HARDWARE AND SOFTWARE COMPLEX DST PUA ACCORD-X

HARDWARE AND SOFTWARE COMPLEX DST PUA ACCORD-X

Hardware and software complex of data security tools (HSC DST) Accord-X is designed to isolate access of users to workstations running under OS of Linux family.

Possibilities:

  1. Protection against unauthorized access to a personal computer (including the possibility to limit the number of permitted hours of work for every user);
  2. User identification/authentication before the startup of the operating system with subsequent sending of the results of such successful identification/authentication to the operating system;
  3. Hardware check of the integrity of system files;
  4. Trusted OS startup;
  5. Static and dynamic control of data integrity, their protection against unauthorized modifications;
  6. Isolation of access of users and processes to data stores (objects) with the help of discretionary access isolation;
  7. Isolation of access of users and processes to data stores (objects) with the help of mandatory access isolation;
  8. Isolation of access of users to certain processes;
  9. Control over access to peripheral devices;
  10. Creating an individual isolated working software environment for each user;
  11. Automatic keeping of an event log;
  12. Control of printing on local and network printers, keeping of a log of data output being printed (a security label, a user name, a printer name, a document name or other service information can be a marker);

Main specifications:

Its own access isolation system (mandatory and discretionary isolation methods) ‑ actions permitted by application software but prohibited by Accord will be denied to the user.

During the entire user session a detailed event log is kept, which records all user activities (you can adjust the level of details being logged).

Software of the complex allows the data security administrator to describe any consistent security policy on the basis of the fullest set of attributes:

Discretionary access isolation rules for objects

R

permission to open the object for reading only

W

permission to open the object for writing

X

permission to open the object for implementing

O

changing the attribute R by attributes RW at the stage of object opening (emulation of the permission to write information in an open file)

C

permission to create the object

D

permission to delete the object

N

permission to rename the object

L

permission to create a hard link for the object

1

permission to create a symlink for the object or container

Discretionary access isolation rules for containers

М

creation of catalogues

Е

deletion of catalogues

G

permission to move to this catalogue

n

renaming of subcatalogues

S

inheritance of rights to all embedded subcatalogues

1

inheritance of rights for the 1st level of nesting

0

a prohibition to inherit rights to all embedded subcatalogues

and parameters:

  • The list of objects and the rights to access them by a particular subject;
  • The list of objects and the rights to access them by a group of subjects;
  • The list of objects, the integrity of which should be controlled by the system (static and/or dynamic control of integrity), for a particular subject;
  • The list of objects, the integrity of which should be controlled by the system (static and/or dynamic control of integrity), for a group of subjects;
  • The list of system capabilities of the subject;
  • The list of system settings;
  • The level of details being logged;
  • Assigning/changing the password for authentication;
  • Assigning/changing the identifier (TM, PCDST SHIPKA )
  • Time limits - time on weekdays (discreteness of 30 minutes) when it is allowed to start work for a given subject;

The strength of the complex lies in the availability of the printing control module, which allows to mark data you output for printing on network and local printers, with all the user's activities being logged. The printing control module Accord-X works when you print documents from any application software that provides the possibility to print out a document/file/data (not just OpenOffice and other word processors). The control over printing is carried out at the level of the Linux printing subsystem, so the data being printed out from the console are also marked in accordance with the settings of the printing control subsystem of Accord-X. A security label, a user name, a printer name, a document name or other service information can serve as a marker (stamp).

 

Work under Operating Systems

All OS of Linux family

Security class

Up to and including 1B

Controllers being used

Accord-5МХ, Accord-5.5, Accord- 5.5e, Accord-5.5МР, Accord-5.5ME, Accord-GX, Accord-GXM, Accord- GXMH

Identification (identifier type)

 

Touch memory DS-199x, PCDST SHIPKA

User authentication

 

According to the password entered from the keyboard