Access Control Tools
Product Name Description
2in1 Net (Voltaire Advanced Data Security) Consists of two elements: the 2in1 NET PC* card which is installed in each PC, splitting it into two separate workstations, each connected to its network via its own exclusive hard-wired link, and the 2in1 NET hub, which would be typically located in the communications closet. Takes full control over an Ethernet/Token-Ring communication network by re-routing all communication cables between the existing hub-switches and the LAN cards through the 2in1 NET hub central switch- selector and the PC card in each workstation.
2in1 PC (Voltaire Advanced Data Security) Splits the PC into two separate virtual workstations, each with its own segment of the hard disk, independent operating system and network connection via its own exclusive hard-wired link. Placed between the PC motherboard and hard disk(s), the 2in1 PC card takes full control over disk access. In addition, communication cables that would normally lead directly from a modem or LAN card to the network, are re-directed via the 2in1 PC card, giving it complete control. Redundant electro-mechanical relays are used for switching and for providing full physical disconnection of the network links.
Access Control (Computer Associates) Strengthens server security by controlling access to data. Allows security policies to be enforced and centrally managed across Windows NT and UNIX platforms. Even privileged access by native Windows NT Administrator, Backup Operator and other special user accounts can be tailored. Provides protection from common attacks that allow hackers to enter the system as a privileged user. Provides a central administrative console for simplified cross-platform security management. Security policies can be developed centrally and enforced across Windows NT and UNIX environments.
Armor (Los Altos Technologies) High performance authentication and access control manager that improves the quality and reliability of UNIX user name and password authentication, password management, and auditing. Armor can protect a single host, or Armor can act as a network security server that provides system access control for a network of client workstations including X-terminals and notebooks.
AutoSecure Access Control for UNIX (Computer Associates) Provides a complete security management system. Proactively controls and prevents unauthorized access to system resources, notifies administrators of attempted violations, and provides a graphical administration interface.
CA-ACF2 (Computer Associates) Enables controlled sharing of computers and data, with features that prevent accidental or deliberate destruction, modification, disclosure and/or misuse of computer resources. It allows you to control who uses these resources, and provides you with the facts you'll need to monitor your security policy effectively. Unauthorized attempts to access resources are automatically denied and logged. Any authorized use of sensitive resources may also be logged for subsequent review. Available for: MVS, VSE, VM, VMS, DB2.
CA-ACF2/DB2 (Computer Associates) Supplants DB2 Grant-Revoke functionality. Provides comprehensive access control for critical DB2 database resources, consistent security and logging for DB2, and easy auditing and reporting. Available for: MVS.
CA-ACF2 for VM (Computer Associates) Designed to control user access to the VM system and to control access to VM minidisks and CMS files. Can also control access to terminals; CP commands and diagnose instructions, and other types of user-defined resources, including applications and OS/390 and VSE data sets. CA-ACF2 for VM contributes Standard Security Facility (CAISSF) technology to the CA90s® Integration Services, allowing centralized security administration and auditing through a single security facility.
CA-ACF2 Workstation (Computer Associates) Provides enterprise-wide security management with administration, auditing, reporting and monitoring facilities. Enables centralized administration, management and control of CA-ACF2 for MVS systems through integration with Unicenter TNG.
CA-Alert for VM (Computer Associates) Comprehensive, menu-driven VM security product. Allows control of user access to mini-disks, CMS and spool files, CP commands and privilege classes, terminal groups, and user-defined resources.
CA-Top Secret (Computer Associates) Enables controlled sharing of your computers and data, with features that prevent accidental or deliberate destruction, modification, disclosure and/or misuse of computer resources. It allows you to control who uses these resources, and provides you with the facts you'll need to monitor your security policy effectively. Unauthorized attempts to access resources are automatically denied and logged. Any authorized use of sensitive resources may also be logged for subsequent review. Available for: MVS, VSE, VM, VMS, DB2.
CA-Top Secret/DB2 (Computer Associates) Provides access control for critical DB2 database resources, enhances native DB2 security, simplifies security administration and eliminates the need to maintain DB2 GRANT/REVOKE schemes and site-written exits. Available for: MVS.
CA-Top Secret for VSE (Computer Associates) Complete solution for data and resource security. It establishes security controls for creating and accessing information for batch and online, and can enforce these controls at any desired level. The system can be tailored to fit in any size enterprise.
