Fortified access control based on authentication using digital signature
Strong access control in combination with authentication using digital signature and multiple access control policies
- PKI-base authentication (using public certificates) + RBAC/MLS/MAC
- Protection against data disclosure or modification/forgery of files inside servers caused by illegal intruders(unauthorized users)
- Identification of actual users based on multi-factor authentication, and access control based on actual users
Strong control over access privilege
PKI Based User Authentication
- Compliance with X,509 v3(international standard)
Role Based Access Control
Least Privilege & Separation of Duties
- Separation of duties between system administrator and security administrator(Separation of duties)
- Permitted minimal privileges based on the role of administrators(Least Privilege)
Management of accounts and passwords
Efficient Management of user account / login / passwords through management console
Support for multiple password rules
- Password complexity requirement(to disallow easy password) / disallow previously used passwords by using history feature / password aging rule / password dictionary, etc.
Facilitated control over user switch using ‘su’ command (for UNIX/Linux)
Network access control
Support for server firewall feature at the kernel level
Detection and prevention of unauthorized network access to systems
Control over file access and commands
Control over commands at the kernel level
Protection of major configuration files and directories
Control over the execution of critical commands which can affect system operation
Delegation of user privilege
Delegation triggered when a system administrator executes a command requiring administrative privileges
Delegation triggered when the users of specific systems require the sessions for managing accounts
User event audit
Real-time monitoring of command typing done by the users of specific systems (used for analysis of incidents or outage)
Event audit of user processes or background processes at the kernel level
Centralized system management
Centralized console for consolidated management
- Secure channel for PKI-based authentication and encrypted communication
- Control of multiple servers on the heterogeneous environment, and monitoring of server status
- Convenient in-batch enforcement of security rules through management console
Multiple report formats
Consolidated reporting of log data collected from heterogeneous systems
- Multiple filtering options for servers, logs, dates, user-defined types
- Reporting based on statistic data; support for graphs, charts, etc.