eTrust Access Control - Protecting Critical Resources

With eTrust Access Control, the security over company confidential data and critical system services is strongly enforced and scrutinized. eTrust Access Control greatly reduces the risks of electronic asset theft, server service disruption, and super-user authority abuse, while maintaining a high degree of accountability.

In a recent CSI/FBI report, 71% of the computer crime and security hazards reported are done from the inside of the company and the most serious financial losses occurred through theft of proprietary information. eTrust Access Control provides the much-needed security that can protect a company's investment and ensure online service integrity.

Safeguarding the Distributed Environment

In most organizations, critical information and processes—such as financial transactions, Web Services, customer information and confidential personnel records—reside on distributed servers. Protecting this data and restricting access to these processes is a challenge since native operating systems in distributed environments do not provide adequate data security. Both UNIX and Windows NT/2000 are built around the super-user concept, which creates vulnerabilities through a single, privileged user account that has full access to applications, data and audit logs. Attempting to manually enforce security in this environment is extremely time-intensive and mostly ineffective.

Secure Computing

eTrust Access Control enables organizations to centrally manage user access privileges and quickly deploy preconfigured baseline security policies—so that the right people have access to the right information. It proactively secures access to data and applications located on UNIX and Windows NT/2000 system servers throughout the enterprise. With the emergence of Internet technology, an organization’s web and other critical servers are exposed to hackings and attacks more than ever before. eTrust Access Control prevents unauthorized access to sensitive production services, ensuring strict security of revenue generating operations. eTrust Access Control enables organizations to:

• Protect Critical Data and Applications. An organization’s success depends on the integrity and privacy of its data and applications. eTrust Access Control gives users access to the information they need—and prevents and logs all unauthorized information requests.

• Actively Control User Access. The vulnerability created by the super-user undermines native access control security measures. eTrust Access Control DSX (Dynamic Security Extension) technology enables organizations to create and enforce access privileges based on functional needs. Advanced capabilities—such as Generic File Protection—significantly improve security for UNIX and Windows NT/2000.

• Centralize Security Management. eTrust Access Control centrally manages users and access privileges and provides a robust system for creating, distributing and managing access policies. Using a self-guided Wizard program, help desk personnel can easily and safely create user accounts, reducing the system administrator’s workload.

• Promote Consistent Cross-Platform Security. eTrust Access Control raises the level of security on each system to meet overall business requirements. A single eTrust Access Control security policy can be centrally created and automatically distributed and enforced across a variety of UNIX and Windows NT/2000 operating systems with minimal time and effort. Without eTrust Access Control, administrators must create and maintain a separate security policy for each computing system, which can easily lead to errors and can generate local security holes.

Distinctive Functionalities

Centralized Administration eTrust Access Control enables you to manage the administrator workstation and every other workstation on which Access Control is installed from a single point.

Self-Protection A self-defense mechanism prevents hackers or others from bringing down Access Control services. This same mechanism safeguards Access control files and data.

Profile Groups eTrust Access Control allows you to base security on roles or group membership. For example, it can limit the rights granted to the Administrator's group and users who are members of that group.

Audit Capabilities. Comprehensive security must include a complete and reliable record of individuals’ activities. Administrators can configure eTrust Access Control to audit all security-sensitive events and closely monitor sensitive user action through the advanced Tracing option. Audit information can be centrally consolidated across multiple systems and quickly filtered to speed inquiries and analysis.

User Accountability Access Control has the unique ability to prohibit users from "hiding behind" the superuser account and performing untraceable actions. It traces each action to a specific user who can be named and held accountable.

Mainframe Synchronization. User account and password information in mainframe security packages can be synchronized in real time, creating a seamless operating environment.

Stack Overflow Protection (STOP) STOP prevents hackers from using stack overflow exploits, which can enable them to execute arbitrary commands in order to break into systems.

Cross Platform Support Administrators can create, implement, and maintain similar or identical security policies for UNIX and Windows NT.