InZero

How is InZero different?
Recognizing the root of the issue, InZero has designed a truly secure solution for these PCs at higher risk for attack. All potentially dangerous applications, such as the browser, are isolated on separate hardware with special protections. This means that nothing can attack your PC, it is basically offline, while still able to browse the Internet and send/receive emails.
 
How do I operate InZero?
After the standard “click-through” installation, you will have access to the applications onboard of InZero, including the Protected Browser. From that point on just use the InZero Protected Browser for Internet access and you will become an unreachable target for online criminals.
 
Which PCs on my network should be considered at high risk for attack?
This depends on your specific network and the data that each PC contains, but in general any PC with access to the internet and to the financial data (treasury department, POS computers, online banking), customer/healthcare records, employee information, and other sensitive data should be considered high risk.
 
How do I manage InZero on my network?
InZero comes complete with a Management Console that allows an administrator to remotely and securely distribute security policies, access permissions, and certificates. This centralized management capability is especially useful when applied to remote users.

How can I deploy InZero?
To ensure the highest level of protection for sensitive data within a variety of network environments InZero presents two deployment options:
The Flexible Deployment option is used when direct connectivity to network resources is required from the protected PC, for example, if there is a need to allow access to internal network resources, such as an authentication server, network printer, or the Microsoft update server.
The Lockdown Deployment option restricts the user’s network activity to only InZero-based applications. The InZero Gateway includes a Browser, an Identity Vault, and a Messenger; this is often enough to perform a variety of sensitive online operations. General browsing, downloads and uploads are done safely with InZero. At the same time, the user retains the ability to use non-network applications from the host PC, for example MS Office, graphic editors, AutoCAD, etc.

How does InZero protect from user action emulation?
Any change to the system settings or the security policy requires physical confirmation from the user (user has to press the OK button on the Gateway). This completely prevents software emulation of user action. 
 
How does InZero protect from key loggers?
The Identity Vault browser securely generates and stores your passwords. This means that there is no need to enter them manually when logging into a website. This prevents the key logger from capturing the login/password.
 
How does InZero protect private keys?
InZero Gateway keys are stored in a separate secure microcontroller, meaning that they are physically isolated from InZero’s CPU. The microcontroller provides access for the encryption/decryption functions but not to the keys themselves, which always remain hidden.
 
Can I use InZero as a router/firewall/VPN accelerator?
InZero has this functionality available though its primary purpose is to provide a set of secure applications for the user.
 
Which type of VPN does InZero support?
InZero supports SSL VPN and IPSec VPN. Supporting ciphers are AES-256, AES-192, AES-128, 3DES and Blowfish. Keys could be RSA or DSA. We do not support pre-shared keys because they are not secure.
 
Does InZero protect email?
InZero provides email security in two ways. First, web-based mail can be securely accessed using InZero’s Protected Browser. All links will open in Protected Browser and all attachments can be opened within InZero environment. Second, we developed Mail Proxy service that can automatically convert all your unsafe attachments to safe format.
 
What is the purpose of the HTTP proxy?
When deployed in in-line mode, InZero HTTP proxy enables whitelisting capability. All sites designated as trusted and added to the whitelist can be accessed from the host PC. However, this whitelist can be extremely short because all other sites are still accessible with the InZero Protected Browser. This makes for a more viable alternative to the prevailing highly restrictive whitelist solutions.
 
How does InZero compare to LiveCD?
The main difference is usability. With LiveCD, the user does not have access to files and records that are stored on the main system. Gaining such access, through a USB stick for example, means a compromise in security posture. In addition, rebooting into LiveCD for every sensitive transaction may not be feasible for users who perform them with some regularity.
 
Is InZero the same as a virtual machine?
InZero is different from a host-based virtual machine solution in two main respects:
InZero runs on specially designed hardware where as a virtual machine runs on the vulnerable standard computer architecture. Hypervisor attacks have moved from the realm of theory into the real world and are only expected to escalate as virtual solutions gain in popularity.
Central management – InZero allows security policies to be managed remotely, whereas virtual machines are not designed to be part of the domain mode.