KILGETTY
|
|
| |
 |
|
BIOS Issues
Security
Operation
Troubleshooting
Contacts
BIOS Issues
- How should I upgrade the BIOS on a Kilgetty installed
machine?
Upgrading the BIOS may adversely affect Kilgetty operation. Contact
Kilgetty Technical Support for advice before any attempt is made
to upgrade the BIOS.
Kilgetty Technical Support
HP Kilgetty Help Desk
+44 (0)1925 841805
- What should I do if the BIOS becomes corrupted on a
Kilgetty installed machine?
Contact Kilgetty Technical Support for advice before any attempt
is made to correct the BIOS.
Kilgetty
Technical Support
HP Kilgetty Help Desk
+44 (0)1925 841805
Security
- What procedure should be followed if the computer, TMD
or the installation disk is compromised?
Any compromise of the computer, TMD or install disk immediately
increases the protective marking of the other components. The
protective marking of the intact components must be raised to
the same level as the highest level of the stored data.
If the tamper evident label is damaged the PC should be sent to
CESG for investigation at the earliest opportunity without further
use. All incidents should be reported to the Kilgetty Local Manager
and Departmental Security Officer.
For further details please refer to the Kilgetty
User Manual
- Does Kilgetty provide protection against Tempest attack?
Kilgetty is a software implementation and only affects the Hard
disk, as such it does not protect against Tempest attack. If you
require an implementation of Kilgetty with Tempest protection,
contact CESG.
Operation
- What is the minimum specification for a computer running
Kilgetty 2K?
Kilgetty 2K v1.0 and v1.1 will run all platforms that support
Microsoft Windows 2000. Guidelines are given in the Kilgetty
User Manual.
- What level of protection does Kilgetty provide?
Kilgetty 2K v1.0 and v1.1 and Kilgetty Plus NT4 V2 offer the following
levels of protection. For further details please refer to the
User Manual.
| Highest protective marking
|
Protective marking of computer when
powered on and user validated (with fixed hard
disk) |
Protective marking of computer when
powered down (with fixed hard disk) |
| TOP SECRET |
Level of highest material
ever stored on disk |
One level lower than TOP SECRET
material else two levels lower |
| Highest protective marking |
Protective marking of removable hard
disks when powered on and user validated |
Protective marking of removable hard
disks when powered down |
| TOP SECRET |
Level of highest material
ever stored on disk |
One level lower than material |
| Highest protective marking |
Protective marking of floppy disk
when encrypted by Default Floppy Key |
Protective marking of floppy disk
when encrypted by Floppy Disk Key |
| TOP SECRET |
One level lower than TOP SECRET
material else two levels lower |
One level lower than material |
- Is Kilgetty compatible with DVD/CD-RW combo drives?
There are no known issues with DVD/CD-RW combo drive compatibility.
Please contact the Kilgetty Technical Support for the latest information.
- How do I change between users?
The computer MUST BE rebooted when a user logs off. This ensures
that the user permissions are not compromised.
- How do I transfer encrypted data between multiple PCs?
Data protected by Kilgetty can be transferred between PCs running
the same Kilgetty products via encrypted floppy disk. In order
to do this, a Floppy Disk Encryption Key (FDK) has to be loaded
from a separate TMD into each PC. When loading the FDK, each user
must ensure that the same name or reference is associated with
that FDK or there is a danger of using the wrong FDK.
Note: A standard boot TMD must NEVER
be used as a FDK.
It is necessary to limit the use of the FDK to 6 months after
which a new FDK must be obtained. The TMD holding the FDK takes
the highest protective marking of the data being protected. The
protective marking of the transfer floppy disk is 1 less than
the protective marking of the data.
For further details please refer to the Kilgetty
User Manual.
- Can Kilgetty be used on a computer without a serial
port?
No, the serial port is an integral part of the Kilgetty product.
- Can a Kilgetty installed computer be connected to the
Internet?
A Kilgetty installed computer MUST NOT be connected to the Internet,
as it would compromise the data on the machine. For further information
consult the Kilgetty Security Procedures.
- How do I uninstall Kilgetty?
It is not possible to uninstall Kilgetty. If disk encryption is
no longer required it is recommended that the disk be re-built
as new and the operating system re-installed over the Kilgetty
encrypted disk contents. For further information please refer
to the Kilgetty Security procedures.
- How long does encryption take on installation?
The encryption time for Kilgetty is unique to each system and
dependant on configuration, processor power, along with the size
and number of disks. A Pentium 4 machine should encrypt 1Gb every
5-10 minutes using Kilgetty 2K v1.1. For most computers the encryption
will take 2 – 6 Hours.
- Does Kilgetty affect system performance?
Kilgetty is a software product that can be considered part of
the Operating System once installed. Encryption and decryption
of data transferred to or from disk takes time. However, it is
unlikely that users will notice performance degradation when run
on a modern laptop.
- Is Kilgetty compatible with anti-virus software?
Anti-Virus software has been tested on Kilgetty installed laptops
and no major adverse reactions have been observed.
It has been observed that use of Norton Anti-Virus with Kilgetty
may produce an error when accessing the KSM through the floppy
monitor. This can be resolved by temporarily disabling Norton
when accessing the KSM.
Contact Kilgetty Technical Support for the latest information.
- Does Kilgetty work with other applications?