CA-Top Secret Workstation (Computer Associates) Provides enterprise-wide security management with administration, auditing, reporting and monitoring facilities. Enables centralized administration, management and control of CA-Top Secret for MVS systems through integration with Unicenter TNG. Available for: Windows NT.
Chrootuid (CERIAS) Free software for restricting root privilege. Chrootuid makes it easy to run a network service at low privilege level and with restricted file system access.
CleanDrive (AccessData) Removes disk data in such a way that it can not be read even by sophisticated disk recovery tools.
enRole (Access360) Allows your organization to realize increased revenue and productivity by creating a single, auditable point of control over access rights for both your internal and external customers. An ideal solution for large enterprise, Application Service Provider (ASP) and other business-to-business environments, enRole administers all applications, regardless of platform, and automates the enrollment process to increase efficiency and support the rapid growth of your business.
GroupMarshall (Marshall Software) Allows groups of users to be assigned two types of administrative capabilities that are normally only available to Microsoft NT machine and domain administrators: 1. Manage users and 2. Start & stop NT system services. This allows NT administrators to delegate of some of the user and support tasks that can otherwise consume their time, such as the following: Suspend user accounts; Reinstate user accounts; Change passwords, and Start & stop selected system services.
IntraVerse for MQSeries (Dascom) Provides MQSeries applications authenticated communication channels over which data can be transmitted with privacy and integrity. Provides access control to MQSeries based services and allows applications to make fine-grain access control decisions via the IntraVerse AuthAPI. Supports a variety of authentication mechanisms which include Kerberos and X.509 certificates. Users either login or present a smart-card device to the system. Once properly authenticated, IntraVerse associates the user identity with a set of capabilities that control what resources the user is allowed to access and what operations they are allowed to perform.
IntraVerse NetSEAT (Dascom) Enables a complete security solution for all Windows applications, including Web browsers, email, and client/server applications. By extending the IntraVerse security model to the desktop, NetSEAT allows users to take full advantage of the data privacy, centralized authorization and management, and high availability features of the IntraVerse product family.
Net Partitioner (Solsoft) Automates and simplifies the management of complex granular access security policy on existing heterogenous network equipment. Provides a single solution for managing the entire process of designing, developing and implementing ACL's and IP filters on routers and firewalls across an enterprise. Automates the generation and deployment of complex ACL's and IP Filters. Allows policy for managers and engineers alike. Enables complex policy implementation and management. Optimizes IP filters for performance and functionality. Manages heterogeneous networks: Cisco Systems, 3Com, Nortel (Bay) Networks, Ericsson (ACC) and other routers and firewalls. Operates on multiple platforms (Windows NT, Windows 95, Unix).
Op (CERIAS) Free privilege-sharing software.
PageVault (Authentica) Allows users to protect and control information before, during, and after delivery. Provides persistent information control by combining: Access and distribution control - who sees which pages and documents at what times Secure document delivery through 128-bit exportable file encryption Copy and print control. Prevents forwarding information or saving it to disk. Instant revocability of any user's access to documents Electronic shredding - make a document unreadable. Intra-document use control through page-level granularity. Centralized access management to dynamically manage the security policy governing the use of information wherever it goes throughout its lifecycle.
PortalXpert (Evidian) Innovative security management software for web-enabled applications. Leveraging a comprehensive access control policy for web-enabled environments, PortalXpert secures users access across the Internet, intranets and extranets. All B2E and B2B users (employees, partners and customers) benefit from universal single sign-on and personalized access to web applications. PortalXpert's non-intrusive, plug-and-play architecture leverages existing organization's LDAP directory and does not require plug-ins or agents on target systems or even cookies on browsers. PortalXpert is part of Evidian's enterprise wide security management software, installed by hundreds of large global organizations in high tech, finance, government and telecom.
Portmapper (CERIAS) Free NIS access control software.
Privilege Manager for UNIX (Axent Technologies) Allows assignment of responsibility for adding accounts, fixing printer queues, and other routine job functions can be safely assigned to the appropriate users -- without disclosing the root password. This protects the full power of root from potential misuse or abuse, such as deleting critical files, modifying databases or file permissions, reformatting disks, or doing more subtle damage. Can selectively record all activities involving root, including all keyboard input and display output. Permits definition of security policy which stipulates who has access to which root function, as well as where and when they can perform that function. Controls access to existing programs as well as purpose-built utilities that execute common system administration tasks.
