Skip to main content

Introduction

Overview

Admins are the managers of the system. What makes a user an admin is the power of permission over specific tasks and features.

The Management tab can be learned quickly. Learning to use all features together enables the flexibility of tiCrypt infrastructure.

A powerful mechanism in tiCrypt is the variety of workflows that can achieve similar objectives.

  • Admins can control permissions per user with User Profiles.
  • Admins can make announcements from the Management tab or export tables in XML format.

tiCrypt does not give the admins full control over the system, but rather permission-based settings per user.

Super-admins have system responsibilities while sub-admins have team responsibilities.

note

The most sensitive permissions come with Projects and Virtual machines. The role of a good tiCrypt admin implies awareness of user permissions, projects, and virtual machine management.

Admin Viewpoints

tiCrypt Roles Classification

Admins Classification

Super-Admin

  • Can change anyone's permissions.
  • Has access to system settings.
  • Has access to global settings (i.e., add external servers, change key caching policy).

Admin

  • Similar to Super-admin except:
    • Cannot change/modify global settings.
    • Cannot stop/restart system services (and microservices).
    • Cannot modify super-admin settings.

Sub-Admin

  • Manages and modifies user permissions and projects under their own team only.
  • Can have multiple sub-admins in the same team. e.g., ABC Team as preferred.

System Management Map

tiCrypt management is mostly automated removing the burden of team management or the need of high technical expertise.

Hardware and networks are Virtual machine-based ensuring an isolated and secured user environment.

The system monitors all actions via tiAudit. Any troubleshooting attempt is considered a security threat that will prompt the admin to re-enter their password. Admins can perform checks with the audit team. This event will perform checks within the application using the system services option in the settings.

If an issue occurs it can usually be solved within minutes due to the alerting structure of the system. tiCrypt not only alerts unusual activity but also automatically blocks the whole spectrum of action.

Virtual machines function on isolated single ports to the local machine without any internet connection. This architectural tunnel avoids any data leakage or penetration possibility.

note

Users still have internet connection, aka their local machines.

Management operations are cryptographically secured and access-controlled. For example, Groups and VMs are cryptographic, while Teams and Projects are access-controlled.

tiCrypt goes beyond access control and cryptography, allowing a combination of access control and cryptography in a single container for doubled security.

The current infrastructure of Virtual Machine Hosts allows full housing for ITAR, FISMA, Medical Research, DoD projects, and other similar field research deployments.

Filtering power

tiCrypt management system can filter anything from users, teams, and groups to projects, classified projects, workflows, and complex infrastructure designs.

Criteria may be customized in the management tab, which uses the tiCrypt esoterical backend. This operation does not tire the system in any way.

tiCrypt can filter security. i.e.: Have a project unlocked or access controlled, or access control + cryptographically secured at the same time.

CSV & JSON Exports

Apart from the System Settings tab, all management sections in the management tab have CSV Export option and JSON Export option. Additionally, all actions and exports are permanently tracked in the tiCrypt auditing system.

Data Refresh

Users can use the Refresh option to reload the data within tiCrypt, for easy functionality and convenience. This command allows updates to be seen without re-login into the system.

Setting up accounts

Users receive a patch and installation instructions. They press the Next button several times, and the tiCrypt Connect is installed on their local machine.

After they click a button to generate their private key, they put their email and password on the registration page. This action will make them show up in the database as new and unactivated users.

info

Admin's responsibility is not installing tiCrypt on user's machines, but rather clicking for once activate user in bulk in the User section in the tab.

Workstations

System admins have the tools to build what is called Constellations where multiple VMs work together with the server to delegate resources between them automatically. In addition, they are all connected to one VM, which communicates with both VMs and their drives through a single virtually cryptographically encrypted VPN.

tiCrypt uses realms, which may be in Libvirt or AWS depending on the system preferences.

Firewalls and Backups

Admins can back up or never back up drives. Backup changes are recorded in the audit logs. The system may perform both full and incremental backups using Boolean values for custom data points.

note

An audit log is a record of a backup; a backup drive is the saved data itself.

Accounts Recovery

Systems are usually penetrated using the forgot my password option. tiCrypt has an escrow mechanism that ensures full security during a private key recovery via the public key + the site key + escrow key, the sum of multiple escrow members' keys, and a digitally signed key from Tera Insights and the Super-admins.

The system forces members to communicate traditionally to prevent impersonation and social engineering attacks. The process has a simple UI requiring four recovery steps for lost account access.

Read more about escrow in the Escrow Role section.

Operating Systems

Linux and Windows are part of the tiCrypt interface. Admins can select their preferred system.

New Releases

Updates are conducted systematically and automatically.

Admins can switch to older versions at any time; however, they should keep the last updated version of tiCrypt due to usability and new upcoming features. Both admins and users can update tiCrypt by clicking on the last available version in tiCrypt Connect before logging in.

Auditing

tiCrypt Audit was built with the purpose of compliance. The goal of tiAudit is to keep track of all actions in the main system and make the system engineer and the audit team fully aware of what is happening in real time.

tiAudit is a separate system from the main system, therefore, audit users log in separately. Every action is audited from the installation day of tiCrypt until the present moment. Audit logs cannot be discarded due to high security.

Admin Ethics

Management with Users

tiCrypt management structure was primarily developed for users giving them an easy time carrying out both simple and complex projects. Admins are not needed to manage the system but rather to:

  • Build workflows
  • Oversee the system
  • Check audit reports once a month
  • Assist users on rare occasions

Users never see the coding in the front end; they are not forced to use command lines to navigate within their vault or virtual machine environments. tiCrypt UI was developed by researchers for researchers.

Reporting to Chief Technology Officer

Management in tiCrypt can afford direct reporting to decision-makers at anytime. System admins can generate an audit report by pressing a button. The results will showcase how users behaved if they did their homework and how far the system infrastructure evolved from the installation day.

This operation allows comprehensive system data forecasts. , i.e., if a user does X repeatedly in the future, it will trigger a Y trend in the infrastructure.

info

The Escrow section from the tab can be found in the escrow role - ticrypt admin section.