Alphabetical List of Access Control Tools

Timberline Technologies Logo
HOME SECURITY PRODUCT LINKS SECURITY RESOURCES

SECURITY WORKSHOPS SECURITY ADVISORY LINKS CONTACT INFORMATION

CONSULTING SERVICES SECURITY NEWS LINKS SITE MAP

New from Timberline Technologies:

Online Cryptography Course

with Lab Exercises

Tell me more ...

Alphabetical List of Access Control Tools

Disclaimer:

These links are provided as a free service to those seeking commercial information security products or shareware tools. The fact that a product is listed here is not an indication that Timberline Technologies LLC has evaluated it nor that we recommend it. The descriptive text is generally taken from the vendor's own product literature. The buyer has the ultimate responsibility to ensure that the information security product is suitable for its intended use. Please follow the links to the vendor pages to obtain more detailed information on a particular product. Additional guidance on product selection can be found in the On-Site Security Workshops.

Vendors Please Note: If your product does not appear in this index or if you feel that it has been incorrectly categorized please contact webmaster@timberlinetechnologies.com and the error will be corrected.

Important Note to Surfers: Timberline Technologies takes strict precautions to provide "safe" links. We will not knowingly provide a link to a site with dangerous active content or questionable privacy policies. Nevertheless, we can not guarantee the safety of all links provided. Those who are concerned about browsing securely are advised to use the facilities of BeHidden, safeWeb, Anonymizer or similar service.

Product Name Description

2in1 Net (Voltaire Advanced Data Security) Consists of two elements: the 2in1 NET PC* card which is installed in each PC, splitting it into two separate workstations, each connected to its network via its own exclusive hard-wired link, and the 2in1 NET hub, which would be typically located in the communications closet. Takes full control over an Ethernet/Token-Ring communication network by re-routing all communication cables between the existing hub-switches and the LAN cards through the 2in1 NET hub central switch- selector and the PC card in each workstation.

2in1 PC (Voltaire Advanced Data Security) Splits the PC into two separate virtual workstations, each with its own segment of the hard disk, independent operating system and network connection via its own exclusive hard-wired link. Placed between the PC motherboard and hard disk(s), the 2in1 PC card takes full control over disk access. In addition, communication cables that would normally lead directly from a modem or LAN card to the network, are re-directed via the 2in1 PC card, giving it complete control. Redundant electro-mechanical relays are used for switching and for providing full physical disconnection of the network links.

Access Control (Computer Associates) Strengthens server security by controlling access to data. Allows security policies to be enforced and centrally managed across Windows NT and UNIX platforms. Even privileged access by native Windows NT Administrator, Backup Operator and other special user accounts can be tailored. Provides protection from common attacks that allow hackers to enter the system as a privileged user. Provides a central administrative console for simplified cross-platform security management. Security policies can be developed centrally and enforced across Windows NT and UNIX environments.

AccessMatrix Universal Access Management (i-sprint) AccessMatrix Universal Access Management (UAM) is a comprehensive enterprise application access control, single sign-on and security administration system. UAM controls and manages user access to all enterprise applications. Leveraging on the AccessMatrix technology, UAM fulfils the most rigorous form of application security by providing security administration, authentication, authorization, and audit services (4As) to business applications within your organization. With UAM, multiple applications are able to access a common set of security services through tight integration with our AccessMatrix security server.

Attack Mitigator (Top Layer) Top Layer's Attack Mitigator IPS is a family of high performance, ASIC-based intrusion prevention solutions with intelligent blocking and control against the most prevalent cyber attacks. Hybrid attacks such as HTTP worms, DoS / DDoS attacks, protocol and traffic anomalies, IP spoofing, SYN flood attacks, and more, are accurately detected, and stopped in real-time. The Attack Mitigator IPS allows the network security administrator full control in selecting how the device will respond to detected attacks. Precise but flexible actions against blocking malicious and suspicious traffic include monitoring, alerting, limiting and blocking. Attack Mitigator IPS offers 100 megabit through multi-gigabit solutions for maximum performance.

CA-eTrust (Computer Associates) CA’s eTrust Security Management solutions enable you to proactively manage your entire security environment so you can focus on your business. eTrust is the trusted advisor in security management that helps you achieve business efficiencies, ensure continuous operations, enforce security policies and comply with regulations.

