FAQ - General Question - 美商信威資科 Secward Inc.


English	繁體中文	简体中文	日本語

Securing Intellectual Property Industrial Design Industry Software Development Industry

TotalFileGuard 2008

Consulting Service Customization Service Contact Support Forums FAQs Evaluation Support Center

International Partners Become a Partner

Events In the news Press Contacts

Corporate Overview Corporate Mission Management Team Contact Us

Consulting Service

Customization Service

FAQs-

General Question

TFG Deployment

TotalFileGuard User FAQ

For Evaluation Users

Q1. How does TotalFileGuard™ work in an Enterprise?
When users within TotalFileGuard organization accesses files, the protection-agent running on the OS-kernel level will encrypt/decrypt documents automatically. Receiver of the documents needs to authenticate against the management center to access the target based on his/her assigned permissions.

Q2. Does TotalFileGuard™ release multiple-language versions?
Yes. TotalFileGuard currently releases Traditional Chinese, Simplified Chinese, English, Japanese and Korean versions. In addition, through our meticulous planning and programming structure, any demand for other languages can be satisfied by modifying language file which takes less than 10 working days.

Q3. Will different installations of TotalFileGuard™ Console in different organizations interoperate? Is there any possible security breach?
No security issues will arise. TotalFileGuard will generate an authentic-code based on the unique hardware ID of the management server. Different Consoles have different ID and keys. Therefore different installations of TotalFileGuard don't interoperate or decode each other's encrypted documents.

Q4. What is the encryption scheme of TotalFileGuard™ used? Is it safe?
TotalFileGuard uses the most advanced AES 256 encryption algorithm which has certified against multiple international security standards. Being a fast algorithm which consumes less system resources, it is now recognized by major industries (including financial services, telecommunications and government organizations) as a highly robust encryption algorithm. TotalFileGuard also allows customers to select their own algorithms. We can even integrate clients' "home-brew" algorithm into the solution when they have particular security requirements.

Q5. Is it possible to directly retrieve the key on TotalFileGuard™ desktops?
TotalFileGuard-encrypted key does not reside with end-users’ desktop. The private key for encryption system is encrypted with highly robust algorithm which can virtually ensure no chance of breach in light of deciphering capabilities available to current computer systems. It will take centuries to break the code even with a modern supercomputer.

Q6. Is TotalFileGuard™ capable of preventing users from copying and pasting?
Yes. TotalFileGuard has very considerate copy-restriction designs. Taking security and convenience into consideration, we offer a one-way mechanism that only refrain users from copying text or images from protected application documents to non-protected application (e.g. Notepad) or from replicating texts with drag-and-drop function unique to protected applications.
However, a user can still copy text or images from other applications (e.g. Web or .txt files) to Office components. These elements can also be copied among protected Office documents.

Q7. Can TotalFileGuard™ prevents data-theft from memory-dump and data retrieving?
Yes. TotalFileGuard can prevent advanced-user’s data-theft from memory-dump and data-retrieving by disabling a series of relevant commands and through memory segmentation security technology to ensure maximum security.

Q8. Is TotalFileGuard™ able to address the threat posed by screen captured software or print screen operation that can compromise confidentiality of information?
Yes. TotalFileGuard is equipped with comprehensive screen capture prevention features that will prevent more than one thousand screen capture applications from capturing protected open files.

Q9. Can TotalFileGuard™ control unauthorized file prints?
Yes. You can configure TotalFileGuard to allow users print with only those printers registered within Management Console. You can also control virtual printer outputs to effectively prevent users from printing documents as OCR-enabled or Flash-based files for distribution.

Q10. Can I use TotalFileGuard™ to decrypt all encrypted files in a batch?
TotalFileGuard™ can unlock encrypted documents in batches when Administrator provides correct hardware ID and key. However, to ensure system security, batch decryption component can only be possessed by IT manager of the organization and has to be used with an authorized password. It is recommended to assign the key and password to different people respectively to reduce human-error risks.

Q11. Static IP vs. DHCP IP address (Does it really matter? what will happen if the IP address gets changed)?
As typical management servers, TotalFileGuard™ server needs a static IP for manage client agents. Once if the IP of management server changed, the agent will be failed to connect server. Than icon of agent in the client side will become bray and disabled. BTW, agents can be static IP or DHCP. The authentication between TotalFileGuard™ agent and server by HWID (CPU ID and MAC), so doesn't matter if you change IP or not and you also can deploy TotalFileGuard™ agent in Static IP or DHCP IP environment.

