Kanguru Common Criteria Evaluated User guide

Secure. Anytime. Anywhere.

Evaluated Product

User Guide

Version 1.21

Notices and Information

Please be aware of the following points before using your Kanguru product

Kanguru Solutions will not be held responsible for any illegal use of this product nor any losses incurred

while using this product. The user is solely responsible for the copyright laws, and is fully responsible

for any illegal actions taken.

Customer Service

To obtain service or technical support for your system, please contact Kanguru Solutions Technical

Support Department at 508-376-4245, or visit www.Kanguru.com for web support.

Legal notice

In no event shall Kanguru Solutions’ liability exceed the price paid for the product from direct, indirect,

special, incidental, or consequential software, or its documentation. Kanguru Solutions offers no refunds

for its products. Kanguru Solutions makes no warranty or representation, expressed, implied, or statutory,

with respect to its products or the contents or use of this documentation and all accompanying software,

and specifically disclaims its quality, performance, merchantability, or fitness for any particular purpose.

Kanguru Solutions reserves the right to revise or update its products, software, or documentation without

obligation to notify any individual or entity.

Export Law Compliance

Regardless of any disclosure made to Kanguru Solutions pertaining to the ultimate destination of the

specific Kanguru product, you warrant that you will not export, directly or indirectly, any Kanguru

product without first obtaining the approval of Kanguru Solutions and the appropriate export license from

the Department of Commerce or other agency of the United States Government. Kanguru Solutions has

a wide range of products and each product family has different license requirements relative to exports.

Notices and Information

End User License Agreement

This legal document is an agreement between you, the end user (“Licensee”), and Kanguru Solutions, a

division of Interactive Media Corporation (“Licensor”).

By downloading or obtaining and using this software, you are consenting to be bound by the terms of this

agreement, which includes the software license and software disclaimer of warranty.

This agreement constitutes the complete agreement between you and licensor. If you do not agree to

the terms of this agreement, cease to use the product immediately and destroy any copies that you have

made.

Software License

“The software” shall be taken to mean the software contained in this package, downloaded from

Licensor’s website, or included within a hardware device and any subsequent versions or upgrades

received as a result of having purchased this package. “Licensee” shall be taken as the original purchaser

of the software.

Licensee has the non-exclusive right to use the software only on a single computer. Licensee may not

electronically transfer the program from one computer to another over any type of network. Licensee

may not distribute copies of the software or the accompanying documentation to others either for a fee

or without charge. Licensee may not modify or translate the program or documentation. Licensee may

not disassemble the program or allow it to be disassembled into its constituent source code.

This software is licensed only to you, the Licensee. You may not permit non-Licensees to use or install it

on computers or networks other than explicitly specified in this license without the prior written consent

of Licensor.

This license does not entitle you to any future upgrades or updates of software or configuration files,

although Licensor may decide to make such upgrades or configuration file updates available with or

without an associated fee.

Licensee’s use of the software indicates his/her acceptance of these terms and conditions. If Licensee

does not agree to these conditions, then he or she must return any distribution media, documentation, and

associated materials to the vendor from whom the software was purchased, and erase the software from

any and all storage devices upon which it may have been installed or otherwise stored.

Disclaimer of Warranties

The software is provided on an “AS IS” basis, without warranty of any kind, including without limitation

the warranties of merchantability, fitness for a particular purpose, and non-infringement. The entire risk

as to the results and performance of the software is assumed by you, the Licensee. If the software is

defective, you, and not Licensor or any distributor, agent or employee of Licensor assumes the entire

cost of all necessary servicing, repair, or correction.

End User License Agreement

Limitations of Damages

In no event shall Licensor, or anyone else who has been involved in the creation, distribution, or delivery

of this product be liable for any direct, indirect, special, punitive, exemplary, consequential or incidental

damages (including but not limited to damages for loss of business profits, business interruption, loss of

business information, and the like) arising out of the use or inability to use such product even if Licensor

has been advised of the possibility of such damages. Because some states do not allow the exclusion or

limitation of liability for consequential or incidental damages, the above limitation may not apply to you.

This software and any accompanying materials are copyrighted. Unauthorized copying of this software

or of any of the textual materials accompanying it is expressly forbidden.

You may not modify, adapt, translate, reverse engineer, decompile, disassemble (except to the extent

applicable laws specifically prohibit such restriction), or create derivative works based on the software.

Export Restrictions

You agree that you will not export the software to any country, person or entity subject to U.S. export

restrictions.

