Future Systems FCX200B Secuway Card 2000 User Manual users manual
Future Systems, Inc. Secuway Card 2000 users manual
users manual
DASTEK EMC Lab,
DASTEK EMC Lab,DASTEK EMC Lab,
DASTEK EMC Lab, 204 Chuge-Ri Yangji-Myeon Yongin-Shi Kyunggi-Do,Korea
Tel:82-31-335-9341 Fax: 82-31-335-9343
!"#$%!&'#() *"+##()#")#,*(,-.%(,)./.'&012!) ) #0!'!)"-.3*0*"",!4!)*0
,#5!/#&%3"%*()).&*3).-) #%0#" #"#0!'!)"*3#,#"!4(#,).&3.5!,#3#*".(*+0#
&3.)#/)!.(*4*!(") *3'-%0!()#3-#3#(/#!(*3#"!,#()!*0!(")*00*)!.( !"#$%!&'#()4#(#3*)#"
%"#"*(,/*(3*,!*)#3*,!.-3#$%#(/1#(#341*(,!-(.)!(")*00#,*(,%"#,!(*//.3,*(/#2!)
) #!(")3%/)!.("'*1/*%"# *3'-%0!()#3-#3#(/#).3*,!./.''%(!/*)!.(.2#5#3) #3#!"
(.4%*3*()##) *)!()#3-#3#(/#2!00(.).//%3!(*&*3)!/%0*3!(")*00*)!.(-) !"#$%!&'#(),.#"
/*%"# *3'-%0!()#3-#3#(/#).3*,!..3)#0#5!"!.(3#/#&)!.(2 !/ /*(+#,#)#3'!(#,+1
)%3(!(4) ##$%!&'#().--*(,.() #%"#3!"#(/.%3*4#,).)31)./.33#/)) #!()#3-#3#(/#+1
.(#.3'.3#.-) #-.00.2!(4'#*"%3#"
6#.3!#().33#0./*)#) #3#/#!5!(4*()#((*
6(/3#*"#) #"#&*3*)!.(+#)2##() ##$%!&'#()*(,3#/#!5#3
6.((#/)) ##$%!&'#()!().*(.%)0#).(*.!3/%!),!--#3#(/#-3.'
) *)).2 !/ ) #3#/#!5#3!"/.((#/)#,
6.("%0)) #,#*0#3.-*(#7!#(/#,3*,!.8)#/ (!/!*(-.3 #0&
!"%(!)2*")#")#,2!) " !#0,#,/*+0#".() #!& #3*0,#5!/#" !#0,#,/*+0#"
'%")+#%"#,2!) ) #%(!)).!("%3#/.'&0!*(/#
#'*(%-*/)%3#3!"(.)3#"&.("!+0#-.3*(13*,!..3!()#3-#3#(/#/*%"#,+1
%(*%) .3!9#,'.,!-!/*)!.(").) !"#$%!&'#()%/ '.,!-!/*)!.("/.%0,5.!,) #%"#3:"
*%) .3!)1)..*)#) ##$%!&'#()
Part 1
SecuwayCard 2000
Installation
1-1
Chapter 1 SecuwayCard 2000?
The SecuwayCard 2000 is a part of the SecuwaySuite 2000
package as mentioned previously on this manual. Cooperating with the
SecuwayCenter 2000, SecuwayGate 2000,
SecuwayClient 2000 and SecuwayCard 2000 provides the
End-to-End total security solution from sender to receiver.
SecuwayCard 2000 provides Network communication security
service that encrypts/decrypts the network packet using key management
method based on IPSEC. SecuwayCard 2000 also gives you the
hardware security token function that encrypts/decrypts the hard disk,
floppy disk and booting restriction program which allows only authorized
user to use the system from booting. The booting restriction program is
optional part and you can install it regardless of SecuwayCard 2000.
SecuwayCard 2000 have the security policy and the key received
from SecuwayCenter 2000 administrator. SecuwayCard 2000
uses the key and security policy for network communication. You can use
the security function easily without any other operation because it is
provided automatically only by installing the PCMCIA card on the
computer with which you use the SecuwayCard 2000.
SecuwayCard 2000 can be easily installed and used transparently
not only on the Desktop PC but also Note PC because its hardware is
provided with the type of PCMCIA card.
1-2 Chapter 1
SecuwayCard 2000?
SecuwayCard 2000
Features
SecuwayCard 2000 has the following features.
Obey the IPSEC
SecuwayCard 2000 obeys the IPSEC(Internet Protocol Security)
while doing the TCP/IP communication. And so, the user can send the
encrypted data safely to the destination when using the application.
Communication data encryption
SecuwayCard 2000 consists of AH(Authentication Header) and ESP
(Encapsulated Security Payload). AH authenticates the sending place of IP
packet and check if the packet is transformed illegally or not. ESP provides
the security service by encrypting the packet data.
PCMCIA type of security token
SecuwayCard 2000 provides with the transparency on the user
security circumstances and is easily installed and used on the Desktop PC
or Note PC that has PCMCIA card reader because its hardware is provided
as PCMCIA type of security token.
File/Folder Encryption/Decryption
If you log on the SecuwayCard 2000 Manager program, you can
encrypt or decrypt the file or folder on the Windows Explorer without
running any other program. You can select the way to encrypt or decrypt
the file or folder between the “Password Method Encryption” and “Auto
Encryption”. “Auto Encryption” is the way to use the key received from
SecuwayCenter 2000 for encrypting or decrypting the file or folder.
1-3
Various password algorithm/authentication algorithm
SecuwayCard 2000 adopts various password algorithm and
authentication algorithm while doing the network communication.
System locking function using screen saver
SecuwayCard 2000 provides the system locking function as running
the screen saver if you leave the computer or do not input any other keys
in restricted time. If the screen saver is running, you can use the system
only after successful authentication using the permitted password.
Various interfaces
You can set the SecuwayCard 2000 user interface in 3 ways by
cooperating with the SecuwayCenter 2000. If you want to hide the
setting status of the SecuwayCard 2000 from the user, you can
select the item that has no user interface on the SecuwayCenter
2000 and send it online.
TamperProof hardware security
If unauthorized user takes apart the SecuwayCard 2000 hardware or
tries to access to the memory, the password algorithm, key for
encryption/decryption and other security information saved in
SecuwayCard 2000 is deleted automatically to protect from leaking
information.
Log saving function
The user executing circumstances of the SecuwayCard 2000
Manager program is saved on the log and so the manager can easily
monitor or track the system.
2-1
Chapter 2 Before Setting Up the
SecuwayCard 2000
This chapter tells you the system requirements to set up the
SecuwayCard 2000 and some notices you should know before
setting up the SecuwayCard 2000.
System Requirements
The system requirement to setup the SecuwayCard 2000 is like the
following.
!" 486 Mhz CPU or higher PC
!" Windows 95, Windows 98, Windows Me (Installed in PC)
!" Networking environment using Microsoft TCP/IP protocol stack
!" Desktop PC or Note PC installed with PCMCIA card reader
If you use Note PC, you can install the SecuwayCard 2000 in
your Note PC without installing any other application program
because PCMCIA card reader is already installed in Note PC
basically. If you use Desktop PC, you should install the PCMCIA
card reader program before installing the SecuwayCard
2000 because PCMCIA card reader is not installed in Note PC
basically.
2-2 Chapter 2
Before Setting Up the SecuwayCard 2000
Checking the contents of the package
When you unpack the SecuwayCard 2000 package box, you can find
out the following things in the box. If any of them is not in the box or there
is anything to be changed because it is damaged, contact to the dealer.
!" SecuwayCard 2000 card (PCMCIA type)
!" SecuwayCard 2000 program CD that contains the
SecuwayCard 2000 manager program.
