Enabling Compliance
Security-GENERAL™ platform is a self-defending server that enables delivery of the intended application functionality while preventing undesired actions. Non-invasive data encryption combined with strict data access-controls prevent privileged user abuse while ensuring data integrity and confidentiality. Clear accountability is achieved through Role-based access control management of the platform. Cryptographically-signed access logs provide necessary legal admissibility of records in a court of law. A built-in firewall and just enough operating system to run the installed application reduce the “radar cross-section” of the platform making it less visible to intruders. Audit mechanisms provide necessary feedback, which ensures that the policies and controls are, in fact, working as intended.

Key features:

• A ready-to-install secure appliance
  Security-GENERAL™ platform is a ready-to-deploy server appliance which eliminates the need for ad-hoc data security solutions.
  
  
• Protection against privileged user abuse
  Misplaced trust in the privileged user (“root”) exposes application servers to ever-increasing malicious activity. Security-GENERAL™ platform eliminates this very critical flaw. The “root” user is not allowed to view or alter the protected data under
  Security-GENERAL’s control.
  
  
• Transparent data encryption (AES-256)
  “The encryption requirements have always been the main stumbling block – and for good reason”, says Avivah Litan, Vice President at Gartner. “Just about every client I talk to that has started an encryption project can't get very far with it, even though they want to. It's a multiyear application rewrite proposition.”
  Security-GENERAL™ platform provides transparent data encryption. There is absolutely no requirement to change the application code or install an agent at the client end to achieve encryption. Deployment of Security-GENERAL™ does not alter the end-user's experience. Data can selectively be encrypted based on business importance at the “share” or “table” level. This saves time and increases performance. Security-GENERAL™ platform uses the AES algorithm for encryption. The key length used is 256.
  
  
• Key management - FIPS-140-2 level 2/3 smart-cards
  The security of any cryptography-enabled system ultimately depends on the security of the cryptographic material (keys and certificates) used. Key generation, storage, and/or distribution are always critical aspects of any distributed secure system. While many different and sometimes competing ways of managing keys exist, it is ultimately the available resources and threat environment that dictate the choices. Security-GENERAL™ platform uses several cryptographic keys to provide a comprehensive solution:
  • Keys are used for authenticating administrators to each server.
  • Keys are used to encrypt data residing on each server.
  • Keys are used to encrypt backups.
  • Keys and certificates are used for securing communications between various Security-GENERAL™ products and their clients.
  • Keys are used for signing compliance alerts and reports.
  • FIPS 140-2 level 2 & 3 compliant smart-cards (with EAL5/EAL5+ chip and EAL4+ operating system) are used for key management.
• Secure web management
  Role Based Access Control (RBAC) is the establishment of access rights based on a user’s role. Security-GENERAL™ platform uses advanced Role-based access control (RBAC) to ensure the best possible security while simplifying administration. Administration of the various aspects of the Security-GENERAL™ platform is partitioned among several different classes of administrators – each type of administrator has access to and control over only the aspects of Security-GENERAL™ operation required to successfully fulfill their responsibilities. There is no single “privileged user” to manage the appliance; rather, different aspects are managed by distinct entities that are responsible for different aspects of the appliance.
  
  
• Cryptographically-signed access logs
  Security-GENERAL™ platform automates reports in a manner that reduces compliance and audit costs. Reports are cryptographically signed to provide necessary legal admissibility of records in the court of law. Security-GENERAL logs network connections as well as data accesses. The logs are cryptographically time-stamped and signed, so that they can be used as evidence. Security alerts are generated whenever an attempt is made to compromise the log data. While the data itself would never be disclosed, tracking attempts is an important element of a comprehensive security policy.
  
  
• Automated security patches
  To create a comprehensive security solution, Packet General has integrated its product offerings with a world-class service offering. Automatic updates ensure that our soft appliance platform is always running the latest and most secure version of the code. Packet General security experts monitor all security advisories, and test their suggested resolutions (patches) before directing our secure appliance, located at the customer site, to securely and automatically download the necessary updates. This process maintains the integrity of the data and of the platform on a perpetual basis. A “Single-Click™” implementation enables a quick and assured resolution to known security problems, eliminating the window of vulnerability between the availability and the installation of security patches.