application security

Categories: network security,prescription

appliancesuretyprescription

Application Security Control System

demand analysis

At present, the enterprise informationization process is deepening, the enterprise application system construction is also increasing, the application system carries the important business of the enterprise, so the application of security should not be ignored. In the process of enterprise development, application system security construction is relatively lagging behind, resulting in the application system in the actual use of more security problems, specifically summarized in the following points:

:: Difficulty and high investment costs of application security modifications

:: Decentralized management of accounts and passwords, making them vulnerable to theft and misappropriation

:: Sloppy access control, with unauthorized access

:: Realistic presentation of sensitive data at the user's fingertips

:: Separate logs of access operations, making it difficult to analyze them in a comprehensive manner

Products

Application Security Control System(hereinafter referred to as ASCG), which is a full-service security protection for application accessreticulationSecurity products that can realize centralized and unified management of application systems (remote/local) under the premise of zero transformation of application systems, including: single sign-on to application systems (B/S), strong authentication of application access for two reasons, application account password compliance, full control and auditing of user access operations, desensitization of sensitive information, etc., and support SSL encrypted transmission for encrypted protection of application information transmission.

Functional Features

  • Apply single sign-on: ASCG provides a unified entry point for users to access application systems, providing unified access to application authentication based on standard authentication protocols (such as CAS, SAML, OAuth2, OIDC, etc.) and single sign-on with simulated surrogate filling method.
  • Dual-factor strong authentication and password management: Under the premise of zero transformation of applications, dual-factor strong authentication technology is introduced to enhance the strength of identity authentication of application systems; and the original accounts and passwords of application systems are managed in a unified manner to enhance the degree of compliance satisfaction.
  • Page Access Control: Secondary definition of user access rights to the application system, prohibiting users from accessing unauthorized pages and avoiding the occurrence of ultra vires access.
  • Pages are desensitized in real time:

    According to the user's access rights, the sensitive data displayed on the application system page is blurred at different levels to avoid leakage of sensitive data.

  • Page background watermark:

    Support the application system specified page forced to join the background watermark display, support for user-defined watermark display content and watermark style, to provide a basis for information traceability.

  • Behavioral track record:

    Full recording of user accessapplication systemThe behavior of the operation process, providing online/offline mode of query and playback.

Technical Advantages

  • Application zero transformation ASCG can provide unified single sign-on, authentication strength enhancement, fine-grained authority control, sensitive information protection, operation auditing and other functions for application access without application system transformation.
  • Dual-factor strong authentication ASCG supports a combination of multiple authentication methods for strong authentication when the user accesses the application system, including: dynamic password (hardware/mobile phone), SMS, email, etc. It can also be docked with external authentication terminals to realize such methods as digital certificates, face recognition, fingerprint recognition, and so on.
  • SSL encrypted transmission ASCG supports SSL encrypted transmission, which realizes encrypted protection for the transmission of application information and avoids information leakage during the transmission process.
  • Operation full control ASCG can flexibly set user access rights to realize fine-grained control of user operations and avoid the occurrence of ultra vires access operations.

typical application

ASCG is a logical serial, physical bypass deployment method, supporting single-computer deployment, dual-computer hot standby and cluster deployment methods, users through the ASCG single sign-on to each authorized application system to achieve application access operation control and centralized auditing.

The ASCG dual-unit deployment approach is shown in the following figure:

Tags::
WeiboWeChatFacebookCopy link