!" This guide
3-1
Chapter 3 Setting Up the SecuwayCard
2000
This chapter shows you the way to install the hardware and software of the
SecuwayCard 2000.
Installing the
SecuwayCard 2000
in the
computer
Let’s see the way to install the SecuwayCard 2000 in the Note PC or
Desktop PC.
Installing the SecuwayCard 2000 in the Note PC
If you are to install the SecuwayCard 2000 in the Note PC, follow
the steps below
This guide describes the way to install the SecuwayCard
2000 in the Note PC in which Windows Me operating system is
installed as an example.
# Insert the SecuwayCard 2000 in the PCMCIA card slot of Note
PC while the power of Note PC is off.
$ Turn on the power of Note PC and then the Windows Me operating
system shows you the following message after finding out the
SecuwayCard 2000 as the new hardware.
3-2 Chapter 3
Setting Up the SecuwayCard 2000
% In a few seconds, the installation process for the SecuwayCard
2000 driver is started.
Select the “Automatic search for a better driver(Recommended)” and
click [Next>] button.
& After the operating system find out the driver for SecuwayCard
2000 on the CD-ROM and then the following message is displayed.
If you click [Next>] button, then the installation process of the
SecuwayCard 2000 driver is started.
3-3
' After the copying process of the SecuwayCard 2000 driver
installation program is completed, the following message is displayed.
Click the [Finish] button.
( The final step of driver installation process is started with the following
message.
To click [Yes] and reboot the computer is recommended at this time.
After rebooting the computer, the installation process of the
SecuwayCard 2000 driver program is finished.
3-4 Chapter 3
Setting Up the SecuwayCard 2000
) After finishing the installation process of the SecuwayCard 2000
driver program, select the menu <Start> * <Settings> * <Control
Panel>.
+ Then click the icon <System> on the Control Panel. On the <System
Properties> screen, select <Device Manager> tab. Then you can find
out the SecuwayCard 2000 installation status under the
“PCMCIA socket” item like the following.
Now the SecuwayCard 2000 hardware installation process on
the Note PC is completed.
3-5
Installing the SecuwayCard 2000 in the Desk top PC
Generally, most of the Desktop PC has no built in PCMCIA card reader.
And so, you must install the PCMCIA card reader on the Desktop PC
before installing the SecuwayCard 2000.
PCMCIA card reader is provided with ISA type, PCI type and so
on. The PCMCIA card installation program is provided by the
vender or operating system. If the installation program is
provided by the operating system, the way to install it is very
simple. If the operating system provides the PnP(Plug & Play)
function, you can install it just by insert the card in the slot.
After installing the PCMCIA card reader, follow the steps of the
installation process of the SecuwayCard 2000 hardware on the Note
PC.
3-6 Chapter 3
Setting Up the SecuwayCard 2000
Installing the
SecuwayCard 2000
software
driver
If you have finally installed the SecuwayCard 2000 hardware in your
Note PC or Desktop PC, then you should install the software driver like
the following.
This guide shows you the case of using the operating system
Windwos ME as an example. If you use the Windows 95 or
Windows 98, the screen displays of the SecuwayCard 2000
installation process may be slightly different from those of this
guide.
# Turn on the Note PC in which you are to install the SecuwayCard
2000 program and run the Windows Me.
When you complete the installation of the SecuwayCard
2000 program, you should reboot the computer. So, if you’re
running the other programs, you’d better save and exit them
safely before installing the SecuwayCard 2000 program.
3-7
$ SecuwayCard 2000 program is provided with CD. Insert the
SecuwayCard 2000 driver CD in the CD-ROM drive of PC. And
click “setup.exe” among the files on the CD. Then the following screen
is displayed.
% Click [Next] button and then the <Software License Agreement> is
displayed. Read the text very carefully and you agree to the contents,
click [Yes] button.
& <Choose Destination Location> screen which is to select the
destination folder is displayed.
Basically the folder “C:\…\Program Files\FUTURE\SecuwayCard
2000” is selected but you can change the folder as you want. If you
want to select other folder, click [Browse…] button and select the
folder you want. After selecting the folder, click [Next>] button.
3-8 Chapter 3
Setting Up the SecuwayCard 2000
' “Select Program Folder” screen is displayed. The screen is to add the
program folder for the SecuwayCard 2000 program. Basically,
“SecuwayCard 2000” is selected but you can select one of
existing folders or set the new one.
After setting the folder, click [Next>] button.
( Then the program copying is started. While copying the program, the
copying ratio screen is displayed.
After copying the files, the steps for installing the L2TP(Layer2
Tunneling Protocol) driver may be displayed. In this case, do not
stop it and just wait. In the case that the steps for installing the
L2TP driver is not disaplayed, you should also stop it and just wait
because the driver is not necessary on your circumstances.
3-9
) After completing the copy process, <Setup Complete> screen is
displayed.
To use the SecuwayCard 2000 normally, you should reboot the
computer at this time. Select <Yes, I want to restart my computer
now> and then click [Finish] button. Then the computer is rebooted.
After the rebooting, <Security Register Wizard> screen is displayed.
You can log on the SecuwayCard 2000 Manager program and set
the administration process only after
you registering the security
through the <Security Register Wizard> The way to register
the
security through the <Security Register Wizard> is introduced on the
Chapter 4 of this guide.
4-1
Chapter 4 Online Security Registration
This chapter guides you to precede the Online Security Registration after
installing the SecuwayCard 2000.
Online Security Registration?
You should do the Online Security Registration process in order to use the
user authentication and data encryption function provided by the
SecuwayCard 2000.
When you complete the online registration, you can receive the security
key from the SecuwayCenter 2000 that is necessary for the user
authentication and data encryption. You can communicate with other hosts
using this security key after online security registration
! The <Security Register Wizard> program which is used for
online security registration is executed automatically once only
after installing the SecuwayCard 2000 program and
rebooting the computer. If you do not online registeration at
this time, you can execute the <Security Register Wizard>
program manually like this. Execute <Start> * <Program>
* <SecuwayCard 2000> * <SecuwayCard 2000
Manager program> and then the <Security Register
Wizard> program is displayed.
! If you are using the SecuwayCard 2000 Manager program
want to remove and reinstall the program, you should do the
online security registration again.
4-2 Chapter 4
Online Security Registration
Now let’s see the steps for online security registration using the
<Security Register Wizard> program.
# After copying the installation program and rebooting the system, the
SecuwayCard 2000 displays the <Security Register Wizard>
screen.
Click [Next>] button after reading the “Security Token Initialize”
information on the screen.
$ Then the following screen to select the Security Register Method is
displayed. You should move the mouse while the following screen is
displayed.
There are two kinds of ways for security registration.
!"Offline Regist (Using file for security token setup) : It is the way to
regist security using the diskette received from the
SecuwayCenter 2000.
!"Online Regist : It is the way to send and receive the key via
network that is necessary for security communication.
Select <Online Regist> on the <Security Register Method> and click
the [Next>] button.
4-3
If the SecuwayCard 2000 is not installed in your computer
when you register the security or the computer can not perceive
the SecuwayCard 2000 which is installed, the following
screen is displayed.
After check and reinstall the SecuwayCard 2000 normally
and click [Token Query], then you can do the following steps
% The following step is to input properties for Online Security
Registration.
The meaning and available input values of each item are like the
following.
4-4 Chapter 4
Online Security Registration
You should receive and input the available values of each items
from the administrator of the SecuwayCenter.
Using L2TP Tunneling
L2TP (Layer 2 Tunneling Protocol) allows the remote users to
communicate safely with the internal network through tunneling protocol.
!" L2TP IP : If you are to use L2TP function, you should input the
SecuwayGate 2000 IP address that can assign the new IP
address for tunneling on the <L2TP IP> item
SecuwayCenter
This is the information of the SecuwayCenter 2000 connected with
the SecuwayGate 2000.