Q12. How many clients (Agent PC) can I try setting up with the scale-down server? Do we even allow our customers to have scale down server or we have to stick with the "Minimum requirements"?
The minimum requirement for management is 512MB with Pentium 800Mhz CPU. It can be worked with 50 clients. By our default setting, agents will sync with server for every 5 seconds. If we tune this parameter to 10 or 30 seconds, than the number of clients can be scale-up.
If the customer wants to install over a hundred TotalFileGuard™ agents and in the formal environment: TotalFileGuard™ server SPEC:

CPU: Intel Duo Core
RAM: 2GB
HDD: 120GB
NIC: 10/100/1000 Mbps with Intel Chips
CD-ROM
OS: Windows 2003 Server

Q13. How does the program install into the PCs? Ease of installation? Have to be installed individually on each PC, or through server?
It’s Very easy for installation. You can use AD to deploy with harmless for user operations. We use Management server to control all the agents installed on each protected PC. We have an experience to deploy 1000 clients within 1 day.

Q14. How many PCs can this program support? Has this program been deployed on a wide-scale basis? If yes, how many PCs have been installed and implemented successfully in a customer's premises?
Each management server can handle 800+ clients. Management servers support for cluster. You can run servers in load balance mode. We have accomplished a 3000 client’s deployment.

Q15. Any known issue with any specific applications? If a user were to run into a problem with a particular app in his PC, can the program be uninstalled immediately? How will Secward be supporting us in solving issues?
Agent can be uninstalled within 5 Sec. in PC side. Administrator can also remote batch uninstall agent from management server. We can also support on this.

Q16. What are the advantages this product has over its current competitors?
There are three ways for data loss protection in the market.

DRM (Digital Right Protection)
- Strength:Good at access control for each file.
- Weakness:
  Most of DRM supports MS-OFFICE and PDF only. There are many applications, Auto-CAD, Solidwork, U/G...etc, especially in manufacturing industrial.
  Time-delay of encryption in application layer is another problem. Users need to wait for long time during file de/encryption.
DLP(Data Loss protection)
Technology: Disable all exposure paths to prevent from data losses. Disable or control USB, MSN, and Bluetooth...
- Strength: Easy in use.
- Weakness:
  Email access is a problem. Most of version control system, like PLM or PDM, used HTML for publishing. This will be a big problem in data control for DLP.
  Lack of file access control.
  No protection while exchange files with co-working partners
Transparent Protection (Like, TotalFileGuard)
Technology: De/Encryption files in driver layer automatically.
- TotalFileGuard™ Advantages
  Support for 110+ applications. It takes no more than 1 week to support a new application. ( <--This is a very significant function from DRM.) We also support for source code protection.
  Automatic protection. User can protect their file without additional operation or clicks.
  Exterior protection. File can be protected while sharing with business partners.
  Customers don't have to disable any service (MSN, Mail, Skype...) nor device (USB)...
  Good at performance in de/encryption processing
- Weakness:
  New technology concept. It needs to take some time for training.

Q17. Can the TotalFileGuard™ works under Windows Vista?
The agent support operated on Vista 32bits version. Vista 64bits is not supported at this moment.

Q18. How does Server token works? How does Client token works?
USB server token is designed to prevent the TotalFileGuard™ Management Server, not allow the un-authorized user to operate. Hence MIS have to use USB server token to active the service on the server, other one is for backup, please keep it in a security place.
USB client token is for travel staff if he can not access the Internet to get the authorization by TotalFileGuard™ Management Server. He can use USB client token to de/encrypt the files off-line.

Q19. If Management Server with 2 networks card for redundant switched, what's the effort for server and client?
No effect for server and client. TotalFileGuard™ will collect all the information automatically.

Q20. Management Server can handle 800+client, does it means over 800 clients need do cluster? Or upgrade hardware spec is fine? If do cluster, need to buy another Management Server license?
We suggest for Management Server to handle <500 clients. Of course they can use high performance PC to handle 800+ client foe single servers. We provide TotalFileGuard™ Value Pack for cluster purpose. If customer purchases two or more TotalFileGuard™ Management servers, we recommend use TotalFileGuard™ Value Pack to have Log DB Auto-Backup/Sync System, and Reporting System.

Q21. Firewall needs to release how many ports for TotalFileGuard™ clients?
Communication port (default is 2000) must be open on the client and server. Verify that the communication port is open on the perimeter firewall and personal firewall (on client). If the client computer has anti-virus software installed, add TotalFileGuard™ to the applications safe list.

Q22. How about Management Server installed in Vista 32 or 64 bit server?
Currently TotalFileGuard™ Management Server only supports 32 bits OS, like Windows server 2000, 2003, and 2008.

Q23. What kind of DB of Management Server use? What's information it stored? How to backup DB Necessary?
TotalFileGuard™ uses a PostgreSQL data to store agents information, client operation logs and system administration logs. To ensure that your TotalFileGuard™ installation will function properly, make sure that there are no existing instances of PostgreSQL on the target server.
If customer have two or more TotalFileGuard™ Management servers, we recommend to add TotalFileGuard™ Value Pack to have Log DB Auto-Backup/Sync System, and Reporting System.

Q24. Total solution of TotalFileGuard™, how many servers will you suggest customer to prepare?
That will depend on the company scale, redundancy or budget.