Shulou(Shulou.com)06/01 Report--

Product introduction

Internal network operation and maintenance integrated audit management system [abbreviated as: fortress machine]. It is a centralized operation and maintenance management system that integrates user management (Account), authorization management (Authorization), authentication management (Authentication) and comprehensive audit (Audit). The system provides a set of centralized management platform for enterprises, which can manage comprehensive users and resources, reduce system maintenance work, reduce enterprise maintenance costs, and help enterprises formulate strict resource access policies. and the use of strong identity authentication means to comprehensively ensure the security of system resources; can record users' access and operation of resources in detail to meet the needs of user behavior audit.

Product function

1. Audit scope

At present, the types of protocols supported by the integrated audit management system for operation and maintenance of China an Visa intranet are as follows:

Protocol Typ

Detailed situation

Graphics protocol

RDP 、 VNC

Character protocol

Telnet 、 SSH

File transfer protocol

FTP 、 SFTP

Other applications of BDUBERS architecture

WEB applications, database applications (oracle, MySQL, SQL Server, DB2, Sybase)

2. Single sign-on

The integrated audit management system of intranet operation and maintenance provides an application system based on Banner S. Single sign-on provides users with multiple accounts with convenient and fast access, so that users do not need to remember a variety of login user ID and password, and because the system itself is a strong authentication system, thus improving the security of user authentication.

3. Centralized account management

The integrated audit management system of intranet operation and maintenance can realize the centralized management of all servers and network equipment accounts. It can complete the monitoring and management of the entire life cycle of accounts, reducing the difficulty and workload of managing a large number of user accounts. At the same time, through unified management, we can also find the security risks in the account, and formulate a unified and standard user account security policy. The unit can associate the account with a specific natural person.

4. Centralized identity authentication

The integrated audit management system of intranet operation and maintenance provides users with a unified authentication interface and supports a variety of authentication methods. A unified authentication interface is used for user authentication management (supporting AD domain authentication, LDAP authentication, radius authentication, digital certificate authentication), which not only facilitates user identity authentication, but also improves the security and reliability of authentication.

5. Unified resource authorization

The integrated audit management system of intranet operation and maintenance provides a unified interface to authorize corresponding users, roles, behaviors and resources. The system can not only authorize users to access resources through which roles, such as coarse-grained authorization based on application boundaries, but also restrict user operations and fine-grained authorization of when to operate, so as to maximize the security of user resources.

6. Centralized access control

The integrated audit management system of intranet operation and maintenance can provide fine-grained access control and maximize the security of user resources. Fine-grained command policy is a collection of commands, which is used to assign specific users to restrict their system behavior, and administrators specify corresponding control policies according to their own roles to limit users, so as to achieve who, where, when and what. However, it can better improve the security of the system. It can automatically lock the account after multiple login failures of operation and maintenance users, and support the function of restricting operation and maintenance users from accessing the source IP and the access time period.

7. Centralized operation audit

The operation audit log of the internal network operation and maintenance integrated audit management system is divided into three parts: login log, session log and system log. The login log records the user's login to the fortress machine; the session log records the user's access to resources and operations, and supports instruction identification and video recording. The system log is an audit of the operation of the fortress machine itself, including creating / deleting, locking / activating users (groups), assets (groups), authorization relationships, policies, etc. The generated logs support a wide range of queries and operations.

8. Work order approval

The integrated audit management system of intranet operation and maintenance supports the work order approval mode. the access of third-party operation and maintenance personnel or ordinary operation and maintenance users to specific server equipment must be authorized by the administrator to carry out operation and maintenance operation. to better improve the operation and maintenance process is simple and record the corresponding operations.

9. Plan tasks

The internal network operation and maintenance integrated audit management system supports the establishment of planned tasks, password modification (manual assignment / random generation), account synchronization, script execution and other tasks for managed resources, so as to facilitate the maintenance of resources and reduce repetitive work. Improve the efficiency of operation and maintenance.

Deploy Architectur

Internal network operation and maintenance integrated audit management system bypass deployment in the existing network structure, the network can reach. It does not affect the existing network structure, and realizes the parallel connection of the network structure and the series of the logical structure, so that when users access each server within the system, they need to go through the fortress machine.

Deployment benefits:

1. There is no need to install agents on managed devices

2. Do not change the original network topology

3. There is no need to change the configuration on the user's network device

4. Does not affect any business data flow

5. Support dual-computer hot backup

6. Rapid deployment and green launch.

Product characteristics

1. Diversified authentication methods

Provide password authentication, LDAP authentication, AD domain authentication, Radius authentication, digital certificate authentication and other ways to authenticate system users, while supporting Google dynamic token and SMS authentication of two-factor authentication means. Support combined authentication to improve the security of access.

2. Strong resource management ability

Resource quantity statistics: view the proportion of different resources in the system by means of asset histogram.

Resource types: support rich types of resources, workstation and server resources (Windows, Linux, Unix, etc.), some database resources (oracle, MySQL, SQL Server, DB2, Sybase, etc.), network resources and security equipment resources of Bamp S architecture, etc.

