Secure remote access with bootable USB that you can trust from a PC you can’t
Trusted Client is Becrypt’s innovative answer to the IT Manager’s dilemma: how to provide secure remote access at a low cost. Trusted Client is a bootable USB solution that transforms an unmanaged machine, such as a home PC, into a secure remote access point.
"Beautifully implemented, this is a product as sophisticated as it is simple." - Techworld
By providing cost effective and highly secure access for mobile workers, Trusted Client significantly reduces the risk of data loss and data leakage and helps protect the network. Trusted Client is an invaluable tool that supports and enforces a comprehensive Information Assurance strategy.
Trusted Client Overview
Trusted Client is self contained encrypted bootable USB solution that typically resides on a USB flash drive, and allows employees to work securely from an unmanaged internet connected PC. It addresses the risks inherent in using an unmanaged PC, which cannot be trusted, to connect to an organisation’s secure network and data.
Inserting the Trusted Client device into a USB port and re-booting launches a secure isolated environment, which provides a user interface, a web browser, email access and standalone applications. Trusted Client is fully configurable to each organisation’s individual requirements. With Trusted Client, staff no longer need laptops for home or occasional remote working; instead they can be issued with an inexpensive bootable USB flash drive, which is secure, and easier to carry.
Besides remote working, home working, and occasional off-site working from unmanaged PCs, Trusted Client can also be used in Business Continuity scenarios, either as a secure remote access device, or as a standalone secure environment should the corporate network fail.
Trusted Client uses the FIPS approved Becrypt cryptographic algorithm and has been awarded a CESG Claims Test Mark (CCTM) and Common Criteria.
How is it different?
Trusted Client’s innovative use of technology creates a secure environment on the host PC: it does not use the host hard drive and operating system. This has to two key benefits; first, any malware on the host PC cannot infect the network; secondly, corporate data cannot leak onto the host PC.
Any data that is saved to Trusted Client is protected by encryption; alternatively, Trusted Client can be configured as a read-only device, and all user data is erased on shutdown. Trusted Client devices can remotely be rendered unusable (or ‘killed’).
-
Features / Benefits
Features: Benefits: Secure remote network access enables users to work safely from any unmanaged PC Flexible and mobile working capabilities to provide better service to customers, and better work/life balance for users. Working enviroment is totally isolated from the host machine Absolutely no transference of data significantly reduces the risk of data loss or data leakage Encrypted operating system and encrypted data storage - data saved to Trusted Client is automatically encrypted Device and any data saved securely protected from unauthorised access Strong authentication combined with 256 bit AES encryption Government grade security options make Trusted Client suitable for protecting virtually any commercial information Based on Open Source software and loaded on an off-the-shelf USB flash drive Extremely cost effective solution with low hardware costs (particularly when compared with alternatives like laptops or PDAs), and no additional license fees for the operating system Out of the Box integration with standard browsers, Citrix and Microsoft Terminal Services Familiar look and feel for users reduces training overheads and rapid start up time giving fast access and boosting user acceptance Fully configurable with easy inclusion of additional plug-in applications Highly configurable to meet the business requirements of each individual organisation Central Management facilities for device deployment and repudiation Low operational overheads and the ability to ‘kill’ a Trusted Client device remotely should the user’s rights be revoked -
How it works
Trusted Client has been designed with a modular approach to enable third party components to be built into the environment. It may be configured to include only pre-specified applications, and to restrict the user to approved IP destinations, ports, and protocols, such as the corporate intranet, virtual private network (VPN) or specific hosts. Once the configuration of Trusted Client has been decided, a single install file is created allowing an organisation to quickly and securely build devices that are unique to their needs.Next the Trusted Client device is built, this can be done by the end user themselves, or by an administrator or other central function. All that is required is a standard 1GB or greater USB memory stick, and the configuration of Trusted Client specific for your organisation, which may be held in a central secured zone for access by staff. To create the device, the end user or administrator sets up an initial username and password and inserts the USB memory stick. The Becrypt software then generates a unique 256bit AES encryption key and uses this to encrypt the device and copy the relevant files, producing the Trusted Client.
The end user then can use the Trusted Client from an internet connected PC. They boot from the USB device, an authentication screen will be displayed, asking for username and password. After successful authentication, the device automatically decrypts and the device operating system is loaded creating a secure environment on the host machine. Trusted Client utilises standard browsers, Citrix and Microsoft Terminal Services, giving users a familiar user interface and offering easy integration with existing systems. The Trusted Client operating system has no access to the internal drives of the machine, allowing the user to work safely regardless of the malicious software that maybe present on the host. This feature also prevents any data from being leaked outside of the Trusted Client environment. If authentication fails, the device can not be booted and it can not be accessed as the whole device is encrypted.
Trusted Client is quick to boot up and the encryption is completely transparent to the end user. The strong user authentication features include an embedded strong password generator, and the device can be configured to work with additional tokens, providing secondary authentication of any user. Should a password be forgotten, secure device recovery through a challenge/response processes is possible, ensuring that the original password is never compromised. Having completed their work session, the user simply shuts down the host PC and removes the Trusted Client USB device, no trace of session is left on the host PC.
.gif)
