Global Technical Service Hotline Tel: 1-844-860-0011 1-646-517-4966 E-mail:serversupport@inspur.com
Home > Products > Cloud computing and data center  > Mainframe security product > Details on information security

Inspur SSR OS Security Enhancement System

Inspur SSR OS security enhancement system is kernel-layer aiming to reinforce operating system security. Different from the traditional firewall and IDS / IPS, SSR works close to user data on operating system layer. This design avoids both external and internal hacker attacks. It also remedies the "short board" of traditional products in terms of the security of mainframe and enhances operating system security up to level-3 national protection.

Functional Features

Mandatory Access Control

The product realizes mandatory access control to file, registry, process, service, network and other objects on kernel layer of operating systems. Different access policies are configured to protect system and application resources. Even the system administrator has no right to destroy the protected resource.

Integrity testing

Conducting integrity test on files and services, and setting periodic testing items, giving alarms when tampered files or services are found, and spotting changed files.

Anti-formatting

Protection mode is able to prevent malicious formatting executed by viruses and intruders. Risks of accidental formatting by administrators can also be reduced.

System resource monitoring and alarm

Monitoring on CPU, RAM, disk and network resources, and issuing alarms they exceed the threshold of usage, in order to find problems such as insufficient or abuse of resources in advance.

Dual-factor authentication and combined password authentication

Dual-factor (USB KEY plus password) authentication is provided to SSR security administrators, audit officials, and also system users. For remote login and virtual system servers that cannot identify USB KEY, SSR alternatively configures login authentication of two-password combination. The system can be logged in only when the two persons each holding one of the two passwords are simultaneously on site, ensuring the credibility of a natural person.

Self-protection

With the technology of kernel sealing and integrity protection, SSR prevent files from being tampered maliciously and prevent process from being maliciously injected.

Unified management

SSRs in multiple platforms can be managed and maintained in one SSR console. Besides, SSR opens interfaces to third-party management platforms in need of integration, fusion of management between different products.

Flexible policy templates

In accordance with security policy SSR provides proven hierarchical templates to realize comprehensive protection of the system. The operation is also convenient and much easier to be more user-friendly.

Maintenance Mode

This mode is used when users worry that their management policy may affect the system. At this point, SSR will only record but not block the violation, allowing administrators to adjust the policy without causing service interruptions. 

Customer Value:

Immunizing the system from Trojan virus and hacker attacks

SSR use the technology of ROST to conduct multi-aspect protection on files, registries, processes, networks, services, accounts etc. so that a three-dimensional protection system is built. It checks the whole process from file creation, execution to resource access. With the help of SSR, the system is immunized from known or unknown viruses, backdoors, malicious codes and any other hacker attacks. System and applications can operate in a safer and more stable environment.

Reducing "zero-day vulnerabilities", delaying bug fixes

SSR applies mandatory access control and whitelisting mechanism, so it only allows credible accounts and processes to access protected resources. Important binary files in the operating system will be fully protected. The malicious code cannot destroy system files or implant Trojans even it obtains the permission to systems, which can reduce the risks occurring in the vacuum period from "zero-day vulnerabilities" to patches made by users. Moreover, users can delay the patch deployment and defer the patch making to the regular repair period.

Decentralized management, effectively avoiding "mono-dominance"

With the mechanism of decentralized management, SSR avoids the risk of OS administrator owning the dominant right. Their original privileges are assigned to system operators, security administrators and audit administrators, who perform their own function, yet constrain each other. The division of responsibility not only ensures the system security, but also keeps in line with relevant national information security standards.

Promoting the level of system security, enhancing compliance experience of users

SSR realizes security tags and mandatory access control on kernel layer of the operating system. At the same time, the mandatory control is integrated with discretionary access control of users' systemsimposing stronger constraints and tighter control to protect the system and important applications. Besides, it closely follows the standard of information security, including separation of three powers, integrity verification, dual-factor authentication and remaining information protection. All these measures help users build and manage the system in a safer and more reliable way.

Unified management mechanism to achieve simplicity

After completing the dual-factor authentication, administrators can access protected servers at any place to develop and maintain security policies, so that centralized management can be realized to reduce the workload of daily maintenance.

Operating system platforms supported: 

Technical Specifications

User Manual

 

中科汇联承办,easysite内容管理系统,portal门户,舆情监测,搜索引擎,政府门户,信息公开,电子政务