Chrootuid (CERIAS) Free software for restricting root privilege. Chrootuid makes it easy to run a network service at low privilege level and with restricted file system access.

Eurekify Sage Discovery & Audit (DNA) (Eurekify) Sage is a family of software products for role-based management. Sage provides a clearer picture and analysis of the existing privileges in the enterprise, and helps large organizations realize the benefits of a true role-based management of users across enterprise solutions. Sage Discovery addresses the major challenges of identifying and specifying business roles for RBAC. In addition it provides tools for managing the life cycle of role definitions. Sage Audit identifies excessive access rights, as well as exceptions and deviations in a role-based user management environment. Sage Compliance automates verification of compliance with rule-based policies and regulations, defined on top of roles and independent privileges.

Op (CERIAS) Free privilege-sharing software.

Portmapper (CERIAS) Free NIS access control software.

RACF (IBM) Provides the functions of authentication and access control for OS/390 resources and data, including the ability to control access to DB2 objects using RACF profiles. For DB2® you can: Define security rules before a DB2 object is created. Have security rules persist after the DB2 object is deleted. Control access to multiple DB2 objects with one security rule. Control access to DB2 objects on multiple DB2 subsystems with one set of security rules. Validate a user ID or group name before granting it access to a DB2 object. Administer and audit access to OS/390 resources including DB2 objects from a single point of control. When you allow access to information on your OS/390 system via the Internet or intranet using Domino Go WebserverTM you can use digital certificates to uniquely identify and authenticate your users. RACF will accept the authenticated digital certificate from Domino Go Webserver without requiring the user to specify a user ID and password to access OS/390 data and resources.
RACF can control access to programs based on the system ID where the program is running. You can, for example, restrict the usage of a licensed product to a single system image within a Parallel Sysplex.

SessionWall (Computer Associates) Protects networks, servers, and desktops from outside intrusions and internal abuse. Provides a complete picture of all network, email, and Internet activity. Simple policies can be automatically or manually created to block inappropriate and hostile network traffic. SessionWall installs quickly and can scale to support large enterprise environments. Features include: Network Usage Reporting — covers everything from high-level statistics down to individual user usage. Plus SessionWall-3 now includes the ability to "drill-down." Network Security — includes content scanning, intrusion detection (service denial attacks, suspicious activity, malicious applets, viruses), blocking, alerting, and logging. Web and Internal Usage Policy Monitoring and Controls — monitors and enforces web access and inter-company policies by user ID, IP address, domain, group, content, and control list. Company Preservation — (often referred to as litigation protection) provides email content monitoring, logging, viewing, and documentation.

Simple File Wrapper (CERIAS) Free security tool. Simple File Wrapper is a tool designed to increase a sysadmin's efficiency by allowing many routine tasks to be executed by operators and other staff. It improves the security of the system by reducing the need to distribute the root password. Furthermore, by using one genericwrapper instead of multiple wrappers it reduces the likelihood ofprogramming errors which could introduce security holes.

Stealth Data Security (Stealth Data Security) Stealth Data Security goes beyond mere password protection. Our software makes your sensitive data disappear from view on your hard drive. Any file placed in your Stealth folder will become invisible once the Stealth folder is hidden. The folder and files will remain hidden until accessed by an authorized user.

Symark PowerBroker (Symark Software) Allows delegation of root privileges while providing an indelible audit trail. Allows the full administrative powers of the root account to be selectively delegated to trusted users without having to disclose the root password, thereby maintaining system security. Provides an indelible audit trail of all actions occurring in important accounts such as root, which allows sites to track exactly which actions have been undertaken, by which people, when, and on which machine. Can record and replay an entire root session, allowing an after-the-fact look at exactly what a user typed and what was seen on the screen during a session. Can query, extract, and present information selectively from the log files. Controls incoming and outgoing sessions by controlling who is allowed to telnet and rlogin from the Internet to internal machines and which machines they may log into. Determines which days and time of day rlogin and telnet sessions may be initiated. Creates an audit trail which records all keystrokes and display outputs occurring during incoming/outgoing sessions.