!" IP Addr: Input the IP address of SecuwayCenter 2000 from
which you can receive the security key and policy via Online Security
Registration of the SecuwayCard 2000.
!" Reg Port: Means the UDP port that can set, cancel, or exchange the
information with the SecuwayCenter 2000 for online security
registration. UDP 501 is set as the authentication port on the
SecuwayCard 2000.
Only the IP address of SecuwayCenter 2000 that can
respond to your request of Online Security Registration should be
input on the “IP Addr” item.
Online Register Profile Info
This item is for input the Profile ID, Profile Index, and Profile Password
that are used by the SecuwayCard 2000 while Online Security
Registration.
4-5
You should receive each value of these items from the
SecuwayCenter 2000 administrator. If you input uncorrected values
on these items, the Online Security Registration process is not executed.
After input the Online Security Registration information, click the [Next>]
button.
& Then the Online Security Registration information you set is displayed
like the following.
After reading it carefully and click [Register Done] button if there are
no uncorrected values.
' Then the Online Security Registration is started with the following
screen.
4-6 Chapter 4
Online Security Registration
If the Online Security Registration is completed, [Register Done] button is
changed to be selectable.
When you click [Register Done] button, the Online Security Registration
process is finished. If the Online Security Registration is completed
normally, the <SecuwayCard 2000 Manager> log on screen is
displayed like the following.
For the detailed information of logging on and operating the
<SecuwayCard 2000 Manager> program, see the Part 2 of this
manual.
Do not remove the SecuwayCard 2000 hardware from the
PCMCIA card reader while doing the Online Security Registration.
If you enter the uncorrect values for the Online Security
Registration, an error message is displayed. At this time, click
[Back] button to go back to the previous screen and change the
values to the correct one and go on.
5-1
Chapter 5 Uninstalling the
SecuwayCard 2000
This chapter describes the way to uninstall the SecuwayCard 2000
program because there are any problems on the program after installing it.
You may not be able to uninstall the SecuwayCard 2000
manager program completely while running it. Close the
program before uninstalling it.
# Select the <Start> * <Program> * <SecuwayCard 2000>
* <Remove SecuwayCard 2000>.
$ The <Confirm File Deletion> message is displayed.
If you click [Yes], the SecuwayCard 2000 program is removed.
6-1
Chapter 6 Installing the Booting Restriction
Program
This chapter tells you the way to install the more powerful security
restriction program from the booting procedure which allows only
authorized user to use the system.
Using this program, only the user who encrypts using the MBR (Master
Boot Record) and then log on the SecuwayCard 2000 can boot the
system after decrypt the MBR information.
The Booting Restriction Program is optional product and you can
select if installing it or not.
The Booting Restriction Program should be installed only after
installing the SecuwayCard 2000. Only the system security
manager should do Installing and Removing the Booting
Restriction Program.
6-2 Chapter 6
Installing the Booting Restriction Program
Contents of the Booting Restriction Program
The Booting Restriction Program is provided with the diskette and
consists of the following files.
!" install.exe : is used for installing the Booting Restriction Program.
!" uninstall.exe : is used for removing the Booting Restriction
Program.
!" loader.img : is the Booting Restriction Program which allows to
boot cooperating with the SecuwayCard 2000.
!" win.com : is provided by the Booting Restriction Program and
different from the one provided by the Windows program.
!" chgwin.bat : is created when the Booting Restriction Program is
removed. This batch program changes the win.com provided by the
Booting Restriction Program to the one provided by the Windows
program.
6-3
The Steps for installing the Booting Restriction
Program
The Steps for installing the Booting Restriction Program is like the
following.
# At first, boot the system with the safe mode. For booting with the safe
mode, press F8 while the system is booting the Windows operating
system after power on.
$ Insert the SecuwayCard 2000 hardware in the PCMCIA slot of
your computer and the Booting Restriction Program diskette in the
diskette drive.
Depending on your Note PC model, you should probably set the
“Plug&Play” item as “No” on the BIOS setup to allow the
computer perceive the SecuwayCard. The name “Plug&Play”
can be different depending on your Note PC model. For more
detailed information about it, see the user guide provided with
your Note PC.
% Execute the “install loader.img” command in the diskette like
the following.
Syntax
A:> install loader.img [retrialCount] [y|n] [master boot image name
to be saved]
Option
[retrial Count] : If you input the incorrect password repeatedly up to
the times you set this option, the data on the harddisk drive is removed.
6-4 Chapter 6
Installing the Booting Restriction Program
[y|n] : If you set this option as “y” and input the incorrect password
repeatedly up to the times you set this option, the data on the harddisk
drive is removed. If you set this option as “n” and input the incorrect
password repeatedly over the times you set this option, the system is
stopped running without removing the data on the harddisk drive.
Example
A:> install loader.img 10 y img_0267.dat [ENTER]
The previous example shows the case that you set the option
[retrialCount] as “10” and “y”. In this case, if you input the incorrect
password over 10 times while booting the system, the data on the
harddisk drive is removed. If you set “n” instead of “y” at this option
and input the incorrect password repeatedly over 10 times, the system
is stopped running without removing the data on the harddisk drive. In
this case, the SecuwayCard 2000 is initialized at this time and so
you should receive the SecuwayCard 2000 security key from the
SecuwayCenter 2000 manager again to use it.
img_0267.dat is the name of the master boot image file. If you
do not set it especially, the name is created automatically as the
one related with the serial number of the SecuwayCard
2000.
After executing “install loader.img”, the MBR (Master Boot Record)
is created on the floppy disk. This file should be saved safely
because it is used when you execute “uninstall.exe” to remove the
Boot Restriction Program.
6-5
& If you complete to install the Boot Restriction Program, reboot the
system. At this time it is recommended to reboot the system using the
power button.
If the Boot Restriction Program is installed normally, the message that
requests you to input the log on name and password is displayed before
booting. If you input the log on name and password correctly, the
system will boot like the general system. If you don’t input the log on
name and password as you received from the SecuwayCenter
2000, the system will not boot.
If you install the Boot Restriction Program on your computer, the
system can’t boot without the SecuwayCard 2000 hardware.
6-6 Chapter 6
Installing the Booting Restriction Program
The Steps for removing the Booting Restriction
Program
The manager can remove the Booting Restriction Program anytime. To
remove the Booting Restriction Program, you should do the process using
the Master boot image file which is created when you install the program.
# Insert the bootable disk in the diskette drive of your computer and boot
the computer.
You must boot the system using the bootable diskette because the
Partition table cannot be restored if you boot the system on the
harddisk drive.
$ Execute the “uninstall” program like the following steps.
Syntax
A:> uninstall [Master boot image file name] [ENTER]
Example
A:> uninstall img_0267.dat [ENTER]
Restoring Original MBR is finished.
For complete uninstall, Please reboot by this floppy diskette and run
a:\chgwin.bat!
% Boot the system using the bootable diskette. After booting the system,
execute “chgwin.bat” on the diskette. This batch file is created
automatically when you execute the “uninstall” command. Then the
“win.com” file provided by the Booting Restriction Program is replaced
with the one provided by the Windows program.
6-7
To execute the “chgwin.bat” is like the following
A:> chgwin.bat [ENTER]
Then you can confirm the restoration process like the following.
Del C :\WIN98\WIN.COM
Copy C :\WIN98\WINA.COM C:\WIN98\WIN.COM
Del C :\WIN98\WINA.COM
You should follow the notices below when using the Booting
Restriction Program.
! To use the program that modifies the partition program like
fdisk, you should remove the Booting Restriction Program in
advance.
! You should install the ZIP driver before installing the Booting
Restriction Program because it is impossible to install the ZIP
driver after installing the Booting Restriction Program.
