eTrust Access Control FAQs

eTrust Access Control protects business-critical data and applications with comprehensive security policies that prohibit unauthorized access. This powerful solution simplifies UNIX or Windows NT security management and enforcement. A graphical user interface centralizes control over security policies as well as the administration of users, groups, and system resources. Built-in baseline policies provide out-of-the-box protection.

What is eTrust Access Control?
eTrust Access Control is a software package, providing UNIX server protection and access management for system administrators.

Most traditional methods of protecting UNIX systems have focused on reacting to threats, assessing vulnerabilities, or trying to limit access to the system. Measures taken include running frequent audit reports, using shareware tools to reveal system vulnerabilities, and installing CERT-advisory patches, as supplied by the vendors.

eTrust Access Control was designed in recognition of the fact that a stronger UNIX security requires a fundamental change in the way UNIX grants access to system resources. The resource access controls of eTrust Access Control permit or deny users' access to system resources based on configurable access rules, rather than relying solely on userids and file permissions. The result is an added layer of security, which resides next to the protected data. The solution does not change the way UNIX operates or the way administrators do their jobs.

Is eTrust Access Control the same on each supported platform?
Yes. The functionality of eTrust Access Control is equivalent on all supported platforms. All interfaces provide cross-platform administration, transparent to underlying OS differences (except during the initial configuration). When the OS has different names for resources, eTrust Access Control maintains consistency with the native OS.

Does eTrust Access Control modify the kernel (OS) of my UNIX platform?
eTrust Access Control introduces a dynamic security extension to the kernel in memory during runtime. Most of the time, the kernel itself is not rebuilt with new libraries, and the change may be "undone" without rebuilding the system.

The Dynamic Security Extension is a patented technology that enables the increased protection and flexibility that eTrust Access Control provides to administrators.

Do I need to replace any system programs?
No. The authorization checking of eTrust Access Control works without replacing a single binary file on your system. This is possible since the interception of access to system resources is done at the operating system level.

Is authorization checking done inside the kernel?
Unlike existing UNIX security, hinged on the nine-bit file permissions, eTrust Access Control authorization checking is handled outside of the kernel by a daemon process known as the Access Control Security Server.

The primary benefit of this approach is that the kernel itself need not be bothered with issues of extensive security rules evaluation. Rather, it can continue to process system requests and to manage system resources, while leaving questions of authorization to an external security server. This concept is the proven approach implemented in analogous security packages like eTrust CA-ACF2 and eTrust CA-Top Secret Security on the mainframe.

Does eTrust Access Control include an API?
Yes. eTrust Access Control includes a number of APIs, which contribute to its open architecture. APIs can be used for everything from access control to administration to alert notification. The eTrust Access Control documentation explains in detail the usage of each API, and sample programs, written in "C", and is included with the software. eTrust Access Control APIs include:

Authorization API: Used by applications to check users' access to arbitrary resources. This set of API calls enables sites to centrally manage security with eTrust Access Control even for home grown applications.

Administration API: Used by applications that wish to manage aspects of UNIX security as handled by eTrust Access Control.

Auditing API: Allows customization of the eTrust Access Control audit logs and interface with syslog and other audit repositories.

Password API: Enables customization of password quality checks.

How can eTrust Access Control synchronize with mainframe security packages?
eTrust Access Control uses CCI and CPF components to synchronize between mainframe users/passwords and the PMDB database in eTrust Access Control. This provides greater extension and opportunities to user management across mainframe, UNIX, and Windows platforms.

What does eTrust Access Control protect?
eTrust Access Control protects the operating system and application resources, which reside on the protected host. This is achieved by controlling access to system resources. The following is a brief listing of the types of resources that can be protected by eTrust Access Control and what type of access it controls:

files (generic and discrete): Enhanced file access control protects files beyond native UNIX limitations. For example, if a user is not authorized to access a file, they will not be able to do so, even if they get root access. eTrust Access Control can also control how users may access files (i.e. using which program or application).

processes: Critical system daemons and application processes like database servers can be shutdown (killed) only by authorized users, regardless of their level of authority in the system.

userids & groupids (su): Access to all userids and groupids can be controlled. Knowing the password of another user is not sufficient to access their id.

privileged programs: Programs which run with privileged authority are the primary source of backdoor and unauthorized access to system resources. eTrust Access Control protects the trusted base of privileged programs from modification, and prevents the execution of new unrecognized privileged programs.

network connections: Controls access to network services and ports by regulating incoming and outgoing network connections.

terminals: Controls entry-points to system access by defining who may login from which terminals and under what conditions.

user-defined resources: Using the eTrust Access Control Authorization API and database tools, administrators can define site-specific rules for protecting access to data from applications which integrates into the eTrust Access Control server.

