DriveCrypt Plus Pack
加密整个操作系统
——加密整个硬盘(对您的硬盘进行部分加密或100%加密,包括操作系统);
——预引导认证(启动机器前,需要使用密码来解密硬盘和启动机器);
——将整个操作系统隐藏在另外一个操作系统的未用空间内;
——256位AES强加密;
——预引导层USB-Token认证;
DriveCrypt Plus Pack支持真正实时的256位硬盘加密,具备高级FDE(全硬盘加密)和VDE(虚拟硬盘加密)或容器加密能力,是透明数据保护的重要革新方案。
DCPP应用强大的加密算法(AES-256)在扇区层保护您的硬盘(包括可移动介质),只有授权用户才可以访问硬盘。DCPP所采用的加密算法经过验证,非常可靠,由美国国家标准和技术学会(NIST)选定,将作为未来的密码标准。AES-256是FIPS认证的对称加密算法,美国政府机构等可以采用该算法来保护重要数据。
DCPP自动工作,对用户完全透明,不仅降低了用户工作负担和培训要求,还创建了可执行安全性的基础。将启动保护和自动加密相集成,在提供高度安全性的同时,对用户的影响也将最小化。启动保护对扇区进行逐个加密,使得暴力攻击行为无法复制单个文件, 能够防止操作系统破坏行为(如通过软盘启动),并阻止rogue软件进入。因此,DCPP可以保护操作系统和重要系统文件(这些文件通常含有Windows密码线索)。
DCPP是目前为止速度最快特性最丰富的实时加密系统,在系统开发过程中,所有密码内容都尽可能做到不可见和透明化。
预引导认证
在系统启动之前采用预引导认证(PBA)方法对用户进行认证,此类认证不能被修改,能够确保最高的安全性。PC硬盘上不存储密钥或密码,启动操作系统所需的全部信息由密码生成,这样,应用硬盘工具来解析硬盘是完全无效的。PBA由系统调用BootAuth提供,并且采用完全图形化的登录屏幕。
全磁盘加密
全磁盘自动透明加密(FDE)相比于文件加密更具优势。FDE不仅能够保护系统文件,还能保护临时文件,临时文件中通常含有敏感数据,通过文件加密方法一般会遗漏该部分文件。使用FDE,即使删除驱动器本身也不能访问任何文件或目录结构。DCPP按扇区执行FDE,无需创建临时文件或备份文件,因此,对于大型文件也可以实现立即加密,不会有延迟,而一般的文件加密方法则速度较慢。此外,使用FDE,不必再通过显性文本方式来安全删除临时文件或工作文件,节省了时间,对于废弃磁盘,也不必再执行全面的删除操作。
系统工作方式
用户从磁盘上读取数据将其载入内存之前,DCPP将自动解密数据。而读取完毕重新写入硬盘时,DCPP也将自动重新加密数据。对用户或程序而言,该过程完全透明,当数据在硬盘和内存之间传递时,能被立即捕捉并执行相应的解密加密操作,无需人为解密或重新加密数据,DCPP丝毫不影响用户在PC上的正常操作。另外,每次数据读取过程中,只解密文件所在扇区,而不是整个磁盘。有些产品虽然宣称能够立即解密整个文件并将其载入内存,但一般伴有严重的安全危机,相比之下,DCPP只解密文件所在扇区,其智能性和安全性更高。因此,在DCPP加密的磁盘中,所有数据都将被有效保护。
隐藏操作系统
在当今市场上,DCPP是唯一能将整个操作系统隐藏在其他操作系统未用磁盘空间上的软件。您可以为DCPP加密磁盘定义两个密码:一个是可见操作系统密码,另一个是不可见操作系统密码。您可以使用第一个“伪”密码来登录预先配置好的操作系统(外部操作系统),而使用第二个密码登录真正工作所用的操作系统。如果他人需要您提供DCPP密码时,该功能非常有用:该情况下,您只需交出第一个系统密码,这样,攻击方虽然能够启动您的系统,但是所看到的信息是您预先为其准备好的,并不能获取任何机密数据或私人信息,也不会发现机器中还隐藏着另外一个操作系统。相反,如果您输入的是自己的私人密码(即第二个磁盘密码),那么您所启动的将是工作操作系统,可以直接访问所有机密数据。
有时并非必须创建隐藏操作系统,因此也并不是每个人都需要获知隐藏操作系统是否存在。
特性和优势
产品含有以下主要特性和优势:
引导保护;
预引导认证:启动操作系统前登录;
支持启动多个操作系统(Microsoft);
支持不可见操作系统(允许隐藏整个操作系统);
磁盘全部或部分加密;
扇区层保护;
完全关机保护,如禁止非法用户启动PC ;
AES-256位加密;
加密磁盘的容量不受限制;
同时管理多个加密磁盘,数目不限;
允许将数据隐藏到图片内;
支持特洛伊防护和键盘捕获防护,保护密码;
反字典攻击和暴力破解攻击机制,同其他软件相比,DCPP是最难攻击的系统;
能够加密所有介质(磁盘、软盘、ZIP、JAZ等);
为管理员和用户
DriveCrypt Plus Pack
Encrypts the whole operating system
- Full Disk Encryption (Encrypts parts or 100% of your HardDisk including the operating System)
- Pre-Boot authentication (BEFORE the machines boots, a password is requested to decrypt the disk and start your machine)
- Allows secure hiding of an entire operating system inside the free space of another operating system.
- Strong 256bit AES encryption
- USB-Token authentication at pre-boot level
DriveCrypt Plus Pack provides true real-time "on the fly" 256-bit disk encryption. Providing advanced FDE (Full disk encryption) as opposed to VDE (Virtual disk encryption) or "container" encryption, DCPP is an important evolutionary step in the field of transparent data protection.
