Peter-Service Security Manager

The software package PETER-SERVICE SECURITY MANAGER is intended for data protection in the solutions constructed based on three-unit architecture and allows to provide compliance of the operated information system to requirements for personal data protection to class K1 inclusive.

Short description

PETER-SERVICE SECURITY MANAGER as a part of delivery contains the following products:

• the certified information security product from unauthorized access intended for data protection in the solutions constructed based on three-unit architecture (PETER-SERVICE HAS ACCESS MANAGER);
• the Apache Web server with the XSLT transformation module;
• high-end server of applications (HAS server);
• web the interface for management of attributes of access to the HAS server;
• DBMS Oracle (Oracle Database 10g Express Edition);
• installer under all supported operating systems.

Features

Access control

For access control implementation each user is provided by group of roles in which it is described what operations the user can perform over the protected resources, actions over the protected resources are provided by transactions. In a body of transaction it is specified what actions are made over what resource (tables, writing fields). Access control is exercised by means of issue of prohibition/permission to the user on processing of the protected resources (carrying out transaction) according to rules of access isolation.

Registration and accounting

For implementation of registration and accounting of the operations performed by users collecting and information storage about the events which are taking place during the work is provided. All events are separated into internal (caused by work of the means of protecting) and user (caused by actions of users and administrators).

The activity description contains in the database of the HAS server. The activity description should include the following information:

• list of entrance and output arguments;
• confidentiality tag for information returned as a result of transaction accomplishment;
• type of the processor providing transaction accomplishment;
• for processors of SQL and PL/SQL – texts of the programs implementing transactions.

Ensuring integrity of information

At each start of the HAS server at its initial stage reconciliation of checksum is made. At coincidence of checksums the procedure of start of the HAS server successfully comes to the end. Mismatch of checksums indicates violation of integrity components of an information security product, and, therefore, existence of threat of information in a system. In this case start of the HAS server is blocked, and the message about mismatch of checksums is published in the magazine of registration.

Advantages

• existence of the certificate on personal data protection for three-unit architecture;
• the universality allowing to apply these means of protecting as to the solutions constructed based on PETER-SERVICE HAS and for protection of Web and mobile applications of other producers;
• the high performance and reliability confirmed with operating experience in about tens of millions of 24/7 users;
• the scalability reached by a system capability to increase the performance when adding hardware resources;
• the simplicity of administration provided at the expense of the centralized storage of authorization data and process control of providing access to all Web systems and mobile platforms in the Customer's infrastructure;
• the multiplatformity allowing the Customer to select the optimal supplier of a hardware platform and to operate the solution running operating systems of HP-UX Linux Sun Solaris Windows.