Can eTrust Access Control protect resources from an attacker who gets root access?
Yes. This is one of the primary ways in which eTrust Access Control enhances UNIX security. In native UNIX, users with an id of zero (0) can effectively access all system resources. User passwords and file permissions are not only ineffective at protecting against users who successfully attack root, but the rules can be modified without leaving an audit trail.

System administrators can configure their systems so that only they can get root access, and that all resource protections are enforced and monitored based on the attackers initial authentication. The administrators can also use eTrust Access Control to scope higher levels of privilege and delegate them to non-privileged users, without giving those users full access to the system.

Are new rules enforced immediately, or only when "refreshed?"
New access rules are enforced immediately. There is no need to refresh. Several exceptions are noteworthy:

When a user is first defined to eTrust Access Control, if the user is already logged in, they must re-login in order to be recognized by eTrust Access Control as a defined user.

When access to resources is permitted to groups, the rule is not enforced on users until they are connected to or removed from the group. In these cases, the rule is immediately enforced once the connection is established.

A user who is associated to either of the special groups _restricted and _abspath while they are logged in requires the user to re-login for the association to be effective.

How does eTrust Access Control provide accountability?
eTrust Access Control tracks user accounts by login ids. This is a function that UNIX cannot do, since there are many ways to assume another identity in UNIX. Since eTrust Access Control tracks users by their login id, accountability is enforced by Access Control ACLs and recorded with Access Control logging.

How can eTrust Access Control help with a server application such as Oracle where there are no users on the OS?
There may be no authorized user accounts on the system but there are still key accounts on the system. The system and these accounts can be exploited, thereby exposing the server to attacks. A consequence of these exploits could be that unauthorized users gain the ability to dump the Oracle database to a tape and walks out the door with key assets.

eTrust Access Control can provide the following functions for the server:

Hardening of the O/S, thereby eliminating system attacks.

Hardening of the application, thereby eliminating direct attacks from the O/S level and allowing only authorized means (applications and binaries) and users (via Oracle daemon) access to the database.

eTrust Access Control addresses the Client portion of the Server by protecting the application that accesses the server, so that only authorized users can access the application.

As an additional measure, the eTrust Access Control APIs can be used to assimilate directly into the Server Database, increasing the existing internal database security.

What can I administer with eTrust Access Control?
eTrust Access Control administers all aspects of UNIX security, including the creation, modification, and deletion of userids and groupids, as well as passwords and file permissions, and access rules which govern access to all protected resources, such as files, userids, network connections, and processes.

The eTrust Access Control Security Administrator is a GUI console from which it is possible to manage multiple, heterogeneous environments, including UNIX security, and WindowsNT/2000.

A self-guided Wizard function provides help desk personnel and IT administrators with an easy-to-use interface to perform most common tasks including user creation, file protection, and other administrative work.

What kind of administrative overhead does eTrust Access Control create?
eTrust Access Control helps reduce administrative overhead by providing a centralized tool that supports many environments and machines, allowing user and group administration, and providing a consistent comprehensive security tool.

Can eTrust Access Control be incorporated into the system startups?
Yes. It is recommended that eTrust Access Control be put into the general startups to provide protection in the event of an unforeseen system reboot.

If I have a firewall, why do I need eTrust Access Control?
A firewall is important to filter both incoming and outgoing network traffic. Well-configured firewalls can greatly reduce the number of curious users who might otherwise try to penetrate the system, and they can protect the information assets from being sent out over the Internet. However, a firewall cannot provide extra protection once a user is inside the network. In addition, clever hackers can circumnavigate firewalls.

What can be audited?
eTrust Access Control can audit access to all of the resources that it is protecting, such as files, terminals, account access, login times, successful, and failed login attempts.

What exactly is meant that eTrust Access Control provides proactive security?
Most security solutions tend to provide methods that are reactive in nature. The history of computer security has proven these reactionary methods to be only temporary fixes, since the methods address the security symptoms at the application level. The design of eTrust Access Control addresses security events at the system and system call level. This approach is taken since all resource access requests (application or other) are handled by the system and must go through the kernel. As a security sensitive request is made, eTrust Access Control is able to intercept and either allow or disallow the request before it can become a threat.