Entire Agreement

This written End User License Agreement is the exclusive agreement between you and Licensor

concerning the software and supersedes any and all prior oral or written agreements, negotiations or

other dealings between us concerning the software. This License Agreement may be modified only by

a writing signed by you and Licensor.

This agreement is subject to the laws and jurisdiction of the courts of the Commonwealth of Massachusetts,

USA. If a court of competent jurisdiction invalidates one or more of the terms of this contract, the

surviving terms continue in force.

This License Agreement is effective upon the earlier of your (1) use of the software; or (2) your

manifesting assent to these terms as by clicking on the I Agree button shown when you downloaded or

installed the software.

Table of Contents

1. Introduction ........................................................................................ 6

1.1 Purpose of this document .................................................................................6

1.2 How to use this document ................................................................................7

2. Requirements and Assumptions .......................................................8

2.1 What is a CC compliant system? ......................................................................8

2.2 Identifying Your Defender Device ....................................................................9

2.3 Hardware Requirements ...................................................................................9

2.4 Software Requirements .....................................................................................10

2.5 Requirements for the system’s environment ....................................................10

2.6 Requirements for administrators ......................................................................11

2.7 Requirements for users .....................................................................................11

2.8 Requirements for connectivity ..........................................................................12

2.9 Excluded functionality ...................................................................................... 12

2.10 Device reception .............................................................................................12

3. Documentation ...................................................................................13

4. Software Installation .......................................................................... 15

4.1 Obtaining copies of UKLA and KRMC ...........................................................15

4.2 UKLA ...............................................................................................................16

4.3 KRMC ..............................................................................................................17

4.4 KDM .................................................................................................................18

4.4.1 Verifying the KDM Software Version ......................................................18

4.4.2 Verifying the KDM Client Edition ..........................................................19

4.4.3 Updating Your Defender Device .............................................................21

4.4.3.1 Updating Cloud/Standard Edition Devices ................................22

4.4.3.2 Updating KRMC Enterprise Edition Devices ............................23

4.4.3.3 Updating No-Comms Edition Devices .......................................24

5. Common Criteria Certified Versions ...............................................25

5.1 Firmware verification Process ..........................................................................25

5.2 Client Software Verification Process ................................................................25

6. Device Self Test ................................................................................... 26

7. Standalone Device Setup ...................................................................27

8. Managed Devices ................................................................................27

9. Password Selection Recommendation ..............................................28

10. Defender Elite200 Write Protect Switch ..........................................28

11. Verifying Your Files Using SHA256 Checksum ..............................29

11.1 SHA256 Checksum Values .............................................................................30

12. Changelog ...........................................................................................34

1. Introduction

1.1 Purpose of this document

The Kanguru Defender Family of encrypted storage devices is designed to provide secure and reliable

portable storage.

Because security requirements are dependent upon the applications and environment, it is not possible

to simply certify that the devices are “secure”, a more precise definition is needed.

The Common Criteria (CC) provides a widely recognized methodology for security certification of

products. A CC evaluation is fundamentally a two-step process, consisting of defining the “security

target” which describes the features that are to be evaluated, and then testing and verifying that the

product actually implements these features with a sufficient level of assurance.

This document is a security guide that explains how to set up the evaluated configuration, and provides

information to administrators and ordinary users to ensure secure operation of the Kanguru Defender

devices. It is intended to be self-contained in addressing the most important issues at a high level, and

refers to other existing documentation where more details are needed.

The document addresses both administrators and users and the different tasks they are involved in.

Knowledge of the Common Criteria is not required for readers of this document.

Introduction

1.2 How to use this document

The key words “MUST”, “MUST NOT”, “REQUIRED”, “SHALL”, “SHALL NOT”, “SHOULD”,

“SHOULD NOT”, “RECOMMENDED”, “MAY”, and “OPTIONAL” in this document are to be

interpreted as described in RFC 2119 (http://www.ietf.org/rfc/rfc2119.txt). Note that this document

avoids the terms “SHOULD” and “SHOULD NOT” that are defined in RFC 2119.

Requirements are either absolute (and marked with MUST and equivalent terms), or entirely optional

(in the sense of not affecting required security functions) and marked with RECOMMENDED, MAY or

OPTIONAL.

If you follow the requirements in this document when setting up and using the devices, your configuration

will match the evaluated configuration. Certain configuration options are marked as OPTIONAL and

you MAY modify them as needed, but you MUST NOT make other changes, because they will make the

system fail to match the evaluated configuration.

