Tech Specs - Reflection for Secure IT Server for Windows 8.2

Secure shell access

Secure remote terminal connections
- Configurable terminal provider (i.e., cmd.exe)
- Configurable terminal default directory
- Use of mapped drives to access network directories during terminal sessions

Secure file transfer

SCP and SFTP version 4 protocol support
SCP and SFTP special features
- Smart Copy (to eliminate redundant copying of identical source and target files)
- File transfer resume after interrupted downloads

Access control

Assignable rights (allow or deny)
- Terminal shell access
- Exec requests
- Local port forwarding
- Remote port forwarding
- SCP1 access
- SFTP/SCP2 access
- SFTP activities (Browse, Download, Upload, Delete, and Rename)
Assignable to (subconfigurations)
- Global
- Groups
- Users
- Per client system (by IP address or domain name)

Deny connections to users without Windows interactive access rights
Control over the number of connections allowed per user
Use of alternative credentials for accessing SFTP directories (for file transfers) and mapped drives (for terminal sessions)

Tunneling

Standards support

Compliance with IETF Secsh Internet drafts and RFCs 4250–4254, 4256, 4462, 4344, 4345, and 4716

Cryptographic library validation

Algorithms

Ciphers
- AES (128-, 192-, and 256-bit CTR)
- AES (128-, 192-, and 256 bit-CBC)
- 3DES (3 56-bit key EDE)
- Blowfish (128-bit)
- CAST (128-bit)
- Arcfour (128- and 256-bit)
Key exchange
- Diffie-Hellman
- GSS-API key exchange

MACs
- HMAC-MD5 (optional MD5 rejection available)
- HMAC-MD5-96
- HMAC-SHA1
- HMAC-SHA1-96
- HMAC-SHA256
- HMAC-SHA512
- RIPEMD160
- Meets DoD requirements for SHA-2

Authentication

Reflection PKI Services Manager
- Centralized configuration and management of PKI functions across multiple Reflection for Secure IT Windows servers, UNIX servers, and UNIX clients
- Standalone service module supported on most platforms supported by Reflection for Secure IT Windows and UNIX servers
- DoD PKI certified
- FIPS 140-2 validated (Certificate #2468)
- RFCs 2253, 2560, and 3280
- X.509 certificates for server and client authentication (X.509 versions 1-3)
- Version 2 X.509 CRL
- OCSP revocation checks
- HSPD-12 support
- Support for LDAP and HTTP certificate and CRL repositories
- Support for Microsoft Windows Certificate Store
- Certificate extensions supported
  - CDP
  - IDP
  - AIA
  - Policy constraints
  - Basic constraints
  - Name constraints
  - Extended key usage
- Customizable configuration on per trust anchor basis
- Fully customizable mapping of SSH user account names to certificates
- SOCKS proxy support
- PKI client command line utility for querying services availability and certificate validity

Server authentication
- Public key (RSA and DSA)
- PKI X.509 certificates
- GSSAPI/Kerberos
User authentication
- Password (local user and Windows domain user)
- Public key
  - RSA user keys
  - DSA user keys
  - X.509 certificates
  - OpenSSH public key interoperability
- Keyboard interactive
  - RSA SecurID
  - RADIUS
Keyboard-interactive password
- GSSAPI/Kerberos

Auditing and logging

Administrative tools

Post Transfer Actions for automating important processes for files after they are received
ProcessPriority for limiting the amount of CPU resources consumed

Customizable locations for server configuration files
Section 508 support in the Reflection for Secure IT Server for Windows configuration utility

Operating systems

System requirements

Any system that meets the minimum requirements for the Microsoft Windows operating system
Disk space varies depending on the features installed

Tech SpecsReflection for Secure IT Server for Windows 8.2