Becrypt is pleased to announce some significant product enhancements from the most recent product release Paradox v2.2.0. released in December 2019.
Extended Authentication options
Centrally managed browser extensions shares
Fine grained USB device control
TPM backed data partition encryption
802.1X is now supported for WiFi
These exciting new features are expanded on below.
Authentication options including AzureAD, OKTA, Forgerock and OpenID are now supported. Paradox customers can now login to their devices using AzureAD or Hybrid Azure AD joined credentials, or alternatively they can integrate their Paradox EUD login with Cloud based identity solutions from OKTA and Forgerock using our new integration of the OAuth 2.0 protocol.
Integrated single-sign-on (SSO) for Web Apps for OAuth logins – Specify trusted URL’s in policy and the system will use your logged in user’s credentials to login to those sites automatically and securely.
Centrally managed browser extensions can now be added, configured and updated centrally via policy control from BEM. This eliminates user configuration error and confusion whilst providing the ability to leverage this rich area of browser capability.
Samba shares for mounting Windows network drives now supported. Paradox customers can now define the File Share paths in policy and set authentication policies for access to them. This functionality is particularly useful for customers on a digital transformation journey that are not in a position to upload all of their data to the cloud.
Guest Mode – providing a restricted anonymous login option for a variety of use cases. For example, Captive Portal negotiation: if a system is locked down and requires a VPN connection before any services or internet access is allowed, challenges occur in environments such as airports, hotels, trains or coffee shops where the free WiFi requires you to authenticate. Paradox will enable the device to switch to Guest Mode and register to the captive portal in the browser. The Paradox read-only OS provides strong protection against malware attacks prevalent in public access WiFi systems.
Other Guest Mode use cases include providing access to a specific App – for example a Smartcard Pin Reset function, or a device checkout system for using the laptop itself and facilitating internet access to friends, colleagues or even your kids. It’s safe and completely non-persistent!
Fine grained USB device control - Policy can now define the make, model and type of USB function allowed to connect to a Paradox device. It is therefore now possible to restrict a multi-function USB, such as a 4G networking device, to only be able to use a specific function like the Networking itself and not allowing Mass Storage access or any other unwanted function.
TPM backed data partition encryption – Paradox is a Read-Only system designed not to hold any sensitive customer data, but we still encrypt the Data Partition to protect the App configuration data and policies. Paradox will where available use the local TPM to “Seal” these encryption keys to the TPM. This means that the key cannot be unlocked unless specific SW and HW conditions are met. This effectively makes an offline brute force attack on a disk that has been removed from the machine much more difficult. A brute force or hammer attack on the machine with the correct TPM will trigger the TPM to lock, protecting the data.
802.1X is now supported for WiFi connections: 802.1x is a standard for Port Based Network Access Control. Typically this involves deploying a Trusted Certificate to the endpoint device which is then automatically passed to an authentication server as part of a process to identify and authenticate network connections in a way that is transparent to the user. Paradox has always supported 802.1x for wired connections but it now supports a variety of 802.1x Wifi configuration options.
As we continue to enhance Paradox functionality, we welcome new feature requests from our Paradox customers. If you are new to Paradox and would like to find out more, click here or contact us on 0845 8382080.