Of course, you MUST always use common sense. This document is not a formal specification, and

legitimate reasons can exist to modify the device setup in ways not described here if that is necessary for

the system to fulfill its intended purpose. Specifically, applying security patches released by the Kanguru

is strongly RECOMMENDED even though that will cause a deviation from the evaluated configuration.

In cases where the requirements and recommendations in this document conflict with those in other sources

(such as the provided manuals), the information in this configuration guide has higher precedence. You

MUST follow the steps described here to reach the evaluated configuration, even if other documentation

describes different methods.

Introduction

2. Requirements and Assumptions

2.1 What is a CC compliant system?

A system can be considered to be “CC compliant” if it matches an evaluated and certified configuration.

This implies various requirements concerning hardware and software, as well as requirements concerning

the operating environment, users, and the ongoing operating procedures.

Strictly speaking, an evaluation according to the CC represents the results of investigation of the security

properties of the target system according to defined guidelines. It must not be considered as a guarantee

for fitness for any specific purpose, but will provide help in deciding the suitability of the system

considering how well the intended use fits the described capabilities. It is intended to provide a level of

assurance about the security functions that have been examined by a neutral third party.

The software MUST match the evaluated configuration. In the case of the Defender Family, this also

requires that the installed supporting software (UKLA and KRMC) are the same. The documentation

(including this guide) will specify permitted variations, such as modifying certain configuration files and

settings.

Note: KLA and UKLA are one and the same and are used interchangeably with each other in the

document.

Stated requirements concerning the operating environment MUST be met. They are linked to the

assumptions made in the Security Target.

Typical requirements are restrictions concerning permitted network connections (for the administrative

access) and usage scenarios.

The operation of the system MUST be in agreement with defined organizational security policies, to

ensure that actions by administrators and users do not undermine the system’s security.

Requirements and Assumptions

2.2 Identifying Your Defender Device

There are currently two Defender models that are certified for Common Criteria: 2000 and Elite200.

You can visually identify which Defender model you own by checking the logo engraved on the device’s

casing.

2.3 Hardware Requirements

The hardware MUST be one of the following devices. This entire document applies to all hardware

systems unless explicitly noted.

• Kanguru Defender Elite200

Part number Capacity FW Version

KDFE200-4G 4GB

02.03.10

02.05.10

KDFE200-8G 8GB

KDFE200-16G 16GB

KDFE200-32G 32GB

KDFE200-64G 64GB

KDFE200-128G 128GB

• Kanguru Defender 2000

Part number Capacity FW Version

KDF2000-4G 4GB

02.03.10

02.05.10

KDF2000-8G 8GB

KDF2000-16G 16GB

KDF2000-32G 32GB

KDF2000-64G 64GB

KDF2000-128G 128GB

Requirements and Assumptions

Defender 2000 Defender Elite200

2.4 Software Requirements

The device client software MUST be one of the following applications. This entire document applies

to all of the applications unless explicitly noted. The appropriate device specific Kanguru Defender

Manager has to be used.

• Kanguru Defender Manager Elite200:

○ KDME200 v 2.0.0.0 - 2

○ KDME200 v 2.0.0.0 - 3

○ KDME200 v 2.0.0.0 - 6

• Kanguru Defender Manager 2000:

○ KDM2000 v 1.2.1.8 - 2

○ KDM2000 v 1.2.1.8 - 3

○ KDM2000 v 1.2.1.8 - 6

• Universal Kanguru Local Administrator: Version Release 3.2.0.3

• Kanguru Remote Management Console: Version 5.0.2.6

Important! Your Defender security device MUST be running the Kanguru Defender Manager software

version listed above in order to be considered CC compliant. It is the user’s responsibility to ensure that

their hardware is in compliance. For instructions on determining what version of Kanguru Defender

Manager your device is running, please refer to section 4.4 KDM on page 18.

2.5 Requirements for the system’s environment

The security target covers devices that use Linux, MacOS and Windows hosts for access via the

appropriate Kanguru Defender manager (KDM).

It is assumed that the value of the stored assets merits moderately intensive penetration or masquerading

attacks. It is also assumed that physical controls in place would alert the system authorities to the physical

presence of attackers within the controlled space.

You MUST use the devices only on trustworthy hosts that can be relied on to not have any malware

installed.

The Kanguru Remote Management Console MUST be installed on a Windows 2008 System with MS

SQL Server 2005, MS SQL Server 2008 or MS SQL Express and IIS already installed and the latest

security patches applied.

