Pragma Fortress offers several different levels of security to meet the security needs of a wide variety of computing environments. The different security features are listed below:
· Integration with the Windows Security Model
·
Allow
only Configured Users Access to Server
·
Allow
only Configured Groups Access to the Server
·
Restricted
Access Control
·
Restricted
Authentication Methods
Integration with the Windows Security Model:
Pragma Fortress is fully integrated with the Windows security model. Each user is verified by their user name and password using the Windows accounts database. This allows only valid Windows users (domain or local) able to establish ssh login sessions. In addition, user accounts need to have “Log on Locally” user rights to be able to logon via Fortress successfully (Windows imposes the same restriction for local logins )
Each session started by Fortress gets the security context of the user logging on. Windows will enforce all security and access controls on the session. All processes started by the Fortress session will have the logged-on user as the owner. Similarly, files created on NTFS disks will have the Fortress user as the owner of the files.
Allow only Configured Users Access to the Server:
Pragma Fortress allows an administrator to configure how the server sets up the session on a per-user basis. See User Management. The administrator also has the option of allowing only configured users access to the server. With this setting enabled, in addition to needing a valid Windows username, a user will also need to be configured by Pragma User Management.
Allow only Configured Groups Access to the Server:
Using this option, an administrator can limit which Windows users can access Fortress by the Windows groups in which they are members. For example, if only members of the Administrators group are to use Fortress, use User Management to configure this group, then specify that only users of configured groups are allowed access to the server. Using this option with the Allow only Configured Users option, a user must be both a member of the allowed groups and allowed users.
Restricted Access Control
Access to the server can be allowed based on the protocol and type of access requested. The server can be restricted as an SFTP server that does not allow shell access or a ssh only server that does not allow file transfer. See Access Control.
Restricted Authentication Methods
The allowed client authentication methods can be configured, preventing access by random clients. See Authentication.