! You must boot the system using the bootable diskette and
execute the uninstall program of the Booting Restriction
Program because the Partition table can not be restored if you
boot the system on the harddisk drive.
! If the Booting Restriction Program is removed, only the name of
the “win.com” is changed to “wina.com”. You should execute
the “chgwin.bat” after uninstalling the Booting Restriction
Program and booting with the bootable diskette. Or you should
replace the name “wina.com” on the Windows directory with
“win.com” after booting on “safe mode only”. You should
delete “win.com” (the size is about 9KB) which is installed by the
Booting Restriction Program.
Part 2
SecuwayCard 2000
Administration
1-1
Chapter 1 Logging On and Off the
SecuwayCard 2000
Manager Program
This chapter tells you the way to log on and off the SecuwayCard
2000 Manager program.
Logging on the
SecuwayCard 2000
Manager
Program
To log on the SecuwayCard 2000 Manager Program, follow the
instructions below.
Check if the SecuwayCard 2000 Manager Program is
installed normally before login on the program. See the Part 1 for
the description of the way to install the program.
# Select <Start> * <Program> * <SecuwayCard 2000> *
<SecuwayCard Manager>. Then the following message
requests you to input the user ID and password.
Input the available ID and password received from the
SecuwayCenter 2000 manager. When you click [OK] after input
ID and password, you can log on the SecuwayCard 2000 program.
1-2 Chapter 1
Logging On and Off the SecuwayCard 2000 Manager Program
If you have input the incorrect password over 10 times, you can’t
log on the SecuwayCard 2000 although you input correct
password finally because of the locking function. In this case, you
should request to the manager to log on.
$ While you’re logging on the SecuwayCard 2000 program, the
following icon is placed on the bottom of the Windows.
Click the icon then the main window of the SecuwayCard 2000
manager program is displayed.
1-3
If you logging on the SecuwayCard 2000 Manager
program for the first time after installing it
If you logging on the SecuwayCard 2000 Manager program for the
first time after installing it, the following confirm message is displayed.
Click [OK] then the <Setting
System Security Default
Value> screen is displayed.
See the “Chapter 2 : Setting the
Security functions” for the
detailed information of the
features and the available
options on the screen.
1-4 Chapter 1
Logging On and Off the SecuwayCard 2000 Manager Program
Logging off the
SecuwayCard 2000
Manager
Program
To log off the SecuwayCard 2000 Manager Program, follow the
instructions below.
If you log off the SecuwayCard 2000 Manager Program, click the
right button of the mouse while selecting the icon .
Then the following menu is displayed.
Select <Exit(X)> from the menu. Then the following message is displayed.
Click [Yes] and then the SecuwayCard 2000 manager program is
closed. If the SecuwayCard 2000 is closed, the icon on the
bottom of the Windows is disappeared.
2-1
Chapter 2 Setting the Security Functions
This Chapter describes how to set and use the security functions provided
by SecuwayCard 2000 Manager program.
Using the security functions of SecuwayCard 2000, you can encrypt
or decrypt the folder or file. Under the case that the multi users are
registered on the SecuwayCard 2000 program, you can set if any
users can access the file or folder and make the accessible user lists.
Execute the System Security function
To set the system security functions, select the
6th command <Setting System Security Default
Value> on the <System(S)> menu of
SecuwayCard 2000 Manager program.
When you log on SecuwayCard 2000 Manager program for
the first time after install it, the<Setting System Security Default
Value> screen is displayed.
If you select <Setting System Security Default Value>, the following
screen to input password is displayed again although you have already
input password when log in SecuwayCard 2000 Manager program.
2-2 Chapter 2
Setting the Security Functions
If you enter the password correctly, <Setting System Security Default
Value> screen is displayed.
When you log on SecuwayCard 2000 Manager program for
the first time after install it, the<Setting System Security Default
Value> screen is displayed.
The detailed information of each items are like the following.
<Default Setting Up> tab
On the <Default Setting Up> tab, you can set the basic functions of the
system security. The parameters you set on these items will be the default
value of file or folder encryption or decryption.
The meanings and functions of each item are described below:
2-3
<Security File and Folder Property when closing Manager>
This item is to set the file and folder property when closing
SecuwayCard 2000 Manager program. The features of each option
are like the following.
Hide Security File and Folder
If you select this option, encrypted file or folder are not displayed on the
Windows Explorer after closing SecuwayCard 2000 Manager
program.
This is to protect from the access of unauthorized users (who do not log on
with permitted password) to the encrypted file or folder as hiding the
encrypted file or folder on the Windows Explorer.
Show Security File and Folder
If you select this option, encrypted file or folder are displayed on the
Windows Explorer after closing SecuwayCard 2000 Manager
program. But unauthorized user cannot open the encrypted file or folder
because they should input the password when they open the file or folder.
Show Security File only
If you select this option, encrypted files are displayed (but encrypted
folders are not displayed) on the Windows Explorer after closing
SecuwayCard 2000 Manager program. But unauthorized user cannot
open the encrypted file because they should input the password when they
open the file.
2-4 Chapter 2
Setting the Security Functions
<Apply Property at System Security>
This item is to select if set Security property differently each time when
encrypt file or folder, or set the same Security property after setting it
once.
Always Apply System Security by Next Property
If you select this option, the same Security property is adopt to file or
folder when encrypt file or folder after setting it once.
Each Time, Activate Property Window
If you select this option, the same Security property is adopt to file or
folder when encrypt file or folder after setting it once.
<Folder Encryption>/<File Encryption>
There are two ways to encrypt folder or file like the following.
AutoEncryption
If you select this option, you need not set the password differently each
time when encrypt or decrypt file or folder. The security key allotted by
SecuwayCenter 2000 when you register online security is used
when encrypt or decrypt file or folder as a default.
Password Method Encryption
If you select this option, you can set the password differently each time
when encrypt or decrypt file or folder.
If you select “Password Method Encryption” on the <Type> of <Folder
Encryption> or <File Encryption> item, <Password> changes to blank
space where you can input any password.
Input any password on the <Password> you want.
2-5
If you select “Password Method Encryption”, you should
remember the password. If you forget the password, you can’t
open the encrypted file or folder.
About the way to encrypt or decrypt the file or folder, see the “ To
encrypt or decrypt the folder” or “ To encrypt or decrypt the file”
on this chapter.
<User Authority Setting Up> tab
You can set the items on this tab to protect from the access of
unauthorized user to the encrypted file or folder.
2-6 Chapter 2
Setting the Security Functions
<Default Authority>
This option is to set the access authority which is allotted to all the users
commonly. For example, if you select “List Authority”, List Authority is
allotted to all the users who are listed on the “Users”.
<Individual Authority>
This option is to set the access authority which is allotted to the registered
users individually. Select the user you want to allot the authority and then
select the appropriate authority to him.
To copy the file or folder
For example, if you want to copy the encrypted file/folder A to the
file/folder B, allot the List and Access authority to the user who use the
file/folder A and allot the List and Write authority to the user who use the
file/folder B.
2-7
To encrypt or decrypt the folder
This section describes the way to encrypt or decrypt the folder.
! Encryption? : The transformation of data into a form
unreadable by anyone without a secret decryption key. Its
purpose is to ensure privacy by keeping the informationn
hidden from anyone for whom it is not intended.
! Decryption? : The transformation of data that is encrypted once
into a form readerble one again.
To encrypt the folder
The way to encrypt the folder is like the following.
# To encrypt the folder, you should install the SecuwayCard 2000
hardware and software in advance. Please read the Part 1 of this
manual about the way to install SecuwayCard 2000 and check it
is normally operated on your computer.
$ Log on the SecuwayCard 2000 Manager program.
2-8 Chapter 2
Setting the Security Functions
% Run the Windows Explorer. Select the folder you want to encrypt on
the Windows Explorer and then click the right button of the mouse.