The Kanguru Remote Management Console MUST be installed on a physically protected system that is

only used for KRMC.

The Kanguru Central Server MUST NOT be used in the evaluated configuration.

Requirements and Assumptions

2.6 Requirements for administrators

When using the devices in an Enterprise configuration, there MUST be one or more competent individuals

who are assigned to manage the devices. These individuals will have the ability to initialize and reset

devices, reset and change user passwords as well as configure failed authentication handling.

The system administrative personnel MUST NOT be careless, willfully negligent, or hostile, and MUST

follow and abide by the instructions provided by the administrator documentation.

Every person that has the ability to perform administrative actions via UKLA and KRMC has control

over security properties of the devices and could, either by accident or deliberately, undermine security

features of the system. This Configuration Guide provides the basic guidance on how to set up and operate

the system securely, but is not intended to be the sole information required for a system administrator to

learn how to operate the devices securely.

It is assumed, within this Configuration Guide, that administrators who use this guide have a good

understanding and knowledge of operating security principles in general and of the Defender configuration

in particular. We strongly advise that any organization that wants to operate the system in the evaluated

configuration nevertheless have their administrators trained in security principles.

Every organization MUST trust their system administrators not to deliberately undermine the security

of the devices.

This Configuration Guide provides the additional information a system administrator MUST obey when

installing, configuring and operating the devices in compliance with the requirements defined in the

Security Target for the Common Criteria evaluation.

2.7 Requirements for users

Users MUST inspect the device and packaging before use to verify that it has not been tampered with.

The casing and any sealing (of the original packaging) MUST be intact without any marks. If the casing

or seal is broken or has been tampered with, users MUST refuse delivery of the package.

Users MUST ensure that the authentication attribute can not be obtained by spying or shoulder surfing.

Users MUST ensure that the system that they use to access the devices are secure and do not contain any

software that tries to access the devices in an unauthorized fashion.

Users MUST protect the host computer while absent (e.g. via a screen locker) while a device is connected

or disconnect the device.

Users MUST check that the firmware version on the device is the correct CC certified version. For

instructions on verifying the device’s firmware version and a comprehensive list of CC certified version,

please refer to Chapter 5. Common Criteria Certified Versions on page 25.

Requirements and Assumptions

2.8 Requirements for connectivity

When using KRMC, you MUST ensure that all network connections used for the communication with

the KRMC are under the same management domain as the TOE and protected against tampering, tapping

and other modifications.

2.9 Excluded functionality

The Kanguru Defender devices support more functionality than what is covered by the evaluation,

namely antivirus, the virtualization component, the write protect switch and KRMC cloud.

Use of these features have not been evaluated as part of the CC Configuration.

2.10 Device reception

The open edges of the Kanguru Defender’s packaging are secured by three tamper evident seals which

cannot be removed without leaving behind visual indication that the seals have been removed. When

initially receiving the device, the administrator or user MUST ensure that the device arrives in a package

with seals that are not broken.

Seals that have been tampered with will leave behind a distinct pattern of dots. If any of the seals are

broken or have been tampered with, the customer MUST refuse delivery of the package.

Requirements and Assumptions

3. Documentation

The delivery of the Guidance Documents will be secured through a secure site (Kanguru.com). The

document will be available as a download with a SHA256 hash available to confirm that the download

is authentic and uncompromised.

Important! The user MUST check the authenticity of the documentation downloaded to ensure that the

files have not been corrupted or tampered with. The user can use file hashing to verify that the file they

downloaded is genuine. For instructions and details on verifying the file hash, please refer to Chapter 11.

Verifying Your Files Using SHA256 Checksum on page 29.

This document (Common Criteria Document) takes precedence over all user manuals.

• Defender Elite200: https://kanguru.zendesk.com/entries/89657676

• Defender 2000: https://kanguru.zendesk.com/entries/89657676

• UKLA: https://kanguru.zendesk.com/entries/90082416

• KRMC: https://kanguru.zendesk.com/entries/88927863

In addition, these documents are also available for download through the software applications.

• To download digital copies of Kanguru Defender 2000 and Elite200 documentation, right-click on

the KDM icon located in the task bar. The Defender menu appears.