Symark PowerPassword (Symark Software) Lets system administrators control which users can log in to each UNIX™ machine under which circumstances. System administrators can specify such things as what time of day a user may log in, who may log in over modem lines or over the network, and whether additional passwords or authentication schemes are used. Also includes a flexible password-aging system, which is compatible with NIS and shadow passwords, and works across an entire UNIX™ network. Can be integrated with authentication mechanisms such as smart cards, to further enhance login security. Contains a complete centralized logging system which tracks all login activity, and allows complex queries to be made as to what activities have occurred. Allows the login environment for each user to be completely specified. Administrators can control whether a shell or some other program is invoked for the user, what directory the user is placed in, and what environment variables are set, among other things.

UNIX Privilege Manger - UPM (PassGo) UNIX Privilege Manager (UPM) brings accountability and security to UNIX by enabling system administrators to delegate any UNIX user's authority, so that you can implement reasonable security controls, without impacting the ability of users to perform their daily work.

Key Features:

An out-of-the-box solution for controlling access to account privileges
Allows delegation of any UNIX user's authority, so that you can implement reasonable security controls, without impacting the ability of users to perform their daily work
UNIX Privilege Manager allows you to control access for any user on your UNIX network
Provides full audit trail recording all keyboard input and display output with a playback utility
Guards against Hackers, Trojan horses and viruses
With UPM, responsibility for adding accounts, fixing printer queues, and other routine job functions can safely be delegated to individuals or groups without disclosing the root password and compromising your company's valuable information. This protects the full power of root from potential misuse or abuse, such as deleting critical files, modifying databases or file permissions, reformatting disks, or doing more subtle damage. UPM allows only authorized users to access files, directories and third-party applications and accounts, such as financial records.

In addition, UPM is capable of recording all activities for any user, including all keyboard input and display output, if required. This indelible audit trail, combined with the safe partitioning of root functionality - provides an extremely secure means of controlling the power of root. You always know exactly what is being run as root, as well as who did it, when it happened and where.

In Gratitude: A special thanks to the many people who made suggestions about the Timberline Technologies site and offered contributions to the lists of security-related links, including (but not limited to): Anthony Baratta, Roy Bryant, Rey DeLeon, Ginger Doetsch, Michael Elliott, Vicki Harris, Jerry Heinl, Pam Hensley, Wes Ingram, Bruce Johnston, Walt Jones, Ray Kaplan, Michael A. Kelly, Walt Kobus, Bruce Leary, Richard Liebsch, Jeanne Lundeen, Alan Lustiger, Glenn Marshall, Craig Martin, Virginia Martin, Scott McCrea, Frank McCusker, Mike McFadden, MSgt. Michael McCleaf, Scott McCrea, Chris McDonald, Bob McMahon, Jim Meritt, Jeff Misrahi, Dorsey Morrow, Angelique Naylor, Todd Orkwis, Harold Palmer, John Parker, Brian Petrenick, Ralph Spencer Poore, Burton Post, Raj Pradhan, Paula Prentice, Patrick Ramseier, Kanaka Rao, Captain Rickey Roach, Werner Roberts, Ben Rothke, Rachel Rosencrantz, Mark Ruchie, Chuck Ryan, Neal Sachdev, David Sanders, Domi Sanchez, George Schaft, John Sciandra, David J. Scheschy, Jim Schifalacqua, Ken Shaurette, Steve Shoemaker, Sandy Sherizen, Alice "Pookie" Smith, Jim Steinwand, Alan Sterneckert, Mitch Thomas, Raymond Toney, Jim Truitt, Ryan Walters, Alan Weaver, Melody Wilson, Russ Wolfe

HOME	SECURITY PRODUCT LINKS	SECURITY RESOURCES
SECURITY WORKSHOPS	SECURITY ADVISORY LINKS	CONTACT INFORMATION
CONSULTING SERVICES	SECURITY NEWS LINKS	SITE MAP

