1. Product Overview
Because of the large number of equipment and complicated system operators, unauthorized access, misoperation, misuse of resources, negligence and leaks have occurred frequently. Malicious hacker access is also possible access to system privileges, breaking into the department or enterprise intranet, causing incalculable losses. The security of the account number and password of the terminal is also difficult to solve in the security management. How to improve the level of operation and maintenance management system, to meet the requirements of related laws and regulations, to prevent hackers and malicious access, user behavior tracking server, reduce maintenance cost, provide control and audit basis, has increasingly become the core problem of safety control in the internal network.
"The level of information security protection and management measures", "information involving state secrets protection classification system management standard", "basic norms of internal control", "Sarbanes act" and other safety regulations require that information system uses mandatory access control means, be able to control, limit and track user behavior, to determine whether the user's behavior the safe operation of the enterprise internal network threats.
Network guard system application operation and maintenance of the audit of the current advanced technology as the support, protection for internal network equipment and server, monitor and audit of such assets commonly used access control, user behavior tracking, judgement, meet the requirements of the enterprise internal network security.
2. product features
Tree infinite class grouping
Support group management of master accounts, managed resources, roles, groupings can be presented in tree style, without limiting the number of packet levels.
Support certificate
Master account supports certificate authentication, and it can also be combined with other authentication methods to make combination authentication and improve access security. For example, static passwords, certificates, smart cards, a variety of human characteristics (fingerprints, retina, etc.), dynamic tokens, and so on.
Automatic collection of accounts
Supports rich managed resource types, including Linux/Unix hosts, Windows hosts, network elements, switches, routers, firewalls, security devices, databases, and more. It can collect the account number of the managed resource automatically, and manage the resource account.
Combine Radius server
The network equipment can be network guard operation and maintenance of the audit system as the 3A authentication server, and through the password strength password policy to control equipment, can also set the password change plan, easy network equipment account, authentication, authorization management, meet the requirement to SOX.
Seamless development of 4A systems
Network security operation and maintenance audit system is abstracted from the 4A solution, and provides the most convenient 4A project integration solution. With advanced software architecture and clear and reasonable module division, the applicability of various 4A projects and non 4A project user scenarios is realized
CA compatibility
Support and CA system compatible, you can through the two development and implementation of account management with CA;
Access control policy
The access control configuration is abstracted into four policies: the host command policy, the access time policy, the client address policy, and the access locking policy, simplifying the configuration and use of the user.
Automatic password change plan
Supports automatic change of password for all managed devices. Password changes can be changed according to the requirements of cryptographic policies. The changed passwords conform to the password strength requirements in the password policy.
3. product function
Single sign on
When users log on the network security operation and maintenance audit system, they can display all the authorized resources intuitively, and do not need to re authenticate when accessing resources, so as to avoid frequent login and exit operations. Single sign on can realize seamless link with user authorization management. It can increase the protection of resource and monitor and audit user's behavior by authorization of user, role, behavior and resource.
Centralized account management
Through the establishment of centralized account management, you can achieve accounts associated with specific natural persons. Through this association, multi-level user management and fine-grained user empowerment can be implemented. In addition, it can realize the behavior audit of natural persons to meet the needs of real name auditing.
identity authentication
Network security operation and maintenance audit system provides users with a unified authentication interface, and can use more secure authentication mode, including static password, double factor, one-time password and biometric authentication methods. And it can be easily docked with the third party authentication service.
Resource licensing
Network operation and maintenance of the audit system can guards the user, role, behavior and resource authorization, the system can not only authorized users can access this coarse-grained application based on boundary authorization what resources, can also limit the users in the system operation, and operation at what time of fine-grained authorization.
access control
A fine-grained command policy is a collection of commands that can be a set of executable commands, or a set of non executable commands that are assigned to specific users to limit their behavior.
Operation audit
The system supports audits of the following protocols: Telnet, FTP, SSH, RDP (Windows, Terminal), X, windows, VNC, and so on.
4. typical cases
Internal network behavior management
Serious attacks from within the system (80% from internal attacks), the main application of network operation and maintenance system in the internal audit guard user behavior management, monitoring network devices and servers of various channels of access, support Telnet, FTP, SSH, RDP, X, windows etc., ensure the operation and control the behavior of users, visual and internal management, tracking and identification, to prevent insider confidential information on illegal acquisition and use, to protect the core secrets of enterprises and institutions.
Management of network devices
Network border security equipment is an important part of enterprise network security protection system, security strategy of network border security equipment, internal network security of enterprises and institutions play a very important role. At present the key network border security equipment, mainly from foreign giants and the leading domestic companies, these companies generally provide advanced CLI function, the administrator can through SSH and serial port on the network border security equipment (such as switches, protective walls, VPN etc.) were omitted configure security policy. However, there is no reliable way to ensure the validity, validity and consistency of the system administrator security policy configuration behavior, generally through administrative means, let the system administrator log security policy configuration process, this is the serious security risks. Network operation and maintenance of the audit system provides guards gateway deployment, system administrators can record on the boundary of the network security equipment configuration process, ensure the consistency of security policies, the formation of the log system, can be easily integrated into enterprises and institutions in the existing security policy management framework.
Prevention of hacker behavior
Hackers often use various illegal means (such as social engineering, malicious programs, system vulnerabilities, buffer overflow procedures, etc.) to obtain user privileges, and then use this permission to log on to the system. Network security operation and maintenance audit system can record the operation process of the hacker, and it has good practical value for ex post verification and data recovery. Network security operations audit system, you can also restrict the hacker behavior through the address binding function, even if the hacker access to system privileges, you can not do any action on the system.
Instead of applications such as KVM
Many users now use KVM, over, IP, PC, Anywhere, parallel auditing, etc. to manage the operation and maintenance of servers. KVM is a simple keyboard, monitor, mouse physical focus, there is no account, certification, audit management functions. The use of remote management tools PC and Dameware Anywhere, and centralized management by setting up the server, while reducing the errands, but only for the control of windows host, network equipment, UNIX system and database is incapable of action. The root of these tools only LAN desktop remote management tools, user server resource management is beyond strength and power. Parallel audit weaknesses are more prominent, no centralized control function, can record some little traffic operation, once the interception flow is too large will drop, but also for the encryption protocol and graphics protocol, but also no way to work.
Therefore, users who use the above three methods to manage server resources, switch to the network security operation and maintenance audit system, can significantly improve efficiency and security of information resources.