○ Click on Quick Start Guide to download a digital copy of the Defender’s Quick Start Guide

○ Click on Defender User Manual to download a digital copy of the Defender’s User Manual

• To download a digital copy of the KRMC documentation, login to KRMC and then click on

Support → Manuals → Documentation

Documentation

ECG delivery to customers

Customers can download latest evaluated guide from Kanguru support site at:

https://kanguru.zendesk.com/entries/88351486-Evaluated-Product-Guide

CC Certified User manuals can be downloaded from:

• https://kanguru.zendesk.com/entries/89657676-Evaluated-User-Guides-for-Devices

• https://kanguru.zendesk.com/entries/90082416-Evaluated-User-Guide-for-UKLA

• https://kanguru.zendesk.com/entries/88927863-Evaluated-User-Documents-KRMC

Access to the UKLA and KRMC User Manuals is granted to UKLA and KRMC administrators when

their order is processed.

Documentation

4. Software Installation

The evaluation covers a fresh installation of the management software and the initial configuration of the

devices listed in section 2.3 Hardware Requirements on page 9.

4.1 Obtaining copies of UKLA and KRMC

Both UKLA and KRMC are only available after they have been purchased. There are two ways that you

can obtain the UKLA and KRMC installer package:

• Physically provided on a CD

• A digital copy can be downloaded from the Kanguru Solutions’ support site

Unless you specify otherwise when placing your UKLA or KRMC order, a UKLA and/or KRMC

installation disc will be shipped to you.

Verifying the installation CD

Installation CD’s are packaged at secure Kanguru facilities and shipped via industry standard supply

chain organizations (UPS, FedEx, etc). All shipped CD’s are sealed when packaged and protected with

a tamper evident seal. If the seal is broken or has been tampered with, customers MUST refuse delivery

of the package.

Digital Download

To obtain access to digitally download the UKLA/KRMC installation package, please send an e-mail

request to [email protected] with your order information. Once your order information has

been confirmed, you will receive an e-mail notifying you that access to the UKLA/KRMC installer

download has been granted.

These files are only accessible to registered users who have been granted access to the Kanguru UKLA

and KRMC web portal:

• UKLA download: https://kanguru.zendesk.com/entries/74698328

• KRMC download: https://kanguru.zendesk.com/entries/74056153

Important! The user MUST check the authenticity of the downloaded installers to ensure that the files

have not been corrupted or tampered with. The user can use file hashing to verify that the file they

downloaded is genuine. For instructions and details on verifying the file hash, please refer to Chapter

11. Verifying Your Files Using SHA256 Checksum on page 29.

Software Installation

4.2 UKLA

UKLA can be installed anywhere on your Windows system. You MUST place it in a directory that is

writable by the user ID working with it, as it writes a settings file into this directory.

Please refer to the “UKLA User Manual v3.2.1.pdf” before the first use of the software.

When running UKLA for the first time you will be prompted to set up an administrator password. This

password MUST conform to the password guidance given in the Password selection policy.

Update UKLA

Updates to UKLA are released by Kanguru Solutions regularly. The Update UKLA section allows you

to check for any available updates to your Universal KLA software version. Your computer will need to

have access to the internet in order to check for newer versions of UKLA.

Click on the Check for software updates button. UKLA will connect to the Kanguru Central Server and

check whether there are any updates available. If an update is available, you MAY follow the on-screen

instructions to update your version of UKLA.

WARNING! You will receive a warning message if your UKLA version is Common Criteria certified. If

you update UKLA from a Common Criteria certified version to a newer version, the software application

will no longer be Common Criteria certified.

4.3 KRMC

Please refer to “KRMC - Enterprise Edition - Install Guide v5.pdf” for instructions on installing KRMC

and the prerequisite software (MS SQL and IIS on Windows Server 2008).

When setting up the MS SQL Server, the passwords used for the database MUST conform to the password

guidance given in the Password selection policy.

The passwords used for the CA that is installed with KRMC MUST conform to the password guidance

given in the Password selection policy.

The Device Control module is optional and is not part of the CC evaluation. You MUST NOT enable

Device Control functionality.

When running KRMC for the first time you MUST change the supplied default password for the

administrator. The new password MUST conform to the password guidance given in the Password

selection policy.

To view the version of KRMC currently running, go to the Support section in your KRMC console. The

Support page provides you with information regarding your KRMC version, server time zone, system

configuration, and information for contacting Kanguru’s Technical Support staff.