RACF (IBM) Provides the functions of authentication and access control for OS/390 resources and data, including the ability to control access to DB2 objects using RACF profiles.  For DB2® you can: Define security rules before a DB2 object is created. Have security rules persist after the DB2 object is deleted. Control access to multiple DB2 objects with one security rule. Control access to DB2 objects on multiple DB2 subsystems with one set of security rules. Validate a user ID or group name before granting it access to a DB2 object. Administer and audit access to OS/390 resources including DB2 objects from a single point of control. When you allow access to information on your OS/390 system via the Internet or intranet using Domino Go WebserverTM you can use digital certificates to uniquely identify and authenticate your users.  RACF will accept the authenticated digital certificate from Domino Go Webserver without requiring the user to specify a user ID and password to access OS/390 data and resources.
RACF can control access to programs based on the system ID where the program is running. You can, for example, restrict the usage of a licensed product to a single system image within a Parallel Sysplex.
SafeGuard Advanced Security (Utimaco Safeware Systems) Provides improved access security and control under Windows NT. Logon may be accomplished using a password or per smartcard, thereby replacing the Windows NT logon routine. After logging on successfully, the user can be logged on automatically in heterogeneous networks via Single Sign On. Undesired or trivial passwords can be prohibited and the number of erroneous logon attempts can be restricted. Access to floppy disks, CD-ROM, serial and parallel interfaces and the clipboard can be denied to users or user groups. It is possible to run a checksum test to check the integrity of selected files. It is also possible to prohibit the execution, creation, reading, writing, deletion and renaming of file types (selection after extensions) in general or for selected drives. By encrypting files or directories, the transfer of sensitive data in LAN/WAN environments can also be protected against attacks from unauthorized persons. SafeGuard Advanced Security supports the operating system Windows NT (only with an ANSI character set), as well as Servicepacks 1, 3, 4 and 5.
SafeGuard DACS (Utimaco Safeware Systems) Secures critical information on networked and mobile computers. Brings precise access control to Windows 95-based PCs. Employees can gain access only to the information you want them to access.  Potential intruders are thwarted from using a floppy disk to "boot around" security. And several levels of encryption are available.  Enables users to safely "time out" and walk away from the PC. Manages authorised access and usage - even at the individual file level. Maintain consistent PC configuration. Prevents end-users from "tampering with" system files such as the Registry, CONFIG.SYS and AUTOEXEC.BAT. Discretionary Access Control. Identification and authentication per user.
SafeGuard Professional (Utimaco Safeware Systems) Offers a comprehensive security system for the confidential storage of data in heterogeneous networks. The users only see the icons of the application with which they want to work and for which they have the rights. Identification and authentication ensure that only authorized users can work with the PC. Files can be encrypted or sealed on a user, group or system basis. It is also possible to assign individual access rights. Provides every user with his own desktop where he is authorized to work, anywhere in the network. Identification with user ID and password.
User access can be restricted to specific times/days. It can expire or be locked by the system administrator.
Extensive password restrictions are possible, for example, minimum and maximum lengths, period of validity, generations, definition of selected characters (forced use of numeric and/or non alphanumeric characters) or the exclusion of illegal (because trivial) passwords.
SecureClean (AccessData) Erases all traces of deleted PC files so that they can not be reclaimed even by sophisticated recovery tools.
SecureConsole for Netware (Protocom Development Systems) A fileserver console security application that adds a new level of control and accountability to the NetWare server. You control what level of access individual users or NetWare groups have to your console, including what console commands they can use, what console applications they can see, and whether their actions are audited. With system console autolocking and screen saver features, SecureConsole locks the server console, even when you forget, protecting your system from unauthorised users.
SecureRealms (Texar) Makes your data play by your rules by providing a policy-based solution that mediates access to information in networked organizations. The design of SecureRealms is premised on the need to extend access to vital corporate information to both employees and business partners. Integral to the SecureRealms solution is the concept of secured Business RealmsTM - trusted areas in which the flow of information is mediated in accordance with centrally defined security policies. With SecureRealms, an organization has the flexibility to define Business Realms that meet specific requirements. Business Realms can be your entire corporate network, a portion thereof, or can extend to include business partners.