Kilgetty should work with all Microsoft compatible applications.
All applications should be installed before Kilgetty. Check software
compatibility when ordering Kilgetty.
- Will Kilgetty still work if an operating system service
pack upgrade is installed?
There are no formal procedures for installing a Windows 2000 service
pack. It will be necessary to seek advice from the Kilgetty Technical
Support help desk
- How do I see what is happening when Kilgetty reboots?
If you want to see information on how the encryption is progressing,
it is required that you make the following edit to the boot.ini
file (this is a hidden system file found in your root directory):
Add "/sos" to the line
"multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft
Windows 2000 Professional" /fastdetect" so that it
now reads
"multi(0)disk(0)rdisk(0)partition(1)\WINNT="Microsoft
Windows 2000 Professional" /fastdetect /sos"
(Note that the appearance of this line may vary slightly from
one installation to another)
- What procedures should I follow when upgrading or repairing
a Kilgetty installed computer?
Only authorised personnel should perform repairs and upgrades,
as the PC may need to be opened up. This will entail breaking
the tamper evident labels. New tamper evident labels should be
obtained from CESG and applied before the computer is used again.
The serial numbers of the new labels must be recorded and stored
with the original installation documentation.
Troubleshooting
- Encryption has reached 100%, and the computer hasn’t
carried on booting, what is happening?
Kilgetty is checking the hard drives. To verify this, check that
the hard disk light is on continuously or flashing rapidly. Let
Kilgetty complete the conversion. This should not take longer
than 1 hour.
- Kilgetty Plus NT4 V1 supported Zip Drives, why has this
feature been removed for Kilgetty 2K v1.0?
Kilgetty 2K v1.0 offers a greater level of security in the attachment
of peripherals that means some devices are no longer compatible.
Zip Drives are currently incompatible with Kilgetty 2Kv 1.0. It
is recommended that CD-Rs are used in clear mode when performing
backup operations. However, Kilgetty 2K v1.1 supports Zip Drives
in Clear Mode.
- Why does the computer have trouble detecting the Touch
Memory Device Reader?
CESG has identified an issue with some computers failing to identify
the Touch Memory Device Reader when the computer is restarted
in Windows. This problem can be resolved by shutting down the
computer and turning it on again, rather than selecting the restart
option from the shutdown menu.
- Why doesn’t the USB device attached to the Kilgetty
installed computer work for Kilgetty 2K v1.0?
CESG has identified security concerns with the USB interface therefore
Kilgetty 2K v1.0 blocks all activity through this port. However,
this issue has been addressed for Kilgetty 2K v1.1 which does
allow access to USB devices.
- Why does the Floppy Monitor Icon disappear from the
system tray?
If Microsoft Windows Explorer crashes then it removes the icon
from the system tray. Kilgetty is still running and protecting
your computer. To return the icon to the system tray, shut down
and restart the computer. If you experience continuing problems
contact Kilgetty Technical Support.
- Why does the computer ‘Blue Screen’ with
Kilgetty installed?
When system errors occur, Kilgetty powers down the computer and
displays error information on the standard Microsoft ‘Blue
Screen’. The error messages are very important in deducing
the problem. The correct action is to record the error messages
and reboot the system. If the system reboots and works without
data corruption then continue to use the computer.
For further information on reporting error refer to the Kilgetty
Security Procedures or contact Kilgetty Technical Support.
- Why has the computer ‘hung’ during reboot?
If, during installation, you have not altered the Boot.ini file
to show the current encryption progress then it may appear that
the system has hung. The system is fine and Kilgetty is in the
process of encrypting the hard drives. This process should take
2-6 hours, but may take longer depending on system configuration.
If you wish to show the installation progress, edit Boot.ini before
installing Kilgetty, as described in the Kilgetty User Manual.
- What procedure should be followed when the computer
lost power during install?
If the hard disk encryption process is interrupted, all of your
hard drive data will be fatally corrupted. Follow the procedure
given in the Kilgetty User Manual and Security procedures to rebuild
your machine.
- Why do I get ‘Error 67: Sector X could not be
read from Hard Disk’ during encryption?
This error message occurs when the Kilgetty driver locates bad
or unrecognised sectors on the hard drive during encryption. As
Kilgetty encrypts the entire hard drive this message could be
displayed if part of the disk is unpartitioned & unformatted.
This message maybe displayed if the computer is overheating.
- Why do I get ‘Error 3’ when selecting the
Floppy Monitor?
It has been observed that use of Norton Anti-Virus with Kilgetty
may produce an ‘Error 3’ message when accessing
the KSM through the floppy monitor. This can be resolved by
temporarily disabling Norton when accessing the KSM.
Contact Kilgetty Technical Support for the latest information.
Contacts
- Where can I purchase a copy of Kilgetty?
UK Government Sales and Marketing
SBL
+44 (0)1347 812100
International
Sales and Marketing
HP Kilgetty Sales
+44 (0)1925 841338
- How do I contact Kilgetty Technical Support?
Technical Support
+44 (0)1925 841805
HP provides 12 months technical support for all Kilgetty products as
part of the initial purchase price. Should you have any problems during
this period and are unable to resolve them by using the information
provided in this manual, you should contact the HP Help Desk.
Should you require technical support after 12 months has elapsed,
HP will request that you renew your technical support contract
|