Important! If you have been using a non-CC compliant version of KRMC and want to migrate to a CC

compliant version, you MUST make a fresh install of the CC compliant KRMC version. For a KRMC

Enterprise migration to a CC certified version, the administrator of the enterprise environment will need

to follow these steps:

1. Uninstall the current KRMC installation by following the steps below:

a. Remove the Kanguru Remote Management Console from Windows Control Panel → Add/

Remove Programs

b. Remove KRMC from the IIS sites list

c. Remove the KRMC folder from within inetpub → wwwroot folder path

2. Restart the server where KRMC was installed.

3. Download the CC Certified KRMC installer version from the Kanguru Support site.

4. Install the CC Certified version of the KRMC server downloaded from the Kanguru site.

Software Installation

4.4 KDM

The Defender 2000 and Elite200 flash devices come pre-loaded with firmware and KDM client software.

For all drives, the delivery to the customer is carried out by a commercial delivery service, such as UPS,

USPS, FedEx, etc.

The Defender Device contains two partitions: a CD-ROM partition and a secure, encrypted partition.

Kanguru Defender Manager (KDM) is the client program pre loaded on the Defender Device’s CD-

ROM partition. The user needs to login to KDM in order to access the secure, encrypted partition. KDM

comes pre-installed on your Defender Device. No installation on your PC is necessary.

4.4.1 Verifying the KDM Software Version

Users can open the version.ini file in CD-ROM partition to verify the software version on their drive.

The CC certified software versions are mentioned in this doc (see section 2.4 Software Requirements on

page 10) as well as in the device’s user manual.

Users are able to view the version of the KDM client application currently running on their drive by

right-clicking on the KDM icon located in the task bar and then selecting About.

Important! Your Defender security device MUST be running a CC certified version of the Kanguru

Defender Manager software to be considered CC compliant (i.e. KDME200 v2.0.0.0 or KDM2000

v1.2.1.8). Your Defender device MAY have come pre-loaded with a non-CC certified version of KDM.

If your Defender device is not running a CC certified version of KDM, please see section 4.4.3 Updating

Your Defender Device on page 21 for information on updating your Defender’s KDM software version

to a CC certified version.

Software Installation

4.4.2 Verifying the KDM Client Edition

Users can open the version.ini file in CD-ROM partition to verify whether their device is running a

Cloud edition, Enterprise edition or No-Comms edition client.

Open the version.ini file in a text editor and check the line for “Product Version” and check whether the

product version number ends in - 2, - 3 or - 6 suffix.

Version suffix Edition Description

-2 Cloud edition The standard Defender model.

-3 Enterprise edition Enterprise edition devices have been configured to be

capable of communicating with KRMC Enterprise.

-6 No-Comms edition The No-Comms version is identical to the Cloud version

but with all communication functionality disabled.

Some other general differences are identified below:

In KDM Cloud:

• Anti-Virus (AV) definitions are downloaded from Kanguru server. The list with the most current

definitions is received from the Kanguru Central Server (KCS). Important! KDM Cloud edition

users MUST disable anti-virus functionality on their device.

• Cannot be managed by KRMC Enterprise

In KDM Enterprise:

• AV definitions are downloaded from a KRMC enterprise server. Important! KDM Enterprise

edition administrators MUST disable anti-virus functionality for their managed devices.

• Devices MUST be provisioned using UKLA - setting device properties and exporting them to a

.krm file that is added in KRMC Enterprise.

• “Enterprise Edition” appears on the splash screen

In KDM No-Comms:

• There is no AV functionality.

• There is no communication to any network or internet server.

• All drive communications, including live updates for the KDM client software for the drive, are

disabled.

• The drive operates in a completely offline mode, and cannot be managed by KRMC.

Software Installation

Verifying the files loaded to your Defender device

The user MUST check the authenticity of the client software on their Defender drive to ensure that the

device has not been corrupted or tampered with. The user can use file hashing to verify that the files

contained on their devices are genuine. For instructions and details on verifying the file hashes, please

refer to Chapter 11. Verifying Your Files Using SHA256 Checksum on page 29.

Verifying the client application certificate information

Windows users can check that the digital certificate for the KDM client application is signed by Kanguru

Solutions, in order to guarantee its authenticity. This feature is only available through Windows and is

not available for Mac OSX or Linux users.

To verify the certificate information:

1. Open the Defender’s CD-Rom partition in Windows Explorer.

2. Right click on the KDMxxxx.exe client application file and select Properties from the menu.

3. Click on the Digital Signature tab.

4. In the signature list, select Kanguru Solutions and then click on the Details button.

5. Check that the digital signature is OK and that “Kanguru Solutions (division of Interactive Media

Corporation)” is listed as the name under Signer Information.

Software Installation

Page is loading ...

Kanguru Common Criteria Evaluated User guide

Related papers

Other documents