Product Name	Description
2in1 Net (Voltaire Advanced Data Security)	Consists of two elements: the 2in1 NET PC* card which is installed in each PC, splitting it into two separate workstations, each connected to its network via its own exclusive hard-wired link, and the 2in1 NET hub, which would be typically located in the communications closet. Takes full control over an Ethernet/Token-Ring communication network by re-routing all communication cables between the existing hub-switches and the LAN cards through the 2in1 NET hub central switch- selector and the PC card in each workstation.
2in1 PC (Voltaire Advanced Data Security)	Splits the PC into two separate virtual workstations, each with its own segment of the hard disk, independent operating system and network connection via its own exclusive hard-wired link. Placed between the PC motherboard and hard disk(s), the 2in1 PC card takes full control over disk access. In addition, communication cables that would normally lead directly from a modem or LAN card to the network, are re-directed via the 2in1 PC card, giving it complete control. Redundant electro-mechanical relays are used for switching and for providing full physical disconnection of the network links.
Access Control (Computer Associates)	Strengthens server security by controlling access to data. Allows security policies to be enforced and centrally managed across Windows NT and UNIX platforms. Even privileged access by native Windows NT Administrator, Backup Operator and other special user accounts can be tailored. Provides protection from common attacks that allow hackers to enter the system as a privileged user. Provides a central administrative console for simplified cross-platform security management. Security policies can be developed centrally and enforced across Windows NT and UNIX environments.
AccessMatrix Universal Access Management (i-sprint)	AccessMatrix Universal Access Management (UAM) is a comprehensive enterprise application access control, single sign-on and security administration system. UAM controls and manages user access to all enterprise applications. Leveraging on the AccessMatrix technology, UAM fulfils the most rigorous form of application security by providing security administration, authentication, authorization, and audit services (4As) to business applications within your organization. With UAM, multiple applications are able to access a common set of security services through tight integration with our AccessMatrix security server.
Attack Mitigator (Top Layer)	Top Layer's Attack Mitigator IPS is a family of high performance, ASIC-based intrusion prevention solutions with intelligent blocking and control against the most prevalent cyber attacks. Hybrid attacks such as HTTP worms, DoS / DDoS attacks, protocol and traffic anomalies, IP spoofing, SYN flood attacks, and more, are accurately detected, and stopped in real-time. The Attack Mitigator IPS allows the network security administrator full control in selecting how the device will respond to detected attacks. Precise but flexible actions against blocking malicious and suspicious traffic include monitoring, alerting, limiting and blocking. Attack Mitigator IPS offers 100 megabit through multi-gigabit solutions for maximum performance.
CA-eTrust (Computer Associates)	CA’s eTrust Security Management solutions enable you to proactively manage your entire security environment so you can focus on your business. eTrust is the trusted advisor in security management that helps you achieve business efficiencies, ensure continuous operations, enforce security policies and comply with regulations.
Chrootuid (CERIAS)	Free software for restricting root privilege. Chrootuid makes it easy to run a network service at low privilege level and with restricted file system access.
Eurekify Sage Discovery & Audit (DNA) (Eurekify)	Sage is a family of software products for role-based management. Sage provides a clearer picture and analysis of the existing privileges in the enterprise, and helps large organizations realize the benefits of a true role-based management of users across enterprise solutions. Sage Discovery addresses the major challenges of identifying and specifying business roles for RBAC. In addition it provides tools for managing the life cycle of role definitions. Sage Audit identifies excessive access rights, as well as exceptions and deviations in a role-based user management environment. Sage Compliance automates verification of compliance with rule-based policies and regulations, defined on top of roles and independent privileges.
Op (CERIAS)	Free privilege-sharing software.
Portmapper (CERIAS)	Free NIS access control software.
RACF (IBM)	Provides the functions of authentication and access control for OS/390 resources and data, including the ability to control access to DB2 objects using RACF profiles. For DB2® you can: Define security rules before a DB2 object is created. Have security rules persist after the DB2 object is deleted. Control access to multiple DB2 objects with one security rule. Control access to DB2 objects on multiple DB2 subsystems with one set of security rules. Validate a user ID or group name before granting it access to a DB2 object. Administer and audit access to OS/390 resources including DB2 objects from a single point of control. When you allow access to information on your OS/390 system via the Internet or intranet using Domino Go WebserverTM you can use digital certificates to uniquely identify and authenticate your users. RACF will accept the authenticated digital certificate from Domino Go Webserver without requiring the user to specify a user ID and password to access OS/390 data and resources. RACF can control access to programs based on the system ID where the program is running. You can, for example, restrict the usage of a licensed product to a single system image within a Parallel Sysplex.
