{"id":15623,"date":"2018-12-03T11:42:51","date_gmt":"2018-12-03T11:42:51","guid":{"rendered":"http:\/\/payampardaz.com\/en\/?p=15623"},"modified":"2018-12-25T14:35:48","modified_gmt":"2018-12-25T14:35:48","slug":"keyhan","status":"publish","type":"post","link":"https:\/\/payampardaz.com\/en\/keyhan\/","title":{"rendered":"keyhan"},"content":{"rendered":"
<\/p>\n
<\/p>\n
Dear Iranian managers of governmental and private organizations,<\/p>\n
How much do you pay or attempt to keep your organization\u2019s fundamental information confidential?<\/p>\n
Have you ever taken necessary measures into account to make your computer networks extremely safe?<\/p>\n
Have you ever implement an easy but complete solution to gain remote access to servers within the organization?<\/p>\n
Today, information are supposed as main asset of individuals, companies and governments; so, it is predicted that in the near future, powers of government will be calculated on the basis of their information from individuals and organizations. It is clear that the value of organization information is greater than personal information. On the other hand, strategic situation and nature of Iran has always attracted the attention of strangers; so that the important Iranian companies, including oil companies are faced to the highest number of cyber-attacks (successful or unsuccessful). Now, the important question is that: in these circumstances, how much do our organization managers pay as or attempt to keep your organization\u2019s fundamental information confidential? Have they ever taken necessary measures into account to make their computer networks extremely safe? Have they implemented security standards such as ISO 27001 at their organization?<\/p>\n
Fortunately, in recent years, high-level managers have had more attention at the issue of securing their organization and computer networks insofar a strong improvement is observed at security level of organizations. But still, there are other unanswered questions. For example, aren\u2019t our organizations at risk anymore? Has statistics of successful influential and attacks to our organizations\u2019 computer networks decreased in recent years? How can we be sure that these solutions which provide security have necessary and sufficient efficiency? Don\u2019t products that are using for ensuring security, have covert channels to influence and extract our organizational information? And finally, can we generally trust in foreign supplier in the field of security?<\/p>\n
Payam Pardaz Co. with more than two decades of experience in the field of information security and connections as well as their local products\u2019 portfolio can help you, dear manager, so much to find above questions\u2019 answer. LAN-secure product of this company with KEYHAN brand name is the only domestic product which can completely cover applying two paragraphs of ISO 27001 security standard in your organization. This product with its local hardware security protocols, algorithms and Tokens can promote largely security level of your organization\u2019s computer network and with proper use of it you can be sure about impossibility of covert channels\u2019 utilization.<\/p>\n
The auxiliary role of Keyhan product to implement ISO 27001 security standard are as follow:<\/p>\n
Network access control
\nUsage policy of network service
\nUser authentication for external connections
\nSeparation of the networks
\nNetwork connection control
\nControlling the access to OS
\nUser identification and authentication
\nExpiration of session deadline
\nLimiting the time of connection
\nIsolating the remote sensitive systems
\nCorrect processing of applications
\nVerification of input data
\nMessage integrity<\/p>\n
<\/p>\n
Today with the development of information technology, all large and small organizations with either LAN or WAN computer networks are all in a vast geographical area. The organization servers are usually located in the network center and applications on client computers receive necessary service from these servers. Alongside development of technology, threats and cyber-attacks become more widespread and some attacks such as access to data through network or stealing password and role playing may happen. Thus, providing security of electronic services has recently become one of the most important issues that IT managers of organization is facing.<\/p>\n
On the other hand, special-purpose attacks which was carried out recently against important sections of Iranian installations have led IT managers\u2019 attention to focus on provision of their organization\u2019s server security and sensitive data more than before.<\/p>\n
Keyhan which is a domestic system to make network safe provides obviously different security services such as users\u2019 two-factor authentication, access control, confidentiality and accuracy of transferred information, traffic analysis and high availability. Keyhan can significantly help to implement famous security standards such as ISO 27001 by its local hardware security protocols, algorithms and Tokens. This system contains a server (to apply in the entrance of organization\u2019s sensitive servers), client software (for users\u2019 computers), management software and hardware security tokens of users (with Keya brand name), it can be launched easily at organization network as well as utilize without the need for special training.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Today, Keyhan system is used widely by different organizations of our country to secure the presentation of application services. In this system, Keyhan server as an input gate, plays a role to control the access to vital servers of organization. Since all packages which were transferred to protecting servers are permitted to login to protecting network after monitoring Keyhan server; this server can play a special monitoring role along with other core services to examine users\u2019 activities and users\u2019 accesses (including confidentiality, accuracy, authentication and two-factor access control).<\/p>\n