The submenu is displayed like the following.
& Select <Folder Encryption>. The following message is displayed.
Click [Yes].
2-9
' Then the following screen to set the folder encryption is displayed.
If you click [Encrypt] button after setting each items, the folder is
encrypted. The feature and meaning of each item is like the following.
<Folder Encryption>
There are two ways to encrypt folder like the following.
AutoEncryption
If you select this option, you need not set the password differently each
time when encrypt or decrypt the folder. The security key allotted by
SecuwayCenter 2000 when you register online security is used
when encrypt or decrypt the folder as a default.
Select the encryption
type.
This option is to set the
access authority which
is allotted to all the
users commonl
y
.
This option is to set the
access authority which
is allotted to the
registered users
individually
2-10 Chapter 2
Setting the Security Functions
Password Method Encryption
If you select this option, you can set the password differently each time
when encrypt or decrypt the folder. If you select “Password Method
Encryption” on the <Type> of <Folder Encryption> item, <Password>
changes to blank space where you can input any password.
If you select “Password Method Encryption”, you should
remember the password. If you forget the password, you can’t
open the encrypted folder.
<Default Authority>
This option is to set the access authority which is allotted to all the users
commonly. For example, if you select “List Authority”, List Authority is
allotted to all the users who are listed on the “Users”.
<Individual Authority>
This option is to set the access authority which is allotted to the registered
users individually. Select the user you want to allot the authority and then
select the appropriate authority to him.
To copy the folder
For example, if you want to copy the encrypted folder A to the folder B,
allot the List and Access authority to the user who use the folder A and
allot the List and Write authority to the user who use the folder B.
2-11
! If you encrypt the folder, the folder icon is changed to .
! If you encrypt the folder, the files in the encrypted folder are
encrypted automatically. Unauthorized user who does not log
on the SecuwayCard 2000 Manager program with
permitted password can’t read the files on the encrypted folder.
But the extension of the file name and its icon is not changed.
! If there is any encrypted files on the folder, you can’t encrypt the
folder.
2-12 Chapter 2
Setting the Security Functions
To decrypt the folder
Folder decryption is to return the encrypted folder to the original one. The
way to decrypt the folder is like the following.
To decrypt the folder is nearly the same with the way to encrypt the folder.
# Run the Windows Explorer while you are login on the
SecuwayCard 2000 Manager program.
$ Select the folder you want to decrypt on the Windows Explorer and
then click the right button of the mouse. The submenu is displayed like
the following.
2-13
% Select <Folder Decryption>. Then the following message is displayed.
Click [Yes].
& Then the folder is decrypted and the folder icon is changed to .
If you select “Auto Encryption” on the <Folder Encryption> item of the
<Setting of Folder Encryption> screen, you need not enter any password
to decrypt the folder.
But you select “Password Method Encryption”, you should enter the
password correctly on the following message to decrypt the folder.
If you decrypt the folder, the files in the folder are decrypted
automatically.
2-14 Chapter 2
Setting the Security Functions
To encrypt or decrypt the file
This section describes the way to encrypt or decrypt the file.
! Encryption? : The transformation of data into a form
unreadable by anyone without a secret decryption key. Its
purpose is to ensure privacy by keeping the informationn
hidden from anyone for whom it is not intended.
! Decryption? : The transformation of data that is encrypted once
into a form readerble one again.
To encrypt the file
The way to encrypt the file is like the following.
# To encrypt the file, you should install the SecuwayCard 2000
hardware and software in advance. Please read the Part 1 of this
manual about the way to install SecuwayCard 2000 and check it
is normally operated on your computer.
$ Log on the SecuwayCard 2000 Manager program.
2-15
% Run the Windows Explorer. Select the file you want to encrypt on the
Windows Explorer and then click the right button of the mouse. The
submenu is displayed like the following.
& Select <File Encryption>. Then the following message is displayed.
Click [Yes].
2-16 Chapter 2
Setting the Security Functions
' Then the following message to encrypt the file is displayed.
If you click [Encrypt] button after setting each items, the file is encrypted.
The feature and meaning of each item is like the following.
<File Encryption>
There are two ways to encrypt file like the following.
AutoEncryption
If you select this option, you need not set the password differently each
time when encrypt or decrypt the file. The security key allotted by
SecuwayCenter 2000 when you register online security is used
when encrypt or decrypt file as a default.
Select the encryption
type.
This option is to set the
access authority which
is allotted to all the
users commonly.
This option is to set the
access authority which is
allotted to the registered
users individually.
2-17
Password Method Encryption
If you select this option, you can set the password differently each time
when encrypt or decrypt the file. If you select “Password Method
Encryption” on the <Type> of <File Encryption> item, <Password>
changes to blank space where you can input any password.
If you select “Password Method Encryption”, you should
remember the password. If you forget the password, you can’t
open the encrypted file.
<Default Authority>
This option is to set the access authority which is allotted to all the users
commonly. For example, if you select “List Authority”, List Authority is
allotted to all the users who are listed on the “Users”.
<Individual Authority>
This option is to set the access authority which is allotted to the registered
users individually. Select the user you want to allot the authority and then
select the appropriate authority to him.
2-18 Chapter 2
Setting the Security Functions
! If you encrypt the file, the file icon is changed to and the
extension “.fes” is attached to the file name. For example, if the
original file name is “BECK.ASF”, the encrypted file name is
“BECK.ASF.fes”.
! If the file is encrypted, only the authorized user who log on the
SecuwayCard 2000 Manager program with the permitted
password can read the file.
! If the folder in which you want to encrypt the file is already
encrypted, re-encryption process for the file can not be
executed.
2-19
To decrypt the file
File decryption is to return the encrypted file to the original one. The way
to decrypt the file is like the following.
To decrypt the file is nearly the same with the way to encrypt the file.
# Run the Windows Explorer while you are login on the
SecuwayCard 2000 Manager program.
$ Select the file you want to decrypt on the Windows Explorer and then
click the right button of the mouse. The submenu is displayed like the
following.
2-20 Chapter 2
Setting the Security Functions
% Select <File Decryption>. Then the following message is displayed.
Click [Yes].
& Then the file is decrypted and the file icon is return to the original one.
If you select “Auto Encryption” on the <File Encryption> item of the
<Setting of File Encryption> screen, you need not enter any password to
decrypt the file.
But you select “Password Method Encryption”, you should enter the
password correctly on the following message to decrypt the file.
If you decrypt the folder, the files in the folder are decrypted
automatically.
2-21
Confirm the access control of the unauthorized users.
If the unauthorized users who do not log on with permitted password try to
decrypt the file, the following error message is displayed and protect from
decrypting it.
If the unauthorized users, who do not log on with permitted password try
to copy, move and delete the encrypted file or folder, the error message is
displayed and protect from doing the process.
2-22 Chapter 2
Setting the Security Functions
To copy or delete the encrypted file or folder
This section describes the way to copy or delete the encrypted file or
folder.
To copy the encrypted file or folder
You cannot copy the encrypted file or folder with the same way of general
file or folder. The way to copy the encrypted file is the same with that of
encrypted folder. So, this section shows you the way to copy the encrypted
file as an example,
# Select the encrypted file you want to copy and click the right button of
the mouse. Then the following submenu is displayed.
2-23
$ Select <Encrypted File
Copy> Then the screen to
select the folder to be copied is
displayed.
% Select the folder to be copied
and click [OK] button.
& Then the encrypted file is copying and the following message is
displayed after copying is completed.
If unauthorized user who do not log on the SecuwayCard
2000 Manager program with permitted password try to copy the
encrypted file, the following error message is displayed and
protect from copying.
2-24 Chapter 2
Setting the Security Functions
To delete the encrypted file or the file in the encrypted folder
This section tells you the way to delete the encrypted file or the file in the
encrypted folder.