DCPP allows you to secure your disk(s) (including removable media) with a powerful and proven encryption algorithm (AES-256) at the sector level, ensuring that only authorized users may access it. The encryption algorithm used by DCPP is a trusted, validated algorithm chosen by the National Institute of Standards and Technology (NIST) and stated to be the cryptographic standard for years to come. AES-256 is a FIPS-approved symmetric encryption algorithm that may be used by U.S. Government organizations (and others) to protect sensitive information.
DCPP is automatic and completely transparent to the user. Not only does this decrease user involvement and training requirements, but also it creates the foundation for enforceable security. The careful integration of boot protection and automatic encryption provides a high degree of security with minimal impact on users. Boot protection prevents subversion of the operating system (via floppy boot-up, for example) or the introduction of rogue programs while sector by sector encryption makes it impossible to copy individual files for brute force attacks. DCPP safeguards the operating system and the important system files (which often contain clues to passwords for Windows).
DCPP is the fastest and most feature-rich real-time encryption system available, Special care has been taken to render all cryptographic parts as invisible & transparent as possible.
Pre-Boot Authentication
The user is authenticated by means of pre-boot authentication (PBA) before the system is started and therefore before the operating system is booted. This kind of authentication cannot be manipulated, PBA therefore guarantees maximum security. Neither keys nor passwords are stored on the PC’s hard disk. All of the information required to boot the operating system is derived from the password. This makes the use of hard disk tools for analysing the hard disk completely ineffective. PBA in provided by a system call BootAuth and is a fully graphical login screen.
Full Disk Encryption
Automatic & transparent Full Disk Encryption (FDE) offers several key advantages relative to file encryption. FDE secures the system and temp files that often contain sensitive data but are missed by file encryption. Even removing the drive itself does not give access to any file or directory structure. FDE is performed sector by sector without creating temp or backup files: As a result, large files will decrypt without delay whereas file encryption is normally much slower. FDE also avoids such time consuming tasks as secure deletes of temp files or work files in clear text, and obviates the need to do a full delete on disks to be discarded.
How does it work ?
As data is read from the hard disk, DCPP automatically decrypts the data before it is loaded into memory. When data is written back to the hard disk, it is automatically re-encrypted. This process is completely transparent to the user or any application programs, the data is caught "on the fly" as it transfers back and forth between the hard disk and memory. Consequently, users don’t need to remember to decrypt or re-encrypt their data, or change the normal operation of the
