Roxio Secure Burning Solution

Roxio Secure Burning FAQ

Overview

Q:

What is Roxio Secure?

A:

Roxio Secure is a family of software products that encrypts files written to CD, DVD, Blu-ray Disc or USB Flash media per organizational policies.

Q:

What products are included in the line?

A:

There are 3 products:

• Roxio Secure Burn
• Roxio Secure Burn Plus

Q:

Do all Roxio Secure products include Roxio Burn?

A:

Yes.

Roxio Burn

Q:

What is Roxio Burn?

A:

Roxio Burn is an application that makes it extremely easy to burn data to discs and to copy discs. The user interface consists of a simple icon that appears on the desktop when a disc is inserted in the disc drive of the PC.

When a disc is inserted in the drive, the Roxio Secure Burn icon automatically appears on the desktop.

If the disc is blank and files or folders are dragged onto it, it will expand. Click on the burn button (the flame) on the lower left to burn the files to disc.

If the disc is not blank, the disc can be copied. To copy the disc, click the blue disc icon on the lower left

Roxio Burn can also span files and folders across multiple discs if they are too big to fit on one disc, and can burn and copy disc image files. There is more you can do with Roxio Secure Burn, but these are some of the key features. It is designed to make data disc burning and copying very light and streamlined, with just the essential features you need for your daily burning tasks. For a more complete description of the functionality of Roxio Burn, see the Help file in that application.

Encryption

Q:

What kind of encryption is used in Roxio Secure?/dd>

A:

Roxio secure burning uses an encryption module called Microsoft RSAENH Cryptographic Provider, a certified FIPS 140-2 module that ships as part of Windows OS. This uses an AES 128 bit encryption key.

Roxio secure burning products do not install the encryption module. They access the encryption module which is built into Windows.

Q:

What is FIPS 140-2? Do Roxio's secure burning products comply with the requirements for FIPS 140-2?

A:

FIPS 140-2 is a US government security standard used to accredit cryptographic modules. Roxio�s secure burning product line complies with the requirements of FIPS 140-2 level 1 under Windows, because it uses the certified RSAENH Cryptographic Provider.

The NIST certification for this encryption module under Vista, XP and Windows 7 is available at: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm (#989, #1002, #1330)

The NIST certification for this module states: "Products which use the above identified cryptographic module may be labeled as complying with the requirements of FIPS 140-2 so long as the product, throughout its life cycle, continues to use the validated version of the cryptographic module as specified in this certificate."

Q:

What if a password is lost or misplaced? Can Roxio somehow retrieve the data?

A:

No, this would defeat the purpose. The files are truly encrypted and there is no back door. So it is important not to lose the password.

Q:

What encryption is used for USB Flash devices? Is it FIPS 140-2 certified?

A:

LDDFlash uses a non certified proprietary strong encryption module using AES and SHA (HMAC) algorithms with 256-bit key.

Q:

Can media written with Roxio Secure be read on Macintosh or Linux PCs?

A:

No, because these operating systems do not include the Microsoft RSAENH Cryptographic Provider.

Roxio Secure Burn

Q:

What is Roxio Secure Burn?

A:

Roxio Secure Burn provides the option of encrypting the files when they are burned to the disc. When you click on the burn button in Roxio Burn, a dialog opens and prompts you to enter a password. In addition to the user selected files, special 'reader' files will be burned to the disc. These 'reader' files will allow you to read the files from the disc by entering the password.

When you insert the burned disc in a drive to read it, the reader application should launch automatically as an AutoPlay option, and prompt you to enter your password. If it doesn't, you can use explorer to open the disc and launch it from the disc itself. The reader applet is in the Roxio Burn folder on the disc and is called RoxioBurnReader.exe.

Q:

Is encryption forced? Are all discs burned with Roxio Secure Burn encrypted?

A:

Encryption is optional in the base configuration of Roxio Secure Burn. If a customer requires forced encryption, a configuration can be created that supports this.

Q:

Is there a way to prevent users from using other software or even the Windows OS to write data discs, so that use of encryption cannot be circumvented?

A:

Roxio software is not designed to disable alternative burning options, as this can cause unwanted side effects in the operating system. Employees need to be educated in best data security practices, such as using Roxio Secure to encrypt discs.

Roxio Secure Burn Plus

Q:

What is Roxio Secure Burn Plus?