To delete the encrypted file
There are 3 kinds of ways to delete the encrypted files.
! Using the [Delete] key
Press the [Delete] key on the keyboard after selecting the encrypted file
you want to delete. Then the <Confirm File Delete> window is displayed
with the message “Are you sure you want to send … to the Recycle Bin?”
If you click [Yes], the selected file is sent to the Recycle Bin. In this case,
you should run “Delete” command again after selecting the file on the
Recycle Bin to delete the file completely.
! Pressing the [Delete] key while pressing [Shift] key
Press the [Delete] key while pressing [Shift] key on the keyboard after
selecting the encrypted file you want to delete. Then <Confirm File
Delete> window is displayed with the message “Are you sure you want to
delete…?” If you click [Yes], the selected file is deleted completely.
! Using the <Delete> command of the <File> menu on the
Windows Explorer
Select <Delete> command of the <File> menu on the Windows Explorer
after selecting the encrypted file you want to delete. Then the <Confirm
File Delete> window is displayed with the message “Are you sure you
want to send … to the Recycle Bin?” If you click [Yes], the selected file is
sent to the Recycle Bin. In this case, you should run “Delete” command
again after selecting the file on the Recycle Bin to delete the file
completely.
2-25
To delete the encrypted folder or file in the encrypted folder
To delete the encrypted folder or file in the encrypted folder, press
[Delete] key while pressing [Shift] key on the keyboard after selecting the
file or folder you want to delete. The encrypted folder or file in the
encrypted folder cannot be deleted by [Delete] key only.
The following table shows you the way to delete the encrypted file,
encrypted folder, and the file in the encrypted folder.
Send to the
Recycle Bin
(Using the [Delete]
key)
Delete directly without
sending it to the Recycle Bin
(Using the[Shift]+ [Delete]
key)
Encrypted file O O
File in the
Encrypted folder X O
Encrypted folder X O
2-26 Chapter 2
Setting the Security Functions
Attachment File Creation
Attachment File Creation?
<Attachment File Creation> means the transformation process from
encrypted file to the one that can be sent via Email or other application
program. To run the Attachment File Creation, do the following steps.
# Select the encrypted file you want to send via Email or other
Application program and click the right button of the mouse.
If you run
<Attachment File Creation>
while
selecting
“Auto
Encryption”
on
the
<File Encryption>
item
of
the
<Setting of File
Encryption>
screen
,
the
following
error
message
is
displayed
and
you
can
not
produce
the attachment file.
2-27
$ If you select “Password Method Encryption” on the <File
Encryption> item of the <Setting of File Encryption> screen, you can
run the <Attachment File Creation> command. In this case the
following message is displayed if you run the <Attachment File
Creation>.
% If you enter the correct password you set on the
<Setting of File
Encryption> screen
and [OK], the attachment file is created with the
following message.
If you run the “Attachment file creation “, the extension of the
encrypted file name is changed from “.fes” to “.fts”
Eg.> *
2-28 Chapter 2
Setting the Security Functions
& The user who receive the file created using “Attachment file creation”
command select the file received and click the right button of the
mouse and then select the “File restoration for Attachment” command.
' If the following message is displayed, the restoration of the encrypted
file for attachment is completed.
2-29
( Click [OK] and if click the restored file to open it, the following
message to enter the password is displayed.
At this time, you should enter the password you set when encrypt the
file for the first time. So, the user who sends the encrypted file should
give the password to the user who receives the file.
3-1
Chapter 3 SecuwayCard 2000
Manager Program Menu
This chapter shows you the way to use the several menus of the
SecuwayCard 2000 Manager program Menu.
Click the icon on the bottom of the Windows after logging on the
SecuwayCard 2000 Manager program and then the following
message is displayed
The functions available on the SecuwayCard 2000 Manager program
are like the following.
3-2 Chapter 3
SecuwayCard 2000 Manager Program Menu
Configurations
You can configure the necessary circumstances while using the
SecuwayCard 2000 Manager program like screen saver setting and
etc using the <Configurations> command of the <System> menu.
If you want to use the <Screen Saver> command of the
<System> menu, you should set to use the screen saver function
on the <Configurations> menu in advance. If you do not set to
use the screen saver function on the <Configurations> menu, the
<Screen Saver> command of the <System> menu cannot be
displayed selectable.
# Select the <System> menu and click <Configurations> command on
the SecuwayCard 2000 Manager program.
$ Then the <Configurations> screen is displayed.
3-3
<Screen Saver Setup> tab
There are 3 kinds of tabs on the <Configurations>. The features and
options of the first tab <Screen Saver Setup> are like the following.
<Screen Saver(S)>
The screen saver provides the locking function that prevent unauthorized
user from using the computer while the authorized user is leaving the
computer. If the authorized user does not operations (key input or mouse
action) for a limited time, the screen saver perceives that the user has left
the computer and executes the locking function.
- If you select “Screen Saver not used”
If you select “Screen Saver not used” among the options of the <Screen
Saver(S)> command, the Screen Saver function cannot be executed and is
displayed unavailable on the <System> menu.
- If you select the other options except “Screen Saver not used”
If you select the other options except “Screen Saver not used”, the Screen
Saver function can be executed and is displayed available on the
<System> menu.
You can select the screen image you want to display while the Screen
Saver function is running among the other options.
<Stand-by Time>
This item is not displayed if you select “Screen Saver not used” among the
options of the <Screen Saver(S)> command. This item is available to
select if you select the other options except “Screen Saver not used”. If
you do not any operations (key input or mouse action) in the time set at
the item, the Screen Saver function is executed. The time can be input by
the minute.
3-4 Chapter 3
SecuwayCard 2000 Manager Program Menu
<Settings>
This item is available to select if you can select the screen image you want
to display while the Screen Saver is running like the “Windows Logo”.
The Screen Saver function provided by the SecuwayCard
2000 is different from the one provided by the Windows Me.
And so it is executed independently of the one of Windows Me.
After completing to select the items on the <Screen Saver Setup>, click
[OK] button to save the settings.
3-5
<Center IP Set> tab
Let’s see the function of <Center IP Set> tab.
The features and available values of the <Center IP Set> tab are like the
following.
!" Pri Center IP : The IP address you set on the “Online Security
Registration” is displayed. If the IP address of the SecuwayCenter
is changed, input the changed IP address on this item.
!" Sec Center IP : In case that you install the second Center to backup
the system, input the IP address of the second center.
If the SecuwayCenter 2000 manager has set the Pri IP and
Second IP while doing “Online Security Registration” process, you
should receive the IP information from the SecuwayCenter
2000 manager.
3-6 Chapter 3
SecuwayCard 2000 Manager Program Menu
<The Option> tab
The items of <The Option> tab are useful for using the SecuwayCard
2000 Manager program.
The features of the items of <The Option> tab are like the following.
Starting together with Windows booting
If you select this item, the SecuwayCard 2000 program is executed
automatically when the Windows program is booting. If you don’t select
this item, you should execute the SecuwayCard 2000 program
whenever you need after the Windows program is booting.
Starting L2TP Tunnel with the Manager
If you select this item, the L2TP tunnel is created automatically when the
SecuwayCard 2000 Manager program is started. If your
circumstances use the L2TP, you’d better select this item. But if your
circumstance does not use L2TP, do not select this item.
3-7
Automatic Password input
If you don’t select this item, you should input the password whenever you
log on the SecuwayCard 2000. If you select this item, you don’t need
input the password whenever you log on and the SecuwayCard 2000
is directly running because the password is input automatically.
Starting L2TP Network Logon
If you select this item, the dialog box is displayed to log on the network
when the server is created the tunnel and located to connect.
Automatic L2TP Reconnect
This item allows restarting the tunnel automatically if the tunnel is
disconnected due to the network error or the SecuwayGate 2000
system error.