SecureWay FirstSecure (IBM) Helps protect network assets by allowing only authorized users — at authorized times — to access your systems, data, applications or network. Includes the following components to build and operate a scalable, secure environment: Trust Authority, Boundary Server, Policy Director, Toolbox, and Tivoli Cross-Site for Security. Tested, integrated solution, offering easier installation, customization and operational benefits. Detects and responds to virus attacks and intrusions before they penetrate private networks, using the latest intrusion protection technology from IBM Research. Issues and manages certificates for trusted identities with its integrated public key infrastructure. Integrated applications can store and share information about users. Lightweight Directory Access Protocol (LDAP) directories are used by Policy Director, PKI, and the SecureWay Boundary Server. Controls all traffic flowing between networks, providing essential firewall filtering at the application, session, and transport levels using a permissions-based policy framework. Lets you build and customize security implementations using the software tools, protocols and APIs that are included in the Toolkit. Offers end-to-end security with centrally defined permissions—from highly secure client, to middle-tier Web server, to the private network, to access data or transactions.
SecureWay Vault Registry (IBM) Integrated registration and certification solution that builds trust into business-critical Web applications. Browser based registration requests and administration. "Personal vaults" where data is stored and applications run. Audit trail of all registration and database certificate processing actions. Flexibility to support multiple organizations each administering their own certificates within one Certificate Authority (CA) environment. Customizable Registration Application. Seamless integration of key components for registration and certification. Flexible policy exits. Partitioned trust model. CA key generation and signing in crypto hardware. Immediate publishing of CRLs to an LDAP or X.500 directory.
SessionWall (Computer Associates) Protects networks, servers, and desktops from outside intrusions and internal abuse. Provides a complete picture of all network, email, and Internet activity. Simple policies can be automatically or manually created to block inappropriate and hostile network traffic. SessionWall installs quickly and can scale to support large enterprise environments. Features include: Network Usage Reporting — covers everything from high-level statistics down to individual user usage. Plus SessionWall-3 now includes the ability to "drill-down." Network Security — includes content scanning, intrusion detection (service denial attacks, suspicious activity, malicious applets, viruses), blocking, alerting, and logging. Web and Internal Usage Policy Monitoring and Controls — monitors and enforces web access and inter-company policies by user ID, IP address, domain, group, content, and control list. Company Preservation — (often referred to as litigation protection) provides email content monitoring, logging, viewing, and documentation.
Simple File Wrapper (CERIAS) Free security tool. Simple File Wrapper is a tool designed to increase a sysadmin's efficiency by allowing many routine tasks to be executed by operators and other staff. It improves the security of the system by reducing the need to distribute the root password. Furthermore, by using one genericwrapper instead of multiple wrappers it reduces the likelihood ofprogramming errors which could introduce security holes.
Symark PowerBroker (Symark Software) Allows delegation of root privileges while providing an indelible audit trail. Allows the full administrative powers of the root account to be selectively delegated to trusted users without having to disclose the root password, thereby maintaining system security. Provides an indelible audit trail of all actions occurring in important accounts such as root, which allows sites to track exactly which actions have been undertaken, by which people, when, and on which machine. Can record and replay an entire root session, allowing an after-the-fact look at exactly what a user typed and what was seen on the screen during a session. Can query, extract, and present information selectively from the log files. Controls incoming and outgoing sessions by controlling who is allowed to telnet and rlogin from the Internet to internal machines and which machines they may log into. Determines which days and time of day rlogin and telnet sessions may be initiated. Creates an audit trail which records all keystrokes and display outputs occurring during incoming/outgoing sessions.
Symark PowerPassword (Symark Software) Lets system administrators control which users can log in to each UNIX™ machine under which circumstances. System administrators can specify such things as what time of day a user may log in, who may log in over modem lines or over the network, and whether additional passwords or authentication schemes are used. Also includes a flexible password-aging system, which is compatible with NIS and shadow passwords, and works across an entire UNIX™ network. Can be integrated with authentication mechanisms such as smart cards, to further enhance login security. Contains a complete centralized logging system which tracks all login activity, and allows complex queries to be made as to what activities have occurred. Allows the login environment for each user to be completely specified. Administrators can control whether a shell or some other program is invoked for the user, what directory the user is placed in, and what environment variables are set, among other things. 
Trusted File Commander (Pinnacle Technology) Trusted File Commander provides an enhanced layer of data security for your corporate workstations. By controlling file access permissions on a user-by-user basis, Trusted File Commander gives you powerful protection against inadvertent or malicious damage to your company’s sensitive information.
UniShred Pro(Los Altos Technologies) Assured disk erasure software.