Introduction
Admins are the managers of the system. What makes a user an admin is the power of permission over certain tasks and features.
The Management tab can be learned in a short time. All options have a purpose and learning how to use them together enables the flexibility of tiCrypt infrastructure.
Admins can control permissions per user with User Profiles.
tiCrypt does not give the admins full control over the system, but rather permission-based settings for users.
Super-admins have system responsibilities while sub-admins have team responsibilities.
Admins can make announcements from the Management tab
or export tables in Excel.
The most sensitive permissions come with Projects
and Virtual machines
. The role of a good tiCrypt admin implies awareness
of user permissions, projects, and virtual machine management.
Admins Classification
Super-Admin
- Can change anyone's
permissions
- Has access to
system settings
- Has access to
global settings
(i.e add external servers, change key caching policy)
Admin
- Similar to Super-admin except:
- Cannot change/modify
global settings
- Cannot stop/restart
system services
(and microservices) - Cannot modify super-admin settings
- Cannot change/modify
Sub-Admin
- Manages and modifies
user permissions
andprojects
under their own team only - Can have multiple sub-admins in the same team eg: ABC Team as preferred
System Management Map
tiCrypt management is mostly automated removing the burden of team management or the need of high technical expertise.
Hardware and networks are VM-based ensuring an isolated secured user environment.
The system monitors all actions via tiAudit. Any troubleshooting attempt is seen as a security threat that will prompt the admin to re-enter their password. Admins can perform checks with the audit team. This action will perform checks from within the application using the system services option in the settings.
If an issue occurs it can be usually solved within minutes due to the alerting structure of the system. tiCrypt is not only alerting unusual activity but it also automatically blocks the whole spectrum of action.
Virtual machines function on isolated single ports to the local machine without any internet connection. This architectural tunnel avoids any data leakage or penetration possibility.
Users still have internet connection aka their local machines.
Management operations are cryptographically secured and access-controlled. For example, Groups and VMs are cryptographic, while Teams and Projects are access-controlled.
tiCrypt goes beyond access control and cryptography allowing a combination of access control and cryptography in a single container for doubled security.
The current infrastructure of Virtual Machine Hosts allows full housing for ITAR, FISMA, Medical Research, DoD projects and other similar field research.
Filtering power
tiCrypt management system can filter anything from users, teams, and groups to projects, classified projects, workflows, and complex infrastructure designs.
Criteria may be customized in the management tab using the tiCrypt isometric backend. This operation does not tire the system in any way.
tiCrypt can filter security. i.e: Have a project unlocked or access controlled, or access control + cryptographically secured at the same time.
Setting up accounts
Users receive a patch and installation instructions. They press Next
several times and the tiCrypt Connect is installed on their local machine.
After they click to generate their private key, they put their email and password on the registration page. This will make them show up in the database as new and unactivated users.
Admin's responsibility is not installing tiCrypt on user's machine, but rather clicking activate user
in the User panel in the management
tab.
Workstations
System admins have the tools to build what is called 'Constellations' where multiple VMs work together with the server to delegate resources between them automatically.
tiCrypt uses realms, which may be in Libvirt or AWS depending on the system preferences.
Firewalls and Backups
Admins can back up or never back up drives. Backup changes are recorded in the audit logs. The system may perform both full and incremental backups using Boolean values for custom data points.
An audit log is a record of a backup, a backup drive is the saved data itself.
Accounts Recovery
Systems are usually penetrated using the forgot my password option. tiCrypt has an escrow mechanism that ensures full security using private key cryptography
recovery via the public key + the site
key which is the sum of multiple escrow members' keys and a digitally signed key from Tera Insights.
The process has a simple UI requiring four recovery steps for lost account access.
Operating Systems
Both Linux and Windows are part of tiCrypt interface. Admins can pick their preferred system.
Management with Users
tiCrypt management structure was primarily developed for users giving them an easy time carrying out both simple and complex projects. Admins are not needed to manage the system but rather to:
- Build workflows
- Oversee the system
- Check audit reports once a month
- Assist users in rare occasions
Users never see the coding in the front-end; they are not forced to use command lines to navigate within their virtual machine environments. tiCrypt UI was developed by researchers for researchers.
Reporting to Chief Technology Officer
Management in tiCrypt can afford direct reporting to decision-makers at any time. System admins can generate an audit report by pressing a button that will indicate how users behaved, if they did their homework and how far has the system infrastructure evolved from the installation day. This operation allows comprehensive system data forecasts. i.e: if a user does X repeatedly in the future it will trigger a Y trend in the infrastructure.
New Releases
Upgrades are done systematically and automatically. Admins can switch to older versions at any time, however, they should keep the last updated version of tiCrypt due to usability and new upcoming features. Both admins and users can update tiCrypt by clicking on the last available version in tiCrypt Connect before logging in.
Auditing
tiCrypt Audit was built with the purpose of compliance. The goal of tiAudit is to keep track of all actions in the main system and make the system engineer and the audit team fully aware of what is happening in real-time.
tiAudit is a separate system from the main system, therefore audit users log in separately. Every action is audited from the installation day of tiAudit until the present moment. Audit logs cannot be simply discarded due to high security.