Warning Message of Valid Password Date(s)
If the SecuwayCard 2000 manager set to change the password in the
designated date and select this item, the message like that you should
change the password is sent to the SecuwayCard 2000 user.
3-8 Chapter 3
SecuwayCard 2000 Manager Program Menu
Screen Saver
The screen saver provides the locking function that prevent unauthorized
user from using the computer while the authorized user is leaving the
computer. If the authorized user does not operations (key input or mouse
action) for a limited time, the screen saver perceives that the user has left
the computer and executes the locking function.
If you want to use the <Screen Saver> command of the
<System> menu, you should set to use the screen saver function
on the <Configurations> menu in advance.
If the SecuwayCard 2000 user does not enter any key or
mouse action in the designated time, the screen saver is
executed.
If you do not set to use the screen saver function on the
<Configurations> menu, the <Screen Saver> command of the
<System> menu cannot be displayed selectable. For the detailed
information about the way to set the screen saver function, see
the description of the command “Configurations” on this manual.
3-9
To stop the Screen Saver
If you use the SecuwayCard 2000 manager program while the
screen saver is running, press any key or move the mouse.
Then the screen to input the user ID and password is displayed.
If you don’t input the same password with the one you use to log on the
SecuwayCard 2000, you can’t stop the screen saver and use the
SecuwayCard 2000 Manager program. With this way the screen
saver provides the locking function that prevent unauthorized user from
using the computer while the authorized user is leaving the computer.
The 4 kinds of cases for executing the screen saver
The screen saver is executed for 4 kinds of the cases like the following.
! When you log off the SecuwayCard 2000 Manager
program
If the screen saver is executed when you log off the SecuwayCard
2000 Manager program, you should input the user ID and password to
log on again.
! When you execute the <Screen Saver> command on the
<System> menu
If the screen saver is executed because you execute the<Screen
Saver> command on the <System> menu, you should input the
password to exit the screen saver function.
3-10 Chapter 3
SecuwayCard 2000 Manager Program Menu
! When you remove the SecuwayCard 2000 in the PCMCIA
slot
The screen saver is executed if you remove the SecuwayCard
2000 hardware in the PCMCIA slot while using the SecuwayCard
2000 system. In this case, reinsert the SecuwayCard 2000
hardware in the slot and input the user ID and password on the dialog
box of the screen and then you can use the system again.
! When the designated time of the screen saver is passed
When the designated time set on the <Stand-by time> item of the
<Screen Saver> command is passed, the screen saver is executed
automatically. If you exit the screen saver mode, move the mouse and
input the password on the dialog box of the screen.
If the screen saver is executed when you log off the
SecuwayCard 2000 Manager program, the TCP/IP network
is disconnected. In this case the program which is communicating
is diconnected. But if the screen saver is executed because you
execute the <Screen Saver> command on the <System> menu,
the encryption process using TCP/IP is still available.
3-11
Center Check
<Center Check> command is used to confirm the connection status
between the SecuwayCard 2000 Manager program and the
SecuwayCenter.
You can also use the <Center Check> command when you can’t connect
with the host through security communication or see the security policy
even though you did online security registration.
If the connection status is normal, the following message is displayed.
If the connection status is not normal, the following message is displayed.
If the connection status is not normal, you can’t do the security
communication and receive the security policy normally from the
SecuwayCenter 2000. In this case, check if the status of the
online security registration.
3-12 Chapter 3
SecuwayCard 2000 Manager Program Menu
Auto Upgrade FTP Server
<Setting Auto Upgrade FTP Server> command is to set the server for
sending the upgrade file automatically whenever the SecuwayCard
2000 Manager program is upgraded.
If you want to use the <Setting Auto Upgrade FTP Server>, you
should set the FTP server in advance. You can download the FTP
server program free from the web site. For more detailed
information of setting the FTP server, see the online help or
printed manual provided with the FTP server program.
Input the FTP server name on the “Server” item and press [OK] button.
Then the setting the auto upgrade server is completed.
3-13
Setting System Security Default Value
<Setting System Security Default Value> command shows the same
screen with the one you can see when you log on the SecuwayCard
2000 Manager program for the first time after installing it.
If you click the <Setting System Security Default Value> command, the
message to request the password is displayed. If you input the password
correctly, the <Setting System Security Default Value> screen is
displayed.
For detailed information of the <Setting System Security Default
Value> screen, see the Part 2, Chapter 2 : Setting the Security
functions of this manual.
Hide
If you want to hide the SecuwayCard 2000 Manger program on the
screen, use the <Hide> command. Click the icon bottom left of the
Windows to show the SecuwayCard 2000 Manger program on the
screen again.
4-1
Chapter 4 Features of the Icons on the
SecuwayCard 2000
Manager Program
This chapter introduce you the features and utilization method of the icons
on the SecuwayCard 2000 Manger program.
User View
The first screen when you execute the SecuwayCard 2000 Manager
program shows the SecuwayCard 2000 user information. This is the
executing result of the User View icon which is on the left most of the
SecuwayCard 2000 Manager program icon group.
The features of each items on the <User View> screen is like the
following.
4-2 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
<User Info>
User
This item shows the user ID who is currently logging on the
SecuwayCard 2000 Manager program. Over the one user can log on
the system in which the SecuwayCard 2000 is installed using their
own ID. With this item, you can check the user ID who is currently logging
on.
CID
This item is the discrimination of the SecuwaySuite 2000 users.
Each users have their own CID uniquely. So, CID is used as the
discrimination mainly rather than IP because IP is more changeable than
CID. Under the PPP or ADSL environment, CID is used for user
authentication or security communication.
Password valid term
Password valid term is set by the SecuwayCenter 2000 Manager.
Password Changed Date
The date when the password has changed recently is displayed.
<Token Info>
The information that the SecuwayCenter 2000 Manager sends to the
SecuwayCard 2000 user is displayed. This information is received
when the SecuwayCard 2000 is installed and does the online
security registration.
4-3
<System Security Information>
FDD Mode
This is to encrypt the data on the FDD. The mode set by the
SecuwayCenter 2000 is displayed on this item.
CD-ROM Mode
This is to encrypt the data on the CD-ROM. The mode set by the
SecuwayCenter 2000 is displayed on this item.
All the items on the <User Info>, <Token Info>, and <System
Security Information> are set by the SecuwayCenter 2000.
So all the values on each items can not be changed and removed
by the SecuwayCard 2000 Manager on his own authority.
4-4 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
System Security
If you click the Second icon from the leftmost on the SecuwayCard
2000 Manager program icon group, the information of the encrypted
folders is displayed.
For more information of the way to encrypt the folder, see the
description “Chapter 2 : Setting the Security functions” on this
manual.
4-5
IPSEC(IP Layer Security Protocol) View
IPSEC icon shows the security information received from the
SecuwayCenter 2000, key token used for communication, the
password used for security of the communication information between two
hosts, Authentication Algorithm, SA (Security Association) information,
and etc.
IPSEC information is the security information that the
SecuwayCenter 2000 Manager send to the
SecuwayCard 2000 user. This information can not be
changed by the SecuwayCard 2000 Manager.
<View Key token> and <View SA1> are created while communicating,
displayed when selecting each of them, and removed when rebooting the
system or logging off the SecuwayCard 2000 Manager program.
The SecuwayCard 2000 Manager program user can remove the
<View Key token> and <View SA1> directly.
4-6 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
If you click the IPSEC Information icon, the Host Properties, Master key
Information, the SecuwayCenter 2000 information, and the
Message Protection information are displayed.
All the information displayed by the IPSEC is the security
information that the SecuwayCenter 2000 Manager send to
the SecuwayCard 2000 user. This information can not be
changed by the SecuwayCard 2000 Manager.