3. Comprehensive account management mechanism

ZD department management: support the department management of users and resources, using a tree structure, the department can only see the users and resources of the department and the next department.

Complete user account management: complete lifecycle management of creating, editing, locking, activating and deleting accounts.

4. Strong authorization management function

Role management: custom roles are supported, and custom roles can be created according to actual operation and maintenance requirements.

Resource authorization: based on the resource authorization of the user (group), the user can only access the resources within the authorization.

Policy authorization: support password policy (password complexity and change cycle), access control policy (support for restrictions on access date, time, source IP address), system instruction word object (operating system instruction black and whitelist), database instruction word object (database instruction black and whitelist) and account control policy (login failure times and lock time) to associate with users and resources Restrict the user's operation on the resource.

5. Perfect audit management function.

The audit results support a variety of presentation methods, so that the operation can be completely restored.

The audit result can be recorded and played back. Drag and drop is supported during the playback process, which makes it easy to quickly locate the problem.

Technological advantage

1. The product does not rely on third-party plug-ins

The fortress machine does not rely on third-party plug-ins and can access business resources directly.

Problems with plug-ins:

1. The slow speed and stutter of the access terminal will make the customer suspect that it is caused by installing the plug-in.

two。 Customers will suspect that manufacturers steal customer information through plug-ins.

For example: Xshell plug-in backdoor event, ProFTPD plug-in backdoor event, etc.

2. Automatic recognition technology of logical commands.

The integrated audit management system of intranet operation and maintenance can automatically identify the current operation terminal, control the input and output of the current terminal, combine the input and output stream, and automatically identify logical semantic commands. The system will determine the editing process of logical commands according to the input and output context, and then automatically capture the logical commands used by the user. This technology solves the function of automatic capture of logical commands, makes a new breakthrough in the field of traditional keyboard capture and control, and can control the user's intention more accurately.

This technology can automatically identify the command status, editing status and private working status, and accurately capture logical commands.

3. Regular expression matching technology

The integrated audit management system of intranet operation and maintenance adopts regular expression matching technology, which combines regular expression into tree heritable strategy structure to realize automatic matching and control of control commands. Tree heritable strategy is suitable for modern enterprise architecture, and provides a powerful tool for hierarchical management and control of servers.

4. Multi-process / thread and synchronization technology

The main body of the internal network operation and maintenance integrated audit management system is realized by multi-process / thread technology, using unique communication and data synchronization technology to accurately control program behavior. The logic processing of multi-process / thread mode is accurate, and there is no interference in transaction processing, which helps to ensure the stability and robustness of the system.

5. Data encryption technology

When dealing with user data, the integrated audit management system of intranet operation and maintenance adopts corresponding data encryption technology to protect the security of user communication and the integrity of data, to prevent malicious users from intercepting and tampering with data, and to fully protect users from malicious destruction in the course of operation.

6. Audit query and retrieval technology

Since the introduction of the Sarbanes Act, the internal control of the enterprise has been strictly reviewed, and the internal audit of the enterprise is very important. The integrated audit management system of operation and maintenance of Zhonganwei Intranet can provide complete audit information for the enterprise internal network. These audit information can track user behavior, determine user behavior, and restore user behavior.

The traditional audit is related to the IP, which itself is an uncertain and irresponsible audit result, because the IP information can not really reflect who the real operator is, so the problems in the enterprise internal network can not be traced to the operator. The integrated audit management system of operation and maintenance of Zhongan Weishi intranet can carry out related audit to these user behaviors, that is to say, it can really bind the user operation behavior of each audit to the natural person. it is convenient for the internal network management of the enterprise to track to the individual.

7. Operation reduction technology

Operation recovery technology refers to the simulation of the user's operation behavior in the system in the real environment, and the audit administrator can restore the real operation according to the operation recovery technology to determine where the problem lies.

The integrated audit management system of intranet operation and maintenance adopts operation restoration technology to automatically show the user's operation flow, monitor every user's behavior, and determine whether the user's behavior is harmful to the internal network security of the enterprise.

8. Real-time audit and interception control technology of operation and maintenance commands

The internal network operation and maintenance integrated audit management system supports the blacklist and whitelist of all users and resource configuration instructions on the fortress machine, and controls dangerous and high-risk commands. When users log in to the target equipment for operation, they can audit while operating. Users are not allowed to use high-risk commands, real-time monitoring and intelligent interception. When you need to execute high-power orders in special circumstances, you can apply through the work order system.

9. Database operation and maintenance audit and control technology

Provide high-precision in-process control based on the accurate parsing ability of database protocols.

The integrated audit management system of intranet operation and maintenance is deployed by bypass between servers. Based on the accurate parsing ability of database protocol and the matching technology of statement template, the actual execution operation and application operation are compared and analyzed, and the interception is started if the matching fails. Effectively prevent malicious operation and misoperation.

The integrated audit management system of intranet operation and maintenance supports a comprehensive audit of database encryption protocols. It can record the operation command and keyboard events during the operation, and at the same time monitor, record, replay, input and output the operation process in real time. Support the interception and control of high-risk database operation instructions.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.