  1. Block both USB “read” and USB “write”. This would allow only keyboard and mouse types of non-mass storage devices.
  2. Allow USB “read” and block USB “write”. This would allow the user to inward data but not copy any data through USB.
  3. Allow both USB “read” and USB “write”. This would allow the user to inward and outward data, but a report would be sent to the designated authority. (Email ID specified during configuration).
Can users log in with their credentials on any workstation?

Yes. One user can log in via multiple computers. However, the computers from which the user should be allowed to log in must be defined on the BLACKbox console.

Also, if the user uses Outlook or any other email client, his mails shall be accessible only from the computer on which his email client is configured.

Can folder-wise permissions be set on BLACKbox?

Yes. Folder-wise read/write permissions can be set for every user through the power user “access.controller”.

Can the users be restricted to use applications, drives and emails only from the corporate system where BLACKbox?

Yes. The computer system(s) that will be accessible to a particular user can be defined in the BLACKbox console.

All the applications installed on the user’s computer will be visible in the BLACKbox console as soon as the agent is installed on the user’s system. One can allow or deny access to the desired applications and drives for a specific user in the console.

The user’s email can be configured only on the email client of a particular system that has to be made available to the user.

Is it required to install the BLACKbox agent in every system?

Yes. It is required to install BLACKbox agent for device hardening, forced centralization, application controls, application virtualization (if BLACKbox AAA is purchased), VPN facility, cloud backup (if BLACKbox DCDR is purchased), email vigilance, internet controls, and screen capture.

Can a BLACKbox user access data remotely without internet connectivity?

Yes. Remote users will be provided an offline secured folder on their device, hardened by BLACKbox. The required data can be copied on that folder while leaving for the client site (any remote site) and accessed offline from the client site without the internet.

Which DLP engine does BLACKbox run?

BLACKbox does not run on any DLP engine. It hardens the device for maximum control and minimum monitoring.

Demo

Want to know More?

Ask for Demo





    captcha
    Check

    IT INFRASTRUCTURE AUDIT

    Reality Check Voucher worth INR 20000 NOW FREE

               








      captcha