A:

Roxio Secure Burn Plus is a version of Roxio Burn that allows PCs within designated groups or departments to read encrypted discs without a password. Access to the encrypted data on PCs outside of designated groups is restricted. This makes it very convenient to share data on departmental PCs while preventing unauthorized access outside of the organization.

Q:

How does it work?

A:

When Roxio Secure Burn Plus is installed on a PC, it configures the PC as follows:

• It grants a 'Group Key', i.e. group membership to the PC. For example, all the PCs in the finance department that include Secure Plus can be granted membership to a group called 'Finance'. All discs written with Secure Plus on a Finance PC will belong to this group.
• It grants 'Read Permission' to the PC. 'Read Permission' means that this PC can read encrypted discs burned on PCs within permitted groups without a password.

Q:

What if I want to be able to read the discs outside of permitted groups? What if I want to be able to take the disc home to work on it?

A:

An optional password can be added to the disc so it can be read outside of permitted groups. If someone steals the disc when I am underway, they will not be able to access the data without the password. If I choose not to add a password, then the discs can’t be read outside of permitted groups at all.

Q:

Can I create non-encrypted discs with Roxio Secure Burn Plus?

A:

No.

Q:

What if a system administrator doesn't want to allow discs to be read outside of permitted groups at all?

A:

The password is optional in the base configuration of Roxio Secure Burn Plus. If a customer requires the password option to be removed, a configuration can be created that supports this.

Q:

Can you provide an example?

A:

Imagine a company with 5 departments, and 5 groups of PCs. These PCs could be set up as follows:

Exec PCs

Can read discs burned on:

• Exec
• Sales
• Engineering
• Finance
• Contractor
• Any Windows PC, such as a home PC (requires password)

Sales PCs

Can read discs burned on:

• Sales
• Finance
• Admin
• Any Windows PC, such as a home PC (requires password)

Engineering PCs

Can read discs burned on:

• Engineering
• Contractor
• Admin

Finance PCs

Can read discs burned on:

• Finance
• Sales
• Admin

Contractor PCs

Can read discs burned on:

• Contractor

Q:

How many groups can be included in Read Permission?

A:

Roxio Secure Burn Plus allows a PC to read discs burned on up to 5 departmental groups of PCs.

Q:

How do I read an encrypted disc if my PC has Read Permission?

A:

When Roxio Secure Burn Plus is installed, it also installs the Roxio Secure Disc Viewer plugin. To read the files on the disc, click on the Viewer in My Computer.

Note: Although it is possible to explore the disc using Windows Explorer, the files will not be readable because they are encrypted.

Q:

Is it difficult to set up?

A:

It is easy to set up. There are 2 ways to do it:

1. It can be done at installation via a command line. There are command lines to define group membership (Group Key), and Read Permission. These command lines are described in the System Administrator�s Deployment Guide.
2. If Roxio Secure Burn Plus is already installed, Group Key and Permission can be changed using a small application called the Roxio Permissions Manager. This application can run from a memory stick without needing installation, so it is easy for a system administrator to run it on several PCs.

Roxio Permissions Manager

Q:

How do I set up Group Keys and Read Permission on multiple PCs on my organization?

A:

There are 2 easy ways to do it:

1. Install Roxio Secure Burn Plus via network deployment using a command line. Decide what Groups you want. Then, select your first Group of PCs and Read Permission settings and deploy. Repeat the process with the other Groups.
2. You can also use Roxio Permissions Manager to set a Group Membership and Read Permission on one PC. Export the settings, and then copy the exported file (.pmf file) to a second PC in the same group. Use Roxio Permissions Manager to import this file (Import Settings), and apply the changes. Repeat this process on all the PCs that you want to have the same settings.

Q:

Do all PCs that are within the same group have the same Read Permission?

A:

Not necessarily.

Q:

Are end users able to use Roxio Permissions Manager to make changes?

A:

Roxio Permissions Manager is installed separately from the Roxio Burn application, and is installed in a directory in Program Files that requires administrator privileges: "C:\Program Files\Roxio\Roxio Burn Administration\Permissions Manager.exe". The system administrator can optionally uninstall the applet after the Group Key and Read Permissions are set.

Alternatively, the system administrator can run Permissions Manager from a USB stick or disc. Copy the entire Roxio Burn Administration directory to a USB stick or disc, and you will be able to run the Permissions Manager executable. Using this method, you will not need to install Permissions Manager on every PC in the group, just the first one.