Reviews – Rohos

What are strategies for protecting against two-factor authentication vulnerabilities?

5th January 2021/in Reviews /by SafeJKA

Long time ago, Microsoft admitted that “game is over, if an attacker is landed inside your Active Directory” (“Mitigating Pass-the-Hash and Other Credential Theft”, version 2) by putting the following statement :

“Assuming breach requires a shift in mindset from prevention alone to containment after breach”

Meaning that no security software will help you since that moment. With this statement Microsoft team accepted that 0-Days vulnerabilities and exploits will continue to appear in future. What lessons security architects and experts may learn from Sunburst/Solarwind case? Probably the statement may be expanded to a wider scope:

“Assuming ongoing breach executed in an unidentified past requires a shift in mindset from prevention to continuous containment”.

What if the breach was already happened but we dont know about it now? Cyber-Security vendors now start offering solutions that includes new paradigm :

Breach Prediction and Threat Intelligence that monitors threat actors in dark net, vulnerabilities and tactics they are going to use. This will allow to identify potential targets and the weaknesses that will be exploited.
Breach Detection and Response with security controls that will continue to perform even in containment phase (i.e. “game is over”). Make Malware/RAT/APT operators to move in a wrong direction, take “wrong” things, while leaving more Indicator of Compromise and evidences in IT infrastructure.

P2P encryption ownership in secure online storage products (Mega.nz, OneDrive)

1st October 2020/in Reviews, Solutions /by SafeJKA

Briefly: Secure storage services such as Mega.nz, OneDrive Vault, offers P2P encrypted cloud storage, where the data are being encrypted/ decrypted in your web browser or computer. This provides the highest privacy level since data delivered to the cloud storage in encrypted form. Does it really mean, the information cannot be accessed by the Vendor? Here we show, how the vendor completely owns encryption protocol and data flows, even in your web browser. We also demonstrate why total ownership gives vendors the tools for user targeting that may be used to de-private your data. An example with Rohos Disk cloud folder encryption demonstrates the difference.

FIDO U2F security keys’ review: authentication, digital signature or blockchain?

5th February 2018/in Reviews /by Igor

Research on Security Keys

While integrating FIDO U2F key as a new authentication method to Rohos Logon Key, we have reviewed it’s features. In this article we outline the origin and history of U2F, how it works on low level, the list of capabilities and possible applications that beside authentication includes also document signature, crypto-currency, blockchain and change management.

iKey 2032 Security token in Rohos Logon Key

22nd February 2013/in authentication devices, Reviews /by Igor

iKey 1000/1032 security token is designed for fast and easy integration with various authorization systems. The compact low-cost token supports PKCS#11 and has a built-in encryption process. It is used for user identification and two-factor authentication.

Rohos Logon Key generates two-factor user authentication in Windows or on the Terminal Server by means of electronic keys. It securely stores the user account data: login and password on the token, smartcard and other hardware encryption devices.

Before you start using iKey 1032\2032 in Rohos Logon Key, you first need to configure the iKey with the help of iKey Token Utility .

Windows login with secure RFID token Wireless PC Lock

12th July 2011/in Reviews, RFID /by Igor

“Wireless PC Lock” devices are now available in Rohos Logon Key. Wireless PC Lock (read more…): model KW-101, model KW-102 with Timer by SPIRIT-ON Enterprise Co. Ltd, Wireless PC Lock V 900 by VSON TECH Ltd have been integrated in Rohos Logon Key v. 2.9

Standard features of the Wireless PC Lock :

Lock/unlock Windows desktop using wireless RFID tag
Effective range 6-8 meters.
Your have the transmitter in the pocket, the RFID signal will be received automatically.Â And You donâ€™t have to plug in the device into PC each time (like regular USB Keys supported by Rohos Logon)
Password backup – unlock desktop by a password if your RFID tag is lost or not available now.

A few disadvantages:

– If you use passwod for Windows login – you need to enter it anyway to start your Windows or unlock it (after a Sleep for example).
– When you start your Windows the PC Lock program start working with a 5 second delay thus leave your desktop unlocked for a while.Â
– When you load Windows in Safe Mode the PC Lock doesnt work

Benefits of Rohos Logon Key + Wireless PC Lock :

Windows authentication support â€“ replaces your Windows password with Wireless PC Lock tag.
Windows login and screensaver unlock by Wireless tag – no need to remember and enter your Windows password.
Possibility not only to lock desktop but also to Log Off, Hibernate (Sleep) or activate secure screensaver when you step away from PC with Wireless RFID tag in the pocket.
Allows to set up several RFID tags (transmitters) for access to one computer.
Rohos protect login even in Windows Safe Mode .
Emergency Logon in case your RFID tag is broken or lost.

How to set up Wireless PC tokens for Windows login:

No mater what model of PC Lock you use, the procedure is the same. Install Rohos Logon Key to your computer. In Rohos Option window choose the type of the authentication device â€œPC Lock USB dongleâ€.

Data security and authentication with Kanguru USB drive

18th May 2010/in Reviews, USB & flash drives /by Igor

These days login-mania requirement is to keep your data secure while maintaining your sanity. This time weâ€™d like to present you authentication solution for Windows logon – Rohos Logon Key with Kanguru Defender, a hard combination to beat, regardless of what others may say.

