Device Hardening
Yes, file permission in BLACKbox can be configured to block deletion for the user. However, it is not a recommended configuration setting due to a practical problem.
Most of the desktop applications create .tmp files when the files are opened. When the files are closed, these .tmp files are deleted. However, when the folder permission is set up to disallow deletion of the file, such .tmp files pile up and multiply as users work on the files in the folder.
Hence, as a better option, BLACKbox is equipped with “Active Recycle Bin” technology to recover deleted files and identify the user who has deleted them.
Yes. Any folder on the specific system or file server can be mapped for syncing with GitHub. BLACKbox can then be utilized to force the user to work on that specific folder mapped with GitHub. This will not allow the user to scatter the data beyond the folder mapped with GitHub, and all the data will be synced with GitHub.
Yes. The software agent of BLACKbox can be installed on windows based virtual computers (windows 10 is recommended) configured using VMWARE or HYPER-V.
User profiles on these virtual computers will be hardened by a software agent, and data can be forcefully centralized on BLACKbox hardware.
There are two ways to install a new software on a user’s Windows computer under the BLACKbox environment.
- Admin rights can be given to the specific user for the purpose of installing the application and can be withdrawn when the installation is done.
- Log in to the user’s system with the administrator user credentials and install the application.
No. Print screen or screen capturing cannot be blocked on a user’s Windows computer under the BLACKbox environment. But, this can be done on an ios/android device installed with M-Duo.
No, user-wise groups cannot be created in BLACKbox. But, a specific user’s policy can be copied while creating a new user. This serves the purpose of user-wise group policy.
No. PST data must not be used live from the network on BLACKbox. It should reside in the user’s local system to ensure good performance.
“USB Read” can be allowed for users who need digital signatures. At the same time, “USB Write” can be blocked to ensure that data is not leaked via USB.
No, BLACKbox does not check file contents. Users will be able to rename any file from any extension to any extension since this is a basic windows operation and cannot be restricted.
Yes. This can be done by blocking access to ports used for FTP and SFTP.
The minimum OS requirement on laptops & desktops for installation of BLACKbox is Windows 10. The minimum OS required for installation of the BLACKbox AAA server is Windows 10 Professional.
Yes. The offline secured folder resides on the local hard disk of the user’s laptop. Hence, it is accessible even without the internet.
Password change can be forced periodically through configuration in the user’s windows system. But, this is not a feature of BLACKbox.
Access to which folders should be given to a particular user can be defined via the BLACKbox console. Only those users for which access to that particular folder has been granted will be able to access it.
There are no particular rules and policies for saving files on BLACKbox. If the user is granted access to a particular folder and has “write” permission for that particular folder, then a file can be saved in that folder like on any other standard system.
BLACKbox can prevent data theft via USB through three use cases:
- Block both USB “read” and USB “write”. This would allow only keyboard and mouse types of non-mass storage devices.
- Allow USB “read” and block USB “write”. This would allow the user to inward data but not copy any data through USB.
- Allow both USB “read” and USB “write”. This would allow the user to inward and outward data, but a report would be sent to the designated authority. (Email ID specified during configuration).
Yes. One user can log in via multiple computers. However, the computers from which the user should be allowed to log in must be defined on the BLACKbox console.
Also, if the user uses Outlook or any other email client, his mails shall be accessible only from the computer on which his email client is configured.
Yes. Folder-wise read/write permissions can be set for every user through the power user “access.controller”.
Yes. The computer system(s) that will be accessible to a particular user can be defined in the BLACKbox console.
All the applications installed on the user’s computer will be visible in the BLACKbox console as soon as the agent is installed on the user’s system. One can allow or deny access to the desired applications and drives for a specific user in the console.
The user’s email can be configured only on the email client of a particular system that has to be made available to the user.
Yes. It is required to install BLACKbox agent for device hardening, forced centralization, application controls, application virtualization (if BLACKbox AAA is purchased), VPN facility, cloud backup (if BLACKbox DCDR is purchased), email vigilance, internet controls, and screen capture.
Yes. Remote users will be provided an offline secured folder on their device, hardened by BLACKbox. The required data can be copied on that folder while leaving for the client site (any remote site) and accessed offline from the client site without the internet.
BLACKbox does not run on any DLP engine. It hardens the device for maximum control and minimum monitoring.