 |
 
Frequently Asked Questions
PitBull Foundation and Foundation Suite
What is PitBull Foundation Suite? PitBull Foundation Suite utilizes trusted operating system technology to provide ironclad security for e-commerce, Internet banking, or e-services systems. PitBull Foundation Suite should be used anytime you are deploying web-based transaction servers, or are otherwise connecting web-based users directly to internal computing resources. What is the relationship between PitBull Foundation Suite and PitBull Foundation? PitBull Foundation provides the trusted operating system enhancements that serve as the base for PitBull Foundation Suite. PitBull Foundation Suite utilizes the PitBull Foundation security mechanisms to ensure the absolute security of its solutions-oriented suite of user modules. Why is the PitBull Foundation Suite security technology called "third generation"? Argus technology is fundamentally different from any other trusted system security product on the market. Typical trusted systems require the total replacement of the underlying operating system. This approach necessitates costly and time-consuming integration work to be performed for each application the customer wishes to install. PitBull Foundation Suite runs on standard, off-the-shelf operating environments and does not require replacement of the operating system. It maintains 100% compatibility with the underlying API. Any application that runs on standard Solaris will be compatible with PitBull Foundation Suite—no additional integration work is necessary. Because of this approach, PitBull Foundation Suite is easily extensible; new application services can be added at any time—quickly, flexibly, and easily. Can PitBull Foundation Suite solve a root compromise? There is no all powerful root account on a Foundation Suite system. The root, or superuser, account does not have any special privileges or authority. The root account is subject to the same security policy and has the same restrictions as any other user account on the system. On a PitBull Foundation Suite system root privileges have been divided into nearly one hundred individual privileges, and each process is only given those specific privileges that it requires to perform an operation. Therefore, a user cannot exploit root to gain access to files and programs for which he is not specifically authorized. Is PitBull Foundation Suite security enforced across a network? Security attributes assigned to users as well as to resources are communicated and enforced across networks, including the Internet. Users cannot send or receive data for which they are not specifically authorized access. In fact, Argus is the only company in the world to have successfully completed an ITSEC evaluation of a networked configuration. In addition to restricting access across a network, users may also be prevented from printing files or from copying information to removable media such as floppy disks, zip drives, etc. What network encryption products are supported by PitBull Foundation Suite? PitBull Foundation Suite fully supports SSL based encryption used in today's web browsers. PitBull Foundation Suite also fully supports F-Secure's ssh product for secure remote connections to the PitBull Foundation Suite system. Finally, PitBull Foundation Suite implements IPSEC as a way to provide VPN-like capabilities. Argus has a programmer's SDK available for developers to fully utilize the security architecture of both PitBull Foundation and PitBull Foundation Suite. How does PitBull Foundation Suite interface with other PitBull Foundation Suite systems? PitBull Foundation Suite's enterprise architecture allows PitBull Foundation Suite systems to be interconnected over the network or to exist in isolated configurations. The PitBull Foundation Suite architecture is flexible enough to allow non-UNIX web servers and back-end servers to be connected to it over the network, as well as other PitBull Foundation Suite systems that can provide additional security for other web based transaction platforms or critical systems. How does PitBull Foundation Suite inter-operate with Windows NT? PitBull Foundation Suite is fully interoperable with the TCP/IP networking protocol suite and thus fully supports connections from Windows NT systems. In addition all UNIX-based packages designed to work with Windows NT clients will be functional on a PitBull Foundation Suite system. How do I publish web pages to a PitBull Foundation Suite system? PitBull Foundation Suite fully supports standard file transfer mechanisms such as the file transfer protocol (FTP). The PitBull Foundation Suite architecture provides a system component known as the Secure Communications Enforcer (SCE). The SCE routes a network client to the appropriate web server designated for their use. As this connection is enforced with mandatory access controls it is not possible for this user to break out to another web server. What if my CGI programs have a security hole in them? It is not uncommon for CGI programs to be created with security holes. This is a common problem on today's web-based platforms. On a PitBull Foundation Suite system through the use of the Secure CGI Module, administrators can place CGI programs into an isolated compartment so that if they are compromised the attacker only has access to the CGI program itself. Because CGI programs occasionally have access to back-end data, access to that data can also be restricted by PitBull Foundation Suite. The strength of PitBull Foundation Suite is in its ability to isolate components of a critical system so that a breach in one component does not lead to a breach of the entire system. What auditing capabilities are provided for by PitBull technology? PitBull Foundation Suite utilizes the standard auditing capabilities provided in the underlying PitBull architecture. The auditing can be configured for specific events and keyed to success or failure. On the Solaris system this auditing subsystem is based on the Basic Security Module (BSM).
|
 |
||||||||||||||
 |
||||||||||||||||
