BNETAL MANAGESECURE FAQ
BNETAL ManageSecure: Enterprise Security
Strong Management of Security Tokens
Strong Management of
BNETAL: Trusted Advisors on
National Health IT
and Security Projects
Hands on Approach to
ManageSecure® Frequently Asked Questions
What is ManageSecure?
What type of Organizations may use ManageSecure?ManageSecure can be used by corporations that deal with sensitive or mission critical information and want to ensure that only a designated user (or group) can access a particular web application or resources. It can also be used by organizations that want to better manage their security resources. Further, organizations that want to issue certificate or become a certificate authority can use ManageSecure. Please see Usage Scenarios for more information.
My organization uses a firewall that blocks accesses from the web. Why do I need ManageSecure?Most security attacks come from within the Intranet. Firewalls are not adequate for protecting the Intranet assets from these attacks. Some security attacks are made over port 80 (http) or 443 (https). Typically firewalls permit traffic on these ports. Further, Firewalls are not adequate to control access based on URLs. ManageSecure provides this additional access control over your web resources.
Does ManageSecure replace a traditional firewall?
Does ManageSecure protect both Intranet and Internet applications?Yes. ManageSecure has access control components that can protect both Intranet and Internet applications by controlling access at the web-server layer.
My organization has application X that has a login mechanism. Why do I need ManageSecure?Having each application implement its own authentication mechanism creates disparate, hard to manage, and often inconsistent enforcement of security policies. Having a common, standards based security solution allows you to have a consistent, centrally managed security policy across your Intranet. ManageSecure provides such a solution.
What kinds of security threats are addressed by ManageSecure?
- Internet sniffing attacks (e.g., passwords, credit card information, or other sensitive data).
- Password compromise due to large number of poorly managed passwords
- Denial of service due to lost passwords
What types of access control does ManageSecure offer for web applications?At the most basic level, ManageSecure can use plain login/password to identify and authenticate the user, and control access to web resources based on this identity. Beyond this, ManageSecure can also enable SSL based communication. Further, ManageSecure can offer strong security by managing client-side certificates (i.e., full PKI support), and using the strong authentication based on client certificates to control access to web resources. ManageSecure can define access roles and privileges, hence it supports Role Based Access Control (RBAC).
What additional features are in ManageSecure?
- Keystore management
- Encryption management
- LDAP management
- Certificate management
- Certificate request management
- Trust relation management
- Monitoring of web and application servers for various error conditions
What security standards does ManageSecure conform to?
- Security Assertion Markup Language (SAML)
- PKCS12 Keystores
- PKCS7, Base64 or DER Certificates
- PKCS10 Certificate Request
- PEM private keys
- JKS Trust Stores
- Kerberos/Active Directory
- Java Authentication and Authorization framework
What web-servers can ManageSecure access control filter be used with?
- Apache (Solaris 5.9 Sparc, Redhat Linux 8.0)
What type of security expertise is needed to run ManageSecure?A good UNIX or Windows network administrator can be trained to install and operate ManageSecure. For organizations using strong security, administrator should have a high level knowledge of PKI and X.509 certificates.
What is the cost structure?BNETAL offers flexible licensing models (see Licensing Information). For more information, please contact Info@ManageSecure.net for pricing information.
How can I obtain more information on ManageSecure?Please send in your enquiries by email to Info@ManageSecure.net
What is single sign-on?When using multiple instances of web-servers on a network (e.g., each may be hosting a different application), the ability to authenticate a user at one point in the network and to propagate the user session to all subsequent web-servers throughout the network (without requiring additional logins) is called single sign-on. ManageSecure provides single sign-on capability.
How configurable is ManageSecure?ManageSecure authentication policies are extensible using Java Authentication and Authorization framework, whereby you can define your own custom authentication mechanisms and plug them in. Also, Kerberos/Active Directory authentication and LDAP based authentication are supported. User interface layout is also configurable. You can edit the provided set of HTML pages to create custom look and feel for user interfaces.