The Kanguru Defender is a highly secure hardware encryption device that might meet or even exceed your security pretensions. Comparing it to previously reviewed IronKey we should emphasize that it’s easy to use and quite affordable – $49 USD.

Kanguru takes two-step approach to securing sensitive data:

At the device level Kanguru starts with military grade hardware based AES encryption.
Adds the ability to remotely manage your Kanguru Defender from a central location. The Kanguru Defender does not come with KRMC enabled by default. (for more information about KRMC, visit: http://shop.kanguru.com/index.php/flash-management/krmc)

Main features:

Password protected and encrypted data partition for your secure files
Does NOT require Admin privileges on any PC to open secure partition.
Write protect switch (actually this may safe you from viruses on guest PC)
Has only 1 secret drive. There is no Open and Secret partition options.
Password reset allow to turn USB drive configuration into factory defaults and create new password once again.

Yubikey 2.0 Setup Dynamic configuration for Rohos Logon with static AES key

30th April 2010/in otp, Reviews, USB & flash drives /by Igor

Some time ago we got YubiKey 2.0. and YubiKey 2.0 RFID devices from Yubico. Both of them are 2.01.1 firmware versions. The newer key (on the picture is above) a bit thicker, has a special circular press area and the body is more steady.

The Yubikey is a One-Time-Password token that works via the USB keyboard interface. New generation of Yubikeys also combines 2 devices in 1 Yubikey: OTP + RFID or OTP + 1 static password generator. OTP + OATH OTP (Firmware 2.1). Also Yubikey has many changes on backed.

What’s new in Yubikey 2.0:

Improved security.
Yubikey allows to have 2 configurations. Many YubiKey users wanted to have possibility to use YubiKey as static password generator + OTP token. Here it is.
Beautiful and easy to use Configuration Utility.
Dual-device: Yubikey + RFID (Classic Mifare 1k) or OATH 6 or 8 digit code identity.
New Yubico validation server:
+ allows uploading custom AES keys.
+ allows revoking Yubikeys
+ Validation protocol 2.0
Yubikey solutions Wiki – the list of the vendors, integrators and software that work with Yubikey.

Configuration Utility

allows reprograming Yubikey Configuration #1 or Configuration #2.

Second Configuration

YubiKey 2.0 works in the press-and-hold fashion. First off, the presses are time based. Where in v.1 you held it down until it started printing out the characters, with v.2.0 you make short press for the first config and long press (2.5 – 5 seconds technically) to generate second config OTP. Please note Yubikey configuration #2 has a feature allowing use to update static password if you press and hold the key for 8-15 seconds.

By default, Rohos Logon Key works with v.2 as usual but one customer was sent raw YubiKeys (version 2.1.1 not being configured) . So he asked us to give a step-by-step guide on how to set up YubiKey with Rohos Logon if Yubikey is not configured with OTP.

Here you may download the Guide – Yubikey 2.0 Setup Dynamic configuration for Rohos Logon with static AES

Ironkey security review (part 2).

22nd April 2010/in Reviews, USB & flash drives /by Igor

We go on with tests with IronKey. And in this part we’d like to tell you more about the features and functionality of the drive.Â The new S200 IronKey model is now compatible with Windows 7. The IronKey S200 1GB is high end and its price reflects that – 79$ USD. Our verdict for this part: screwed-on device and features that makes USB flash drive the most secure and user life a bit complicated.

“Iron grip” over your PC and data. Rohos Logon Key for Windows/Mac with Ironkey (part 1).

19th April 2010/in Reviews, USB & flash drives /by Igor

Protect your PC: Get the latest security updates … “Two factor authentication solutions…”. You may find answers to these questions and many more on computer security using usual Google search engine. And yes, there is a wide range of solutions offered to users to make them less worry about their precious private data on their PCs or portable storage device.

Recently three hardware encryption devices have been delivered – IronKey Personal S200 1Gb, Kanguru Defender 1Gb and DataTraveler Vault Kingston 2Gb. This time we’d like to present you the review of IronKey that arrived at our lab to everyone’s joy. Long -awaited possibility to play around with this highly praised flash drive and set it up for secure Windows login with Rohos Logon Key is now available. Let’s start with getting to know more about the flash drive itself.

Core Features:

Hardware-Encrypted Flash Drive
Self-Destruct Sequence
Anti-Malware Autorun Protection
Portable Cross-Platform Data Access
Simple Device Management
Secure Data Recovery

Learn more about these and other IronKey’s features in part 2 of the review.

BioSlimDisk biometric security token, Review, Comparison.

14th January 2010/in Biometric security, Reviews, USB & flash drives /by Igor

Dear friends, recently we have covered “BioSlimDisk Signature” compatibility with some Rohos products. Now it’s time to review device security capabilities, compare it with other Biometric USB flash drives with fingerprint scanners and give you some hi-res photos of the device.

In brief, BioSlimDisk is a USB flash drive with hardware level encryption (AES 256 bit key length) and hardware level Biometric authentication.

What are strategies for protecting against two-factor authentication vulnerabilities?

P2P encryption ownership in secure online storage products (Mega.nz, OneDrive)

FIDO U2F security keys’ review: authentication, digital signature or blockchain?

Research on Security Keys

Ironkey security review (part 2).

BioSlimDisk biometric security token, Review, Comparison.

Recent news

Information

Solutions