Menu Content/Inhalt

Access Management

Access management is all about controlling. monitoring and auditing the access by users to the informational resources of an organization. The user population of an organization, as seen from the point of view of access management, can consist of both people and software processes. In order to implement a successful access management solution, Expertnet's engineers follow a multi-layered approach that incorporates the following:

When the above mechanisms are coupled with the Identity Management solution they create an integrated end-to-end infrastructure for managing and controlling users and resource access.

Operating System Level Access Control

 Control of the user access on the operating system (OS) level covers all of the resources of the:

  • OS itself,
  • system applications (e.g. databases),
  • end-user applications.

In order to implement the above we use two converging approaches:

  1. The OS and the system applications are hardened in order to remove any unnecessary services that could be exploited by malicious users.
  2. The CA Access Control solution is installed in all the systems that require fine-grained access control.

The CA Access Control is a valuable tool in meeting customer requirements and it has been proven in demanding installations. The key features of the product are the following:

  • Role-Based Granular Access Control
  • Superuser Containment and Rights Delegation
  • Server Intrusion Prevention
  • Automated Policy Distribution
  • Self Protection Mechanism
  • Centralized and Delegated Administration
  • Strong Password Management and Policies
  • Complete Audit Trail
  • Phased Deployment
  • Broad Platform Coverage

The CA Access Control incorporates with the rest of the CA security products thus greatly enhancing the value of the investment of our customers.

Back to top

Strong authentication of users

One of the areas that effective access control must be implemented is the process of authenticating the users to the system and/or application. This, although it sounds trivial, is one of the most overlooked areas in an integrated use access control environment. The default username/password mechanism is universally accepted as a weak authentication mechanism that is easily bypassed either through social engineering or brute force methods.

The data sets that reside on the systems of most corporations very often contain critical data thus demanding a strong authentication process for the users that need to have access to them. The strengthening of the user authentication process can be accomplished by introducing two or three factor authentication systems that replace the default username/password mechanism.

Our solution for strong authentication is based on the two factor mechanism that uses Smart Cards (SC) and digital certificates. The key features of the solution are the following:

  • Tampering of login credentials is difficult to accomplish
  • Seamless integration with LDAP and Active Directory
  • Unique mapping between a person and their user identity
  • End to end secure login to corporate portals and applications
  • Transparent integration with Single Sign On and Identity Management Systems
  • Out of the box support for secure e-mail, digital signatures and data encryption

Optionally, if desired by the customer a two factor authentication scheme that utilizes tokens can be used instead of the smart cards. In both cases the strong authentication solution when coupled with the SSO solution delivers an end-to-end user authentication control infrastructure that covers even the stringiest security requirements. 

Back to top

Single Sign On

Single Sign On (SSO) eliminates the security problems that stem from the existence of multiple logins that a user has to perform in one typical day at the job. People with multiple logins have multiple passwords that they need to remember and thus they engage in dangerous password handling practices such as writing them down.

The solution offered by Expertnet is based on the CA Single Sign-On solution. The CA Single
Sign-On represents the industry’s most flexible Single sign-on solution, allowing users to login to anything (mainframes, middleware or
web resources) from anywhere in the world from a single authentication point.

The key features of this SSO solution are the following:

  • True Single Sign-On
  • Password Management
  • Directory-enabled Scalability
  • Smart Card Authentication support
  • Biometric Authentication support
  • Token Authentication support
  • LDAP Authentication support
  • Session Management support
  • One Time Password support
  • Kiosk (Clinic) Support
  • Directory Independence
  • Attribute-based Entitlements
  • Load Balancing
  • Failover
  • Personalized Desktop
  • Open and Extensible

Back to top