Reflection for Secure IT

Tech Specs for Reflection for Secure IT Server for UNIX

Secure shell access
  • Secure remote terminal connections
  • Secure remote command execution
Secure file transfer
  • SCP and SFTP version 4 protocol support
  • SCP and SFTP special features
    • Smart Copy (to eliminate redundant copying of identical source and target files)
    • File transfer resume after interrupted downloads
    • Recursive directory copying
    • Remote-to-remote transfers (SCP)
    • Automatic ASCII mode for specified file extension types (SFTP)
  • Support for High Performance Enabled (HPN) file transfer
  • chroot environment support
  • Unattended scheduled file transfers
Access control
  • Assignable rights (allow or deny)
    • Terminal shell access
    • Exec requests
    • File transfer access
    • SFTP activities (browse, download, upload, delete, and rename)
  • Assignable to (subconfigurations)
    • Global
    • Groups
    • Users
    • Per client system (by IP address or domain name)
Tunneling
  • TCP port forwarding (local and remote)
  • FTP protocol
  • X11 protocol
  • Background and "one-shot" (single use) forwarding ports
Standards support
  • Compliance with IETF Secsh Internet drafts and RFCs 4250-4254, 4256, 4462, 4345, and 4716
  • UTF-8 character support
Cryptographic library validation
  • FIPS 140-2 Level 1 (Certificate #1747 and #2398-AIX)
    Algorithms
    • Ciphers
      • AES (128-, 192-, and 256-bit CTR)
      • AES (128-, 192-, and 256-bit CBC)
      • 3DES (3 56-bit key EDE)
      • Blowfish (128-bit)
      • CAST (128-bit)
      • Arcfour (128- and 256-bit)
    • MACS
      • HMAC-MD5
      • HMAC-MD5-96
      • HMAC-SHA1
      • HMAC-SHA1-96
      • HMAC-SHA256
      • HMAC-SHA512
      • RIPEMD160
      • Meets DoD requirements for SHA-2
    • Key exchange
      • Diffie-Hellman
      • GSS-API key exchange
      • RSA
      • DSA
    Authentication
    • Server authentication
      • Public key (RSA and DSA)
      • PKI X.509 certificates
      • Kerberos (gssapi-keyex)
    • User authentication
      • Password
      • Public key
        • RSA and DSA user keys
        • Key agent utility for private key management
        • Agent forwarding
        • Host name aliasing for host key storage
        • PKCS#11 smart card support on Solaris 10 SPARC platforms
      • Keyboard interactive
        • PAM (Pluggable Authentication Module)
        • RSA SecurID
        • RADIUS
        • Keyboard-interactive password
      • PKI X.509 certificates
      • Kerberos (gssapi-with-mic)
    • LDAP
      • Directory-accessed user shell configurations
      • Support for mkhomedir PAM module for automatic creation of LDAP user home directory
    • Reflection PKI Services Manager
      • Centralized configuration and management of PKI functions across Reflection for Secure IT Server for Windows, Server for UNIX, and Client for UNIX
      • Standalone service module supported on most platforms supported by Reflection for Secure IT Server for Windows and Server for UNIX
      • DoD PKI certified
      • FIPS 140-2 Level 1-validated for most supported platforms (Certificate #2058)
      • RFCs 2253, 2560, and 3280
      • X.509 certificates for server and client authentication (X.509 versions 1-3)
      • Version 2 X.509 CRL
      • OCSP revocation checks
      • HSPD-12 support
      • Support for LDAP and HTTP certificate and CRL repositories
      • Certificate extensions supported
        • CDP
        • IDP
        • AIA
        • Policy constraints
        • Basic constraints
        • Name constraints
        • Extended key usage
      • Customizable configuration on per trust anchor basis
      • Fully customizable mapping of SSH user account names to certificates
      • SOCKS proxy supported
      • PKI client command line utility for querying services availability and certificate validity
    • Other
      • Configurable pre-authenticated session limit
    Accounting/auditing
    • Logon events for all authentication methods
    • Detailed file transfer event capture, including uploads, downloads, and directory listings
    • Notification of exceeded maximum password attempts
    • HP-UX SAM auditing and security tool support
    • Oracle Solaris Basic Security Module auditing support
    • Oracle Solaris Least Privilege Model support
    • AIX System Resource Controller support
    • Dedicated audit log for all file transfers
    Performance
    • High Performance Enabled (HPN) support leverages dynamic TCP windows for improved file transfer performance
    • Granular control of data compression levels enables performance calibration
    Operating systems
    • HP-UX 11i v2 (PA-RISC)
    • HP-UX 11i v2 (Itanium)
    • HP-UX 11i v3 (Itanium)
    • IBM AIX 6.1 (POWER)
    • IBM AIX 7.1 (POWER)
    • Red Hat Enterprise Linux 5 (x86)*
    • Red Hat Enterprise Linux 5 (x86-64)*
    • Red Hat Enterprise Linux 6 (x86)*
    • Red Hat Enterprise Linux 6 (x86-64)*
    • Red Hat Enterprise Linux 7 (x86-64)*
    • Oracle Solaris 10 (SPARC)*
    • Oracle Solaris 10 (x86)*
    • Oracle Solaris 10 (x86-64)*
    • Oracle Solaris 11 (SPARC)*
    • Oracle Solaris 11 (x86-64)*
    • SUSE Linux Enterprise Server 10 (x86)*
    • SUSE Linux Enterprise Server 10 (x86-64)*
    • SUSE Linux Enterprise Server 10 zSeries (64-bit)*
    • SUSE Linux Enterprise Server 11 (x86)*
    • SUSE Linux Enterprise Server 11 (x86-64)*
    System requirements
    • Any system that meets the minimum requirements for the UNIX/Linux operating system
    • Network interface card
    • For all Itanium systems, the library libunwind is required (HP-UX, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server)
    • Oracle Solaris UltraSPARC CPU