Keyhan system reports completely all activities of this system in a proper format. These activities includes users\u2019 status about connection to Keyhan and all system configuration changes or policies by admin. Details about done activities is reported in the form of an event which describes the status and results about doing that activity when user tries to connect to Keyhan system or a admin sets some settings up. A sample of these events are as follow:<\/p>\n
After authentication for each user, user is allowed to access to protected servers. The passing traffic must be monitored from Keyhan to servers and this information is extracted from them to observe the status of connecting to servers, data transfer rate and success in connecting.<\/p>\n
CA (Component architecture) of event management system and traffic analysis along with Keyhan system are shown in below figure. This system is placed between Keyhan server and protecting servers. It not only receives and protects Keyhan events, but also monitors traffic between servers and their users, extracts and maintains information about access process.<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
<\/p>\n
Many reports can be defined from different transferred entrances. Also, a time schedule can be made to offer these reports. Reports are available on a periodic basis and in terms of hourly, daily, weekly and monthly schedule. Several parameters can also be defined and customized for each report. If you receive events; a part of sample report types is as follow:<\/p>\n
Today with the development of information technology, all large and small organizations have LAN computer networks in a narrow or wide space. Since parallel with the development of technology, threats and cyber-attacks become more widespread and possibility of some attacks such as data access on the network or infiltrates into the system as well as playing role simply; so, now provision of computer and non-computer systems\u2019 security equipped with a network port has become one of the most important issues that IT managers of organizations are faced with.<\/p>\n
Domestic Keyhan software which is used for provision of network security offers clearly various security services such as two-factor user accuracy verification, firewall, confidentiality and accuracy of transferred information. This system includes a client software (for users\u2019 computers) plus hardware security Tokens. It can launch simply in network and utilize without the need for special training for users in order to make connections of users safe and control the accessibility of their systems in accordance with the considered policies of organization or system owner.<\/p>\n
<\/a><\/p>\n <\/p>\n The aim of this scenario is securing the organization servers (for example, in this scenario, database server of organization is considered). In fir stage, all input and output connections are controlled by branch database (B database). To this end, firewall polices prevent the entry and establishment of all connections from WAN network. Also, access policy is defined just for users who are allowed to use this server in LAN network and unauthorized users are not allowed to access to LAN. If the servers or users located in branches and central servers of organization need a secure connection; we can make this connection by providing a proper and safe encrypted framework in WAN network. For example, a proper access is provided in this scenario to synchronize databases by providing a secure tunnel between database of branch and Keyhan server located in organization.<\/p>\n <\/p>\n \u0648\u06cc\u062f\u0626\u0648\u06cc \u0646\u062d\u0648\u0647 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u0627\u0648\u0644 <\/a><\/p>\n such as internet, intranet, wireless and fiber optic. To provide a safe platform, we can use Keyhan Subnet to Subnet tunnel service. By using this tunnel, secure and encrypted platform is provided between two networks. Implementation of this scenario just needs to install Keyhan client software on two systems that are defined as gateway of the organization. This connection is established by defining network address range under protection and definition of considered accesses.<\/p>\n <\/p>\n \u0648\u06cc\u062f\u0626\u0648\u06cc \u0646\u062d\u0648\u0647 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u062f\u0648\u0645<\/a><\/p>\n In this scenario, organization servers are protected by using Keyhan system. Users of network are classified. They access safely to sensitive servers of organization, based on their need. In this example, there is a database server in network that accesses to main database server for synchronization (Tunnel 2). Also, we can make a safe connection, if necessary, among users of system. In this example users work with internal database through safe connection (Tunnel 1).<\/p>\n <\/p>\n \u0648\u06cc\u062f\u0626\u0648\u06cc \u0646\u062d\u0648\u0647 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u0633\u0648\u0645<\/a><\/p>\n in this scenario, the connection of one system is secured with other users by using Keyhan client software. In this example \u201cA\u201d user connection and other users is made by encrypted platforms. Also, it is possible to prevent entry or exit of unauthorized packages by defining considered access in firewall of this system.<\/p>\n <\/p>\n \u0648\u06cc\u062f\u0626\u0648\u06cc \u0646\u062d\u0648\u0647 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u0686\u0647\u0627\u0631\u0645<\/a><\/p>\n In this scenario, connections of all systems are secured with each other by using Keyhan client software.<\/p>\n <\/p>\n \u0648\u06cc\u062f\u0626\u0648\u06cc \u0646\u062d\u0648\u0647 \u067e\u06cc\u0627\u062f\u0647\u200c\u0633\u0627\u0632\u06cc \u0633\u0646\u0627\u0631\u06cc\u0648\u06cc \u067e\u0646\u062c\u0645<\/a><\/p>\n <\/p>\n\n
Diversity in definition of policies with different applications<\/h5>\n
\n
Application scenarios<\/h4>\n
First scenario<\/h5>\n
Second scenario<\/h5>\n
Third scenario<\/h5>\n
Fourth scenario<\/h5>\n
Fifth scenario<\/h5>\n
Downloads<\/h2>\n