Fortified access control based on authentication using digital signature

Strong access control in combination with authentication using digital signature and multiple access control policies

- PKI-base authentication (using public certificates) + RBAC/MLS/MAC
- Protection against data disclosure or modification/forgery of files inside servers caused by illegal intruders(unauthorized users)
- Identification of actual users based on multi-factor authentication, and access control based on actual users

Strong control over access privilege

PKI Based User Authentication

- Compliance with X,509 v3(international standard)

Role Based Access Control

Least Privilege & Separation of Duties

- Separation of duties between system administrator and security administrator(Separation of duties)
- Permitted minimal privileges based on the role of administrators(Least Privilege)

Management of accounts and passwords

Efficient Management of user account / login / passwords through management console

Support for multiple password rules

- Password complexity requirement(to disallow easy password) / disallow previously used passwords by using history feature / password aging rule / password dictionary, etc.

Facilitated control over user switch using ‘su’ command (for UNIX/Linux)

Network access control

Support for server firewall feature at the kernel level

Detection and prevention of unauthorized network access to systems

Control over file access and commands

Control over commands at the kernel level

Protection of major configuration files and directories

Control over the execution of critical commands which can affect system operation

Delegation of user privilege

Delegation triggered when a system administrator executes a command requiring administrative privileges

Delegation triggered when the users of specific systems require the sessions for managing accounts

User event audit

Real-time monitoring of command typing done by the users of specific systems (used for analysis of incidents or outage)

Event audit of user processes or background processes at the kernel level

Centralized system management

Centralized console for consolidated management

- Secure channel for PKI-based authentication and encrypted communication
- Control of multiple servers on the heterogeneous environment, and monitoring of server status
- Convenient in-batch enforcement of security rules through management console

Multiple report formats

Consolidated reporting of log data collected from heterogeneous systems

- Multiple filtering options for servers, logs, dates, user-defined types
- Reporting based on statistic data; support for graphs, charts, etc.