The features of each item are like the following.
Host Properties
This item shows the available range of the IP address. Within the range of
the IP address, the IP currently used by the SecuwayCard 2000 user
is existed.
Masterkey Information
This item is the Master key information created and sent by the
SecuwayCenter 2000 and necessary for encryption and
authentication. After the available period, the system tries to communicate
with the SecuwayCenter 2000, received the new master key
information, and operates normally.
4-7
SecuwayCenter
Center ID and IP address are received from the SecuwayCenter
2000 while the online security registration. The Management Ports are
for communication with the SecuwayCenter 2000 and displayed as
the UDP(User Diagram Protocol) number.
Message Protection
This item shows the Authentication Algorithm and Encryption Algorithm
to secure the message used for communicating between the
SecuwayCenter 2000 and the SecuwayCard 2000. The
SecuwayCenter 2000 Manager also sets this information and so the
SecuwayCard 2000 Manager can’t change on his own authority.
Keytoken is used commonly for the user authentication and security
communication. Keytoken is created automatically after received from the
SecuwayCenter 2000 when the users try to communicate.
To communicate normally, you should do the user authentication
using the Keytoken information before starting to communicate If
the user does not received authentication normally from the
SecuwayCenter 2000, the keytoken can not be created and
the communication can not be done normally.
4-8 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
The Keytoken can be deleted by the user and be recreated if the user tries
to communicate. Although the Keytoken is deleted while communicating,
it can be created if you try to communicate again and so you can do the
user authentication and security communication without giving any
interruption to the communication status.
Q: If the keytoken is not created when the user try to do the
security communication or authentication although the user is
authenticated normally on the SecuwayCenter2000, it
means the status is not available to communicate normally.
A: In this case, check the connection status with the
SecuwayCenter 2000 and ask the system manager if
the SecuwayCenter 2000 is set to prohibit the service to
the SecuwayCard 2000 user.
SA (Security Association) means the password, authentication mechanism
key shared for security of the hosts communicated with each other. This
information is displayed while sending and receiving the information
to/from the connected host after receiving the Keytoken from the
SecuwayCenter 2000.
SA Information is displayed only when the Keytoken is received.
SA information is not the item set by the SecuwayCard 2000
Manager program user separately but created automatically when
connecting with the opposite side who can communicate with.
The SA information can be recreated although SA has been removed while
using it. The communication with the opposite is proceed with 2 steps,
SA1 and SA2, and displayed with these steps.
4-9
If the communication status is normal, the Keytoken, SA1 and SA2 are
created. If the “Send” and “Receive” on the <View SA> item are created
like the following, the security communication is completed.
4-10 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
SPD View
This icon shows the security profile that set with which password
algorithm and authentication algorithm for the security policy related with
the way to manage the IP packet sent and received and the packet defined
by the security policy.
The security policy is used for doing the user authentication and packet
filtering and sent by the SecuwayCenter 2000 manager to the
SecuwayCard 2000 Manger program via online after setting fitted
for the network environment.
Security Policy?
The security policy is a kind of database that saves the policy related with
the way to manage the IP packet sent and received. The security policy
consists of the several kinds of rules that have the priority. The security
policy checks the rules from the 1st priority by the order and concludes
how manage the packets.
In other words, security policy is a set of filtering rules that govern packet
exchange. All packets are filtered according to these rules. Packets, which
don’t meet a rule’s conditions, are not forwarded to the destination and are
discarded.
4-11
Because of the hierarchical structure, the rule No. 1 is applied first to
examine a packet. If the rule No. 1 is not relevant to the examined packet,
the following rules are applied, and so on until a relevant rule is found. If a
relevant rule is not found, the examined packet is dropped.
SecuwayCard2000 automatically receives security policies
from the SecuwayCenter 2000 upon logging. In the case
there are changes to the security policy, the SecuwayCenter
2000 also sends to the SecuwayCard 2000 necessary
updates.
SecuwayCard 2000 applies the security policy received from the
SecuwayCenter 2000. Therefore, if SecuwayCenter 2000
administrator restricts SecuwayCard 2000 users the access to a
certain server or network, you will not be able to access the prohibited
resource.
If you cannot access to a server or a network, check security policy and
contact SecuwayCenter 2000 administrator, if necessary.
Security Policy Object
SecuwayCard 2000 administrator
cannot modify or delete a security policy.
You can view the security policy objects in
the Security Policy window. Double-click on
the object to see details.
If you cannot connect to a server or
network, view the security policy object and
find out relevant rules, as shown in the
right screen.
4-12 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
Security Profiles
To process packets, security profiles specify encryption and authentication
algorithms according to the security policy settings.
Security profiles as well as security policy are managed
SecuwayCenter 2000 administrator.
Therefore, SecuwayCard 2000 users are not allowed to
modify security profiles. But they can view profile details.
If security policy governs packet transmission, security profiles become
unnecessary. Security profiles are applied when IPSec is enabled. In other
words, security profiles are not activated when filtering rules are in force,
and IPSec is not used.
Each security rule can accommodate up to 5 profiles priorities from 1 to 5.
A security profile incorporates sub-rules, which are assigned sequence
numbers starting from 1. If no security profiles are relevant to the
communicating hosts, the connection to the hosts is disabled. On the other
hand, if there is a relevant security profile, you can communicate to such
host.
4-13
L2TP View
L2TP provides a tunnel for authenticated dial-up, ADSL and cable modem
users (with dynamic IP address). The tunnel allows remote users a safe
access to the intranet servers.
L2TP(Layer 2 Tunneling Protocol)?
L2TP is a two-way tunneling protocol that encapsulates the PPP frame
with a header and transmits them over Internet, X.25, Frame Relay or
ATM in IP networks through UDP port 1701. IPSec is used for data
encryption and VPN (Virtual Private Network) functions for users
authentication.
If you click the L2TP icon, the following information is displayed.
The current screen is the status that the L2TP communication is started.
If the L2TP communication is started, several kinds of the tunnel
information are displayed on the right of the screen. If you want to exit the
L2TP communication, select “xxxx Gate” on the right of the screen and
then click the right button of the mouse.
4-14 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
Then the submenu which contains the <LT2P Start> and <L2TP Exit>
command is displayed.
Select < L2TP Start> to display the L2TP box where you can supply the
necessary information for tunneling. To disable tunneling, select <L2TP
Exit>. Then the tunneling information will be deleted and L2TP disable.
Once you create a tunnel, it remains active until you quit the program.
There is no need to create a tunnel or disable tunneling while the program
is running.
If the SecuwayGate 2000 is restarted when SecuwayCard
2000 is running, tunneling becomes disabled. To restore tunneling, you
have to create a tunnel again.
In order to configure L2TP at SecuwayCard 2000,
SecuwayGate 2000 must be prepared for working with
L2TP.
4-15
Log View
The Logs window enables you to view log records so you can inspect them
and trace users’ activity. This can help you detect security breaches and
locate errors, as well as estimate overall system operation.
The Logs window provides such information as the logging period, user ID,
user activity data and error causes.
The figure below shows an example of Logs window.
Log save
You can save logs into a file. When you save logs, logs taken out by the log
tab menu of the token are deleted, instead they are saved as files named
after the date they are created.
Log view
To view the saved logs select View Backup Log tab and click this icon. If
you click the icon, the following message is displayed.
4-16 Chapter 4
Features of the Icons on the SecuwayCard 2000Manager Program
Select the log file you want to open and [Open] button and then the log file
is displayed on the <View Backup Log> screen.
Log Print
This icon is used to print the log file displayed on the current screen.
Before printing it, check if the printer is connect to the computer you are
using.
Log Management
This icon is to set the log backup cycle. If you click this icon, the following
message to set the log backup cycle is displayed.
Select the log backup cycle you want and click [OK].