SessionWall (Computer Associates)	Protects networks, servers, and desktops from outside intrusions and internal abuse. Provides a complete picture of all network, email, and Internet activity. Simple policies can be automatically or manually created to block inappropriate and hostile network traffic. SessionWall installs quickly and can scale to support large enterprise environments. Features include: Network Usage Reporting — covers everything from high-level statistics down to individual user usage. Plus SessionWall-3 now includes the ability to "drill-down." Network Security — includes content scanning, intrusion detection (service denial attacks, suspicious activity, malicious applets, viruses), blocking, alerting, and logging. Web and Internal Usage Policy Monitoring and Controls — monitors and enforces web access and inter-company policies by user ID, IP address, domain, group, content, and control list. Company Preservation — (often referred to as litigation protection) provides email content monitoring, logging, viewing, and documentation.
Simple File Wrapper (CERIAS)	Free security tool. Simple File Wrapper is a tool designed to increase a sysadmin's efficiency by allowing many routine tasks to be executed by operators and other staff. It improves the security of the system by reducing the need to distribute the root password. Furthermore, by using one genericwrapper instead of multiple wrappers it reduces the likelihood ofprogramming errors which could introduce security holes.
Stealth Data Security (Stealth Data Security)	Stealth Data Security goes beyond mere password protection. Our software makes your sensitive data disappear from view on your hard drive. Any file placed in your Stealth folder will become invisible once the Stealth folder is hidden. The folder and files will remain hidden until accessed by an authorized user.
Symark PowerBroker (Symark Software)	Allows delegation of root privileges while providing an indelible audit trail. Allows the full administrative powers of the root account to be selectively delegated to trusted users without having to disclose the root password, thereby maintaining system security. Provides an indelible audit trail of all actions occurring in important accounts such as root, which allows sites to track exactly which actions have been undertaken, by which people, when, and on which machine. Can record and replay an entire root session, allowing an after-the-fact look at exactly what a user typed and what was seen on the screen during a session. Can query, extract, and present information selectively from the log files. Controls incoming and outgoing sessions by controlling who is allowed to telnet and rlogin from the Internet to internal machines and which machines they may log into. Determines which days and time of day rlogin and telnet sessions may be initiated. Creates an audit trail which records all keystrokes and display outputs occurring during incoming/outgoing sessions.
Symark PowerPassword (Symark Software)	Lets system administrators control which users can log in to each UNIX™ machine under which circumstances. System administrators can specify such things as what time of day a user may log in, who may log in over modem lines or over the network, and whether additional passwords or authentication schemes are used. Also includes a flexible password-aging system, which is compatible with NIS and shadow passwords, and works across an entire UNIX™ network. Can be integrated with authentication mechanisms such as smart cards, to further enhance login security. Contains a complete centralized logging system which tracks all login activity, and allows complex queries to be made as to what activities have occurred. Allows the login environment for each user to be completely specified. Administrators can control whether a shell or some other program is invoked for the user, what directory the user is placed in, and what environment variables are set, among other things.
UNIX Privilege Manger - UPM (PassGo)	UNIX Privilege Manager (UPM) brings accountability and security to UNIX by enabling system administrators to delegate any UNIX user's authority, so that you can implement reasonable security controls, without impacting the ability of users to perform their daily work. Key Features: An out-of-the-box solution for controlling access to account privileges Allows delegation of any UNIX user's authority, so that you can implement reasonable security controls, without impacting the ability of users to perform their daily work UNIX Privilege Manager allows you to control access for any user on your UNIX network Provides full audit trail recording all keyboard input and display output with a playback utility Guards against Hackers, Trojan horses and viruses With UPM, responsibility for adding accounts, fixing printer queues, and other routine job functions can safely be delegated to individuals or groups without disclosing the root password and compromising your company's valuable information. This protects the full power of root from potential misuse or abuse, such as deleting critical files, modifying databases or file permissions, reformatting disks, or doing more subtle damage. UPM allows only authorized users to access files, directories and third-party applications and accounts, such as financial records. In addition, UPM is capable of recording all activities for any user, including all keyboard input and display output, if required. This indelible audit trail, combined with the safe partitioning of root functionality - provides an extremely secure means of controlling the power of root. You always know exactly what is being run as root, as well as who did it, when it happened and where.