Ineo USA

SecureEscorts Overview

SecureEscorts  is a next generation Network Access Control security solution designed and developed by Ineo USA. SecureEscorts provides the telecommunication’s corporate security manager with the most advanced Network Access Control solution available in the market today.

SecureEscorts is designed with the telecommunication market in mind and specializes in Access Control. The solution supports individual user authentication and authorization. An administratively-created database assigns allowed paths to network element devices to which the users have been granted access privileges. SecureEscorts then escorts the users to each of the approved network element devices while capturing user keystrokes (Telnet and Secure Shell [SSH]) and command sequences (Applications/GUI), along with device responses. The keystroke, command sequence, and device response data are logged in the database for future reference.

In addition to Network Access Control, SecureEscorts provides Network Monitoring/Security, Network Element Password Management, Escorted Access/Single Sign-On(SSO), Role-Based Access Control (RBAC), Session Monitoring, and Command Filtering. It acts as the single point of entry to the network infrastructure, where access security management is the most critical. SecureEscorts also provides rules-based authorization for user-to-device access.

SecureEscorts provides authorized device access management to devices that use the following interface methods:
• Direct IP Accessible Telnet and SSH interfaces
• Synchronous, asynchronous, and serial interfaces through intermediary devices that convert protocols, such as terminal servers and protocol converters
• GUI interfaces, or vendor Element Management System (EMS) application or Operational Support System (OSS)

SecureEscorts provides the capability to manage Escorted Access (Single Sign-On
with session capture) to all Telnet, SSH, and mediated synchronous, asynchronous, and serial interface devices.

SecureEscorts provides a rules-based authorization engine that allows the customer’s administrator(s) to define the profiles for both users and devices at a granular level. An administrator can manage these profiles to establish access rights for each individual user on a per device basis. This allows for fine-grain control of the network device access that users are granted. The administrator can also define and configure fine-grain controls on user groups and device groups, as well as users and devices, to establish time constraints, auditing controls, password constraints, filtering controls, and access rights. Once the administrator has created profiles, users cannot bypass SecureEscorts to access a targeted device directly. SecureEscorts is the only source that knows the device’s account and password information, which forces the user to be authenticated via SecureEscorts before being granted access privileges to any device. After authenticating the user, SecureEscorts grants access to a limited set of devices that the user has been authorized to access.

SecureEscorts provides summary reports on user sessions to devices as well as detailed keystroke capture auditing files. In combination, these reports and files provide the most granular level of record maintenance for user-to-device sessions and the activity that occurred within each session. The detailed records, which can be stored within SecureEscorts for a defined number of days, provide access to the most detailed information regarding each individual user-to-device session. The auditing capabilities within SecureEscorts can be turned on or turned off on a per device or per user basis. When pre-engineering the system, the customer can define the amount of storage space required for on-board record storage. These records can also be exported to external storage mediums for archiving and future retrieval.

SecureEscorts is designed to be platform- and vendor-independent with regard to the end device or the EMS platform. SecureEscorts can secure access to devices as long as those devices are direct IP accessible using telnet or SSH interfaces; synchronous, asynchronous, or serial interface accessible through a mediation device; or accessible through most standards-based (windows, HTTP/S) GUI interfaces.
 
SecureEscorts provides a security policy engine that is rules enforceable and controllable. These rules are based on user and device profiles, which can be easily established within the system by the customer’s administrator(s). The policy engine allows for fine-grain authorization control and administrative management on a per user and per device basis.

SecureEscorts allows the customer’s administrator(s) to establish a hierarchical structure of users, user groups, devices, and device groups to which permissions can be applied at a granular level.

The combination of the SecureEscorts summary reports and the keystroke capture files provides fine-grain capture of information regarding each individual access session, which provides more than sufficient audit reporting to ensure compliance with SAS 70 regulations.