close

FAQ

Home
Company
FAQ
Click on Question to view Answers
Q: How much do your products cost? How can I get a price quote?

A: Our product pricing depends on the number of user seats. Contact us for a Quote. Don't forget to specify product name and desired configuration, or call our sales office at (646) 240-4985

Q: What are the minimum system requirements for Zlock client and console?

A: Zlock system requirements are the same as for Windows 2000/XP SP2/Vista. The only additional requirement is a free USB port for the licensing key.

Q: Our employees use Flash Memory devices. I need to make sure that some of them can use their Flash at particular computers, while others can’t - provided that some of these Flash (by Transcend) have the same ID numbers (VID_058F&PID_6387). Can you recommend anything?

A: ID numbers you are talking about are the product ID and the vendor ID. It’s no surprise that product and vendor IDs are the same. In your situation we suggest that you build access control policy using Serial Numbers, they are supposed to be unique for each device. Unfortunately, not all USB Flash manufacturers assign Serial Numbers to their devices, so we recommend purchasing only devices with serial numbers.

Q: Which firewall ports should be open for remote administration of Zlock?

A: For remote administration of Zlock you need to open only one port in your firewall. By default, it is port 1246, but you can change it. BTW, this is an important difference of our product from analogs that use RPC (Remote Procedure Calls), which, by default, require opening of multiple ports and therefore are pretty vulnerable to attacks from the outside. As you probably know, many of modern viruses use vulnerabilities of RPC to get to a computer and acquire administration rights.

Q: Do you have kind of a back door, a way to break the protection and retrieve data encrypted with your products? Can you guarantee that nobody will be able to read it if the computer is lost or stolen?

A: It is impossible to break the protection and open the encrypted data. The protection strength is based on keeping secret the encryption key. You yourself generate the encryption key, and if you don’t compromise it – nobody will access the encrypted data. As for the possibility of opening it without the encryption key – brute force attack requires astronomical time and resources even with the 128-bit key, and our products use 256-bit key encryption.

Q: Is disk encryption linked to the operating system at all? I mean – if I reinstall the OS, will I be able to read the encrypted data?

A: The encrypted disks are totally independent from the operating system. All you need to access the data is Zserver software and the encryption key. You can reinstall operating system, move disk from one computer to another – if you have the encryption key, you will retain the access to the data.

Q: When we manage Zserver via Administration Console, the network traffic is encrypted. But is it the same when users work with the encrypted data? How are the data transferred through the network, encrypted or not?

A: No, there is no encryption. This functionality is closer to VPN, while Zserver is a completely different tool. This proves the generic thesis that information security is a complex problem and there can not be a single solution that solves every problem and protects from all threats.

Q: You write that you don’t have a back door or any way to break the protection and retrieve the encrypted information. But then – who will keep the backup copy of the encryption key, just in case?

A: You are supposed to take care of backup copies of your encryption keys yourself. We recommend that you store them securely and apart from the encrypted data, for example, in a bank cell.

Q: Does Zserver Administrator Console work with Win2003 Server?

A: Yes, it does.

Q: Is it possible to use Zserver with a computer cluster - for encryption of shared cluster disk (a disk used by all computers in the cluster)? Are there any limitations to this kind of use?

A: Zserver can work with a computer cluster managed by Microsoft Cluster Services, but you will need a special cluster version.

The software needs to be installed on each computer in the cluster; then you can load the encryption keys and open the shared disks. When switching between servers in the cluster, the disks encryption will switch automatically.

Q: Can you clarify something for me? I install Zserver Suite on a server, then generate an encryption key, save it to a smartcard, and encrypt disks. It will not change the normal work for my network users, because the encryption key is stored in the server’s RAM, correct? Particularly, I have an Oracle server and Microsoft Exchange, and I need to make sure that users will see no difference when working with the encrypted disks.

A: You are exactly right, the encryption key is stored in the RAM of the server, and after the system is installed and disks are encrypted, all users and applications continue working normally, without noticing any difference.

Many of our customers protect Oracle, MS SQL, and Exchange databases, and the protection is totally transparent.

Q: If there are no free USB ports on the server, can I plug Zserver license key to my administrator’s workstation?

A: License key has to be plugged to a computer that runs the server module of Zserver system and where the disk encryption performs.

Same applies to Zbackup – the license key should be connected to the computer with the backup device.

Q: Our users work via Citrix PS4. Are there any problems or specifics with using Zserver on terminal servers?

A: Zserver works perfectly fine with terminal servers, there is absolutely no issues or specifics.

Q: What is included with the Zserver system supply, particularly, which hardware devices? How many? Do we need to purchase anything separately?

A: Zserver Storage as well as Zserver Backup comes with a license key (USB plug), a smart card reader, and 2 smart cards, as well as installation CD and user documentation. This means that you will have everything you need to start working with the system.

Q: How does your Zserver system works with disk arrays (Mirror and RAID)?

A: Zserver is 100% compatible with hardware and software-based RAID arrays of all levels.

Q: How will Zserver Suite influence performance of my system?

A: This is a very good question, however, we don’t have a simple answer: the encryption speed depends on the overall performance of the system, disk configuration and many other factors. Generally speaking, we can imagine a situation when the system performance does down by 10-15%, but none of our customers noticed or complained about any negative effects on speed or performance.

Q: Can you tell me about fundamental advantages of your Zserver system over standard Windows 2000 Pro/XP security features (EFS) and certification services in Windows Server?

A: We think comparing these two systems is not exactly appropriate: Zserver and EFS solve different problems and, consequently, have different functionality.

The main purpose of EFS is demonstration that Windows have strong security features, including encryption. EFS is “too multi-purpose”, and therefore not too useful for certain tasks – the ones Zserver is made for.

  1. File structure is not encrypted, so, folders and files are visible to anyone.
  2. File access rights are linked to particular Windows accounts. Access to these accounts (by picking a password) allows the access to the encrypted files.
  3. The encryption keys are created from User Certificates. The certificates are stored in the system registry, so physical access to the computer makes it possible to decrypt files.
  4. Only a single user can encrypt folders and work with them afterwards (for Windows 2000 only). It is not possible for a group of users that share data – if shared access is required, each user has to be added manually.
  5. Default Windows encryption algorithm is DESX, which is not very resistant to cryptanalysis (For Windows 2000 only).
  6. There are utilities for data recovery by restoring encryption leys from user certificates (e.g., Advanced EFS Data Recovery).
  7. During initial encryption, Windows creates temporary copies of the files, which makes possible their subsequent recovery.
  8. Standard Windows OS comes with 56 bit key encryption, but it is possible to install an extension for 128 bit encoding. Unfortunately, these two encryption packages are not compatible with each other.
  9. EFS works with Windows 2000/XP/2003 only. It means that older Windows 9x/ME/NT workstations can not work with the encrypted files.
  10. An administrator can login as a user and see their encrypted files (For Windows 2000 only).

Q: Does Zbackup use Removable Storage Service? For a number of reasons I had to turn it off to ensure stable work of my streamer.

A: Zbackup does not use Removable Storage Service, so it will work just fine without it.

Ask a Question

Name:
E-mail:
City:
Question: