Experienced with the following Cyber-Security Products
- The Sentinel Cyber Security System
The Sentinel Cyber Security System
The Sentinel Cyber Security System, "Sentinel," is a Cyber Security System developed to protect your organization's valuable information and your computer's critical functions from "Insider" attacks and "Hackers" as well. "Insiders" can be foreign agents, disgruntled employees, terrorist organizations, or unauthorized intruders that breach physical security. The Sentinel is a hardware-based security system that operates independently of the computer's operating system, software, and data-processing hardware. Its features include Identification and Authentication, Multi-level Access Control, Residual Information Protection, Isolation and Separation of Security Levels, Failsafe Protection, and Audit of Security Events. Because these features are implemented in hardware that is isolated from the computer and its software, they are immune to all software-based attacks used by "Insiders" and "Hackers."
Smart Card Interface
The Sentinel controls access to hard drive(s), network(s), ports and peripherals through a Smart Card interface. With Sentinel, the computer or server can't be booted up, and network, I/O Port and peripheral connectivity can't be established unless certain interlocks are met as specified in a Security Profile tailored to each user's security clearance and need to know. The user's Security Profile, PIN and Password (encrypted) are programmed onto the user's Smart Card by the organization's Security Administrator. Therefore, access to valuable information and critical functions is protected and completely controlled by the organization.
Multi-Level Access Control
In addition to providing strong security, the Sentinel also has the capability to turn a normal desktop computer into a multi-level secure workstation. It allows ONE computer to effectively operate at up to three levels of security and control how each user can access and process data at each of these levels. Once again, the configuration of the security system is controlled through the user's Smart Card. Configurations include the number of security levels authorized for user access plus the number of networks, I/O ports and modems available to the user at each security level.
The Sentinel is available as a kit and can be installed into modern desktop computers.
back to top
Multi-Category Access Guardian for Internet Communications (MAGIC) was developed to augment existing IPSec Virtual Private Network (VPN) technology by providing for the authentication of users and Mandatory Access Control (MAC). This overall capability allows the VPN to ensure that what user A sees and accesses is not necessarily available to user B. The most practical application of this technology is to provide a secure means to remotely access, via a TCP/IP network, data stored in large "legacy" databases by numerous users with different access rights and/or security clearances.
Secure Multi-Level Access to Legacy Databases
A Smart Card stores each user's access-rights label and is used as a token to authenticate the user to the client machine or IP. Once the user is authenticated, the user's access-rights label is read and utilized by the VPN client to accept or reject packets via the VPN.
The overall design of MAGIC is independent of a specific label format. In fact, any label format that is capable of defining the number of labels required to support the identification of user access rights and access rights requirements is acceptable as long as consistency is maintained throughout the environment of authorized users of the legacy database(s). If MAGIC is used to support multiple legacy systems in which there will be a large number of remote users from different organizations, a standard label format should be considered such as defined in Federal Information Processing Standard (FIPS) Publication 188, "Standard Security Label for Information Transfer" and the CIPSO Label Format defined by the IETF. Of significance, data labeling is accomplished external to the database. Therefore, the labeling process will not disturb the database.
back to top