The Sentinel Computer Security System
Secured Processing, Inc. (SPI) develops and markets products that protect an organization's valuable information from theft and exploitation. With our products, your organization can control who can access the specific files where your organization's most valuable information is processed and stored.
Are you protected against the Insider Threat?
An organization's survival in the information technology era depends on its ability to protect its valuable data. Defenses have been designed to protect information from network "Hackers," while the most predominant threat is INSIDE your organization. "Insiders" can be disgruntled employees, agents of foreign governments and/or terrorist organizations, criminals, or intruders that slip past the organization's physical security. "Insiders" can appear as trusted employees and are especially dangerous because they have inside knowledge. They know where your most valuable information is held and can easily gain access to it. Security techniques such as access lists, ID badges, and passwords, although useful, have only been capable of providing physical control over the access to the organization's facility where the data is available. A thief, once inside your organization, can sit at any computer and use off-the-shelf software tools to bypass the security software of your computer's operating system thereby gaining access to any file in any of your organization's computers and networks. Data-loss statistics from Ernst & Young support this claim. Theses statistics reveal that at least 60% of all successful security intrusions originate from within the organization, have the highest degree of success, and result in the largest losses of data in both government and industry. Until recently, the "Insider" threat has been virtually unrecognized and unchallenged.
Comprehensive Access Control
SPI designed the Sentinel Computer Security System to defeat "Insider" attacks by giving your organization total control of when, where and which employees can access its computers and the data and external interfaces that are available via the computer. This includes controlled access to multiple levels of sensitive or classified data and the external interfaces with networks, I/O ports, and telecommunications interfaces. The Sentinel also controls access to all portable media such as Floppy, CD, DVD, or Jump Drives. By providing the capability for an organization to control access to its information at the computer, restricted access files, such as personnel files, bank accounts, and patient/client data, are protected from attacks from "Insiders" that slip by physical security checks. Furthermore, only ONE computer is needed to protect multiple levels of data classification/sensitivity.
The Security Module
The primary component of the Sentinel is the Security Module, which controls access to computer devices such as hard drives, network interface cards (NICs), modems, I/O ports, and portable media. It is electronically isolated and independent of the computer's CPU, operating system, and software which makes it immune to software based attacks from Insiders or hackers. The access controls implemented by the Security Module are based on the pre-programmed organizational Security Policy and the User's Security Profile as programmed on their Smart Card. This Smart Card is programmed with each User's approved Security Profile, and Identification and Authentication (I&A) data such as a User's PIN, password and fingerprints or other biometrics. Security Profiles are developed as defined by the organization and managed by a Security Administrator to implement the organization's security policy. A Security Profile specifies each user's data access rights for each security level and their rights to the controlled computer devices at each allowed security level.
The Smart Card
The user's Smart Card is the means that binds the user to their restricted data and the computer devices in accordance with the organization's security policy and the user's security profile as implemented by the Security Module. Changes to a user's Security Profile are easily reprogrammed on the Smart Card by Security Administrators using the same basic mechanism as is used for PKI. The Sentinel is designed to lockout users from making modifications to their Security Profile and also prevents Security Administrators from gaining access to user data. Additional protection is provide by the Sentinel's capability to store security-related audit data such as logons, logoffs, and PIN entries for auditing administrator and user security practices.
Effective and Affordable
The users Smart Card is the means that binds the user to their restricted data and the computer devices in accordance with the organization's security policy and the user's security profile as implemented by the Security Module. Changes to a user's Security Profile are easily reprogrammed on the Smart Card by Security Administrators using the same basic mechanism as is used for PKI. The Sentinel is designed to lockout users from making modifications to their Security Profile and also prevents Security Administrators from gaining access to user data. Additional protection is provided by the Sentinel's capability to store security-related audit data such as logons, logoffs, and PIN entries for auditing administrator and user security practices.
The Sentinel is very affordable and easy to install. A Security Module Kit can be installed into any modern desktop Personal Computer or Workstation. By eliminating the need for multiple computers on the desktop, Sentinel provides considerable cost savings. All components in the Sentinel, including the Security Module, removable hard drives, network interface cards (NICs), and encryption modules (hardware or software based), are unclassified Commercial-Off-The-Shelf (COTS) products and available in kit form. They do not require special protection procedures. A multi-domain Laptop version of the Sentinel is being developed.
Back to Top
