HARDWARE AND SOFTWARE COMPLEX ACCORD-WIN32 (TSE) AND HARDWARE AND SOFTWARE COMPLEX ACCORD-WIN64 (TSE)
Hardware and software complexes of data security tools (HSC DST) Accord-Win32 and Accord-Win64 are designed to isolate users' access to workstations, terminals and terminal servers.
The complex operates under all kinds of Microsoft NT + operating systems, on terminal servers built on the basis of Windows 2000 Advanced Server and on the basis of servers belonging to Windows 2003 and 2008 family (32-bit for Accord-Wint32 and 64-bit for Accord-Win64), software Citrix Metaframe XP, Presentation Server 4.5, XenApp5.0, XenApp 6 running on these operating systems.
- Protection against unauthorized access to a personal computer;
- User identification/authentication before the startup of the operating system with subsequent sending of the results of such successful identification/authentication to the operating system;
- Hardware check of the integrity of system files and critical registry keys;
- Trusted OS startup;
- Check of the integrity of programmes and data and their protection against unauthorized modifications;
- Creation of individual isolated working software environment for each user;
- Prohibition of launching unauthorized programmes;
- Isolation of access of users to data stores and programmes with the help of discretionary access isolation;
- Isolation of access of users and processes to data stores with the help of mandatory access isolation;
- Automatic keeping of the protocol of registered events in nonvolatile memory of the hardware part of the complex;
- Strengthened authentication of terminal stations with the help of controllers Accord or PCDST SHIPKA;
- Identification/authentication of users connecting to the terminal server (using TM-identifier or PCDST SHIPKA);
- Optional automatic identification of users authenticated by protecting mechanisms of a TSHM controller in Windows NT + system and in the terminal server (in this approach, avoiding re-identification of users, you can ensure that the operating system will be loaded under the name of the same user that has been authenticated in the TSHM controller, and the same user will be connected to the terminal server);
- Control of terminal sessions;
- Control of printing on printers connected to both, terminal servers and user terminals, which allows to control printer output and mark the documents being printed (a security label, a user name, a printer name, a document name or other service information can be a marker);
- Control of access to USB devices.
Its own access isolation system (mandatory and discretionary isolation methods) ‑ actions permitted by application software but prohibited by Accord will be denied to the user.
The possibility to use an already established connection (on RDP and ICA protocols) between the server and the terminal, without a need to establish a new one.
During the entire user session a detailed event log is kept, which records all user activities in the terminal server.
The complex software allows the data security administrator to describe any consistent security policy based on the most complete set of attributes:
R permission to open files for reading only
W permission to open files for writing
C permission to create files on the disk
D permission to delete files
N permission to rename files
V file visibility
O emulation of the permission to write information in an open file
M creation of directories on the disk
E deletion of directorieson the disk
G permission to move to this directory
n renaming of subdirectories
S inheritance of rights to all embedded subdirectories
1 inheritance of rights for the 1st level of nesting
0 a prohibition to inherit rights to all embedded subdirectories
X permission to launch programmes
r registration in a log of reading operations in case of accessing the object
w registration in a log of writinf operations in case of accessing the object
- the list of files, the integrity of which should be controlled by the system and control options;
- startup of the start task (for functionally closed systems);
- presence or absence of supervisor's privilege;
- detailed character of the access log;
- assigning/changing the password for authentication;
- time limits - time on weekdays (discreteness of 30 minutes) when it is allowed to start work for a given subject;
- screen control parameters - screen blanking after a predetermined period of time (in case the operator performs no activities within the specified period), relevant audible and visual signaling.
The possibility to connect external Vba32 or DrWeb antivirus modules. Joint operation of Accord-Win32 and an antivirus engine can significantly speed up the work. At any moment of time, only those files and processes are checked that are accessed by the user. Thus only necessary things are checked, nothing more.
The product's strength lies in the possibility to control printing on both, network or local printers, with the output of documents for printing being logged and marked. These settings apply in case of printing documents from any application software that provides for the printout of documents (not just Microsoft Office). A security label, a user name, a printer name, a document name or other service information can be a marker.
Work under Operating Systems
Windows NT, Windows 2000, Windows XP, Windows 2003, Windows Vista, Windows 2008, Windows 7
Up to and including 1B
Controllers being used
Accord-5МХ, Accord-5.5, Accord- 5.5e, Accord-5.5МР, Accord-5.5ME, Accord-GX, Accord-GXM, Accord- GXMH
Identification (identifier type)
Touch memory DS-199x, PCDST SHIPKA
According to the password entered from the keyboard
Certificate of the Federal Service for Technical and Export Control of Russia No. 2398 for the complex DST PUA "Accord-Win32".
Certificate of the Federal Service for Technical and Export Control of Russia No. 2400 for the complex DST PUA "Accord-Win64"