Fortress Solutions

demand analysis

As the process of enterprise informatization continues to deepen, enterprise IT systems have become increasingly complex, and irregularities in operations and maintenance by personnel from different backgrounds have resulted in thesuretyProblems become more and more prominent, mainly in: the security risks of internal personnel operation, third-party maintenance personnel security risks, the risk of abuse of high-privilege accounts, the security risks of system shared accounts, and the risk of uncontrollable violations.

The operation and maintenance process is the main link leading to frequent security incidents, so the security control of the operation and maintenance process is extremely important. Firewalls, anti-virus, intrusion detection systems and other conventional security products can solve some of the security problems, but for the operation and maintenance personnel can not do anything to violate the operation. How to convert the operation and maintenance security control mode, reduce the human security risk, to meet the requirements of the enterprise, is the urgent needs of the current face.

1757141437 2021092007375389

Products

Bastion Skype Operational Security Gateway, commonly known as theCitadelIt can comprehensively track, control, record and playback the maintenance process of operation and maintenance personnel; it supports fine-grained configuration of the access rights of operation and maintenance personnel, blocking the access behavior of violation and overstepping rights in real time, and at the same time, it provides records and reports of the whole process of the operation of maintenance personnel; the system supports auditing of encryption and graphic protocols, which eliminates the auditing blind spots of the traditional behavioral auditing system, and it is the most powerful internal control platform for the IT system. It is the most powerful support platform for internal control of IT system. The operation and maintenance process is strictly controlled in three stages:

Pre-emptive: Establishment of the "natural person-resource-resource account" relationship to achieve unified authentication and authorization

Ex-ante control: Establishment of a "natural person-operation-resource" relationship to enable operational audit and control

Ex post facto audits: establishment of a "natural person-resource-audit log" relationship to achieve ex post facto traceability and accountability

Recommended Model: OSM-4600-S

1757141479 2021092007384792

Functional Features

  • Deployment flexibility: Providing support for single-machine, dual-machine, and distributed deployment, Tianyue O&M Security Gateway also supports NAT and network port aggregation to adapt to changing business scenarios.
  • Ease of operation and use: Providing multiple operation and maintenance methods, C/S operation and maintenance client, batch login of resources, batch execution of commands, automatic change of passwords of devices, etc., Tianyue O&M Security Gateway ensures the automation and quickness of operation and maintenance process.
  • Strictness of control methods: Provides command restriction and review, application release anti-jumping, IP and MAC restriction for operation and maintenance accounts. Strict control methods ensure the standardization of operation and maintenance process.
  • Audit results are refined: Database protocol depth parsing, database return row count logging, Oracle database variable binding parsing.
  • Diversity of authentication methods: Providing a variety of authentication methods, Tianyue O&M Security Gateway supports two-factor authentication with different combinations of authentication methods for different users, making it more flexible.
  • O&M protocol comprehensiveness: Tianyue O&M Security Gateway supports a variety of O&M access protocols, which can fully meet the needs of daily operation and maintenance.

typical application

Single and dual machine deployment:
Tianyue O&M Security Gatewaybypass methoddeployed inreticulationin which no adjustments to the network structure are required.
The operation and maintenance personnel directly access the corresponding port of the Tianyue O&M Security Gateway to establish a secure and encrypted data channel, and then launch to theserver (computer)Corresponding services can be accessed without having to access the server directly, thus further strengthening the security of internal servers.
Supports HA dual-machine hot standby deployment to avoid single-point failure potential and maximize the reliability and continuity of operation and maintenance.

Distributed deployment:

Supports adding multiple bastion machines as protocol proxy servers to share the performance pressure of the main bastion machine and expand operation and maintenance capabilities.
Multi-protocol proxy server nodes enable automatic load balancing when accessing the same resources.
The main bastion centrally manages configuration and logging information.

large scale application

A provincial telecom network management center deployed 32 Fortress clusters, accessed more than 7,000 resources, and released more than 60 operation and maintenance tools, 6 editing tools, and 9 special tools.

The user experience remains good under the pressure of 5,520 concurrent O&M users and more than 7,800 concurrent sessions.

Cloud Collaboration Model

Collaboration with an e-government cloud service provider, whereby the cloud service provider promotes our CloudFortress to their tenants as a value-added service.
We provide CloudFortress software and licenses to cloud service providers and charge cloud service providers an annual license fee based on the number of cloud assets under management in the license.

1757141683 2021092110554419
Fortress 10

Tags::
WeiboWeChatFacebookCopy link