Citadel

Description

demand analysis

As the process of enterprise informationization continues to deepen, the IT system of the enterprise becomes increasingly complex, and the security problems caused by the irregular operation of operation and maintenance personnel from different backgrounds become more and more prominent, mainly in the following areas: the security risks of the operation of internal personnel, the security risks of third-party maintenance personnel, the risk of abuse of high-privilege accounts, the security risks of system-sharing accounts, and the risk of uncontrolled irregularities.

The operation and maintenance process is the main link leading to frequent security incidents, so the security control of the operation and maintenance process is extremely important. Firewalls, anti-virus, intrusion detection systems and other conventional security products can solve some of the security problems, but for the operation and maintenance personnel can not do anything to violate the operation. How to convert the operation and maintenance security control mode, reduce the human security risk, to meet the requirements of the enterprise, is the urgent needs of the current face.

Products

Tianyue O&M Security Gateway, commonly known as Bastion Machine, is able to comprehensively track, control, record and playback the maintenance process of O&M personnel; it supports fine-grained configuration of O&M personnel's access privileges, blocking irregularities and overstepping of rights in real time, and providing records and reports of the whole process of maintenance personnel's operations; the system supports auditing of encryption and graphic protocols, eliminating the audit blind spots in traditional behavioral auditing systems, and is the most powerful support platform for the internal control of IT systems. It is the most powerful support platform for internal control of IT system. Strict control is carried out in three stages of the operation and maintenance process:

Pre-emptive: Establishment of the "natural person-resource-resource account" relationship to achieve unified authentication and authorization

Controls in progress: Establishment of a "natural person-operation-resource" relationship to enable operational audits and controls

Ex post facto audits: establishment of a "natural person-resource-audit log" relationship to achieve ex post facto traceability and accountability

Recommended Model: OSM-4600-S

Functional Features

• Deployment flexibility: Providing support for single-machine, dual-machine, and distributed deployment, Tianyue O&M Security Gateway also supports NAT and network port aggregation to adapt to changing business scenarios.
• Ease of operation and use: Providing multiple operation and maintenance methods, C/S operation and maintenance client, batch login of resources, batch execution of commands, automatic change of passwords of devices, etc., Tianyue O&M Security Gateway ensures the automation and quickness of operation and maintenance process.
• Strictness of control methods: Provides command restriction and review, application release anti-jumping, IP and MAC restriction for operation and maintenance accounts. Strict control methods ensure the standardization of operation and maintenance process.
• Audit results are refined: Database protocol depth parsing, database return row count logging, Oracle database variable binding parsing.
• Diversity of authentication methods: Providing a variety of authentication methods, Tianyue O&M Security Gateway supports two-factor authentication with different combinations of authentication methods for different users, making it more flexible.
• O&M protocol comprehensiveness: Tianyue O&M Security Gateway supports a variety of O&M access protocols, which can fully meet the needs of daily operation and maintenance.

typical application

Single and dual machine deployment:
Provided by the bypass method, Tianyue O&M Security Gateway is deployed in the network without any adjustment to the network structure.
Operation and maintenance personnel directly access the corresponding ports of the Tianyue Operational Security Gateway to establish a secure and encrypted data channel, and then initiate access to the corresponding services of the servers without having to access the servers directly, thus further strengthening the security of the internal servers.
Supports HA dual-machine hot standby deployment to avoid single-point failure potential and maximize the reliability and continuity of operation and maintenance.

Distributed deployment:

Supports adding multiple bastion machines as protocol proxy servers to share the performance pressure of the main bastion machine and expand operation and maintenance capabilities.
Multi-protocol proxy server nodes enable automatic load balancing when accessing the same resources.
The main bastion centrally manages configuration and logging information.

large scale application

A provincial telecom network management center deployed 32 Fortress clusters, accessed more than 7,000 resources, and released more than 60 operation and maintenance tools, 6 editing tools, and 9 special tools.

The user experience remains good under the pressure of 5,520 concurrent O&M users and more than 7,800 concurrent sessions.

Cloud Collaboration Model

Collaboration with an e-government cloud service provider, whereby the cloud service provider promotes our CloudFortress to their tenants as a value-added service.
We provide CloudFortress software and licenses to cloud service providers and charge cloud service providers an annual license fee based on the number of cloud assets under management in the license.