Reflection for Secure IT Server for UNIX

Specs

Reflection for Secure IT Server for UNIX

Secure shell access:
  • Secure remote terminal connections
  • Secure remote command execution
Secure file transfer:
  • SCP and SFTP version 4 protocol support
  • SCP and SFTP special features
    • Smart Copy (to eliminate redundant copying of identical source and target files)
    • File transfer resume after interrupted downloads
    • Recursive directory copying
    • Remote-to-remote transfers (SCP)
    • Automatic ASCII mode for specified file extension types (SFTP)
  • Support for High Performance Enabled (HPN) file transfer
  • Chroot environment support
  • Unattended scheduled file transfers
Access control:
  • Assignable rights (allow or deny)
    • Terminal shell access
    • Exec requests
    • File transfer access
    • SFTP activities (browse, download, upload, delete, and rename)
  • Assignable to (subconfigurations)
    • Global
    • Groups
    • Users
    • Per client system (by IP address or domain name)
Standards support:
  • Compliance with IETF Secsh Internet drafts and RFCs 4250-4254, 4256, 4462, 4345, and 4716
  • UTF-8 character support
Cryptographic library validation:
  • FIPS 140-2 Level 1 (Certificate #1747 and #2398-AIX)
Algorithms:
  • Ciphers
    • AES (128-, 192-, and 256-bit CTR)
    • AES (128-, 192-, and 256-bit CBC)
    • 3DES (3 56-bit key EDE)
    • Blowfish (128-bit)
    • CAST (128-bit)
    • Arcfour (128- and 256-bit)
  • MACS
    • HMAC-MD5
    • HMAC-MD5-96
    • HMAC-SHA1
    • HMAC-SHA1-96
    • HMAC-SHA256
    • HMAC-SHA512
    • RIPEMD160
    • Meets DoD requirements for SHA-2
  • Key exchange
    • Diffie-Hellman
    • GSS-API key exchange
    • RSA
    • DSA
Authentication:
  • Server authentication
    • Public key (RSA and DSA)
    • PKI X.509 certificates
    • Kerberos (gssapi-keyex)
  • User authentication
    • Password
    • Public key
      • RSA and DSA user keys
      • Key agent utility for private key management
      • Agent forwarding
      • Host name aliasing for host key storage
      • PKCS#11 smart card support on Solaris 10 SPARC platforms
    • Keyboard interactive
      • PAM (Pluggable Authentication Module)
      • RSA SecurID
      • RADIUS
      • Keyboard-interactive password
    • PKI X.509 certificates
    • Kerberos (gssapi-with-mic)
  • LDAP
    • Directory-accessed user shell configurations
    • Support for mkhomedir PAM module for automatic creation of LDAP user home directory
  • Reflection PKI Services Manager
    • Centralized configuration and management of PKI functions across Reflection for Secure IT Server for Windows, Server for UNIX, and Client for UNIX
    • Standalone service module supported on most platforms supported by Reflection for Secure IT Server for Windows and Server for UNIX
    • DoD PKI certified
    • FIPS 140-2 Level 1-validated for most supported platforms (Certificate #2058)
    • RFCs 2253, 2560, and 3280
    • X.509 certificates for server and client authentication (X.509 versions 1-3)
    • Version 2 X.509 CRL
    • OCSP revocation checks
    • HSPD-12 support
    • Support for LDAP and HTTP certificate and CRL repositories
    • Certificate extensions supported
      • CDP
      • IDP
      • AIA
      • Policy constraints
      • Basic constraints
      • Name constraints
      • Extended key usage
    • Customizable configuration on per trust anchor basis
    • Fully customizable mapping of SSH user account names to certificates
    • SOCKS proxy supported
    • PKI client command line utility for querying services availability and certificate validity
  • Other
    • Configurable pre-authenticated session limit
Accounting/auditing:
  • Logon events for all authentication methods
  • Detailed file transfer event capture, including uploads, downloads, and directory listings
  • Notification of exceeded maximum password attempts
  • HP-UX SAM auditing and security tool support
  • Oracle Solaris Basic Security Module auditing support
  • Oracle Solaris Least Privilege Model support
  • AIX System Resource Controller support
  • Dedicated audit log for all file transfers
Performance:
  • High Performance Enabled (HPN) support leverages dynamic TCP windows for improved file transfer performance
  • Granular control of data compression levels enables performance calibration
Operating systems:
  • HP-UX 11i v2 (PA-RISC)
  • HP-UX 11i v2 (Itanium)
  • HP-UX 11i v3 (Itanium)
  • IBM AIX 6.1 (POWER)
  • IBM AIX 7.1 (POWER)
  • Red Hat Enterprise Linux 5 (x86)*
  • Red Hat Enterprise Linux 5 (x86-64)*
  • Red Hat Enterprise Linux 6 (x86)*
  • Red Hat Enterprise Linux 6 (x86-64)*
  • Red Hat Enterprise Linux 7 (x86-64)*
  • Oracle Solaris 10 (SPARC)*
  • Oracle Solaris 10 (x86)*
  • Oracle Solaris 10 (x86-64)*
  • Oracle Solaris 11 (SPARC)*
  • Oracle Solaris 11 (x86-64)*
  • SUSE Linux Enterprise Server 10 (x86)*
  • SUSE Linux Enterprise Server 10 (x86-64)*
  • SUSE Linux Enterprise Server 10 zSeries (64-bit)*
  • SUSE Linux Enterprise Server 11 (x86)*
  • SUSE Linux Enterprise Server 11 (x86-64)*
System requirements:
  • Any system that meets the minimum requirements for the UNIX/Linux operating system
  • Network interface card
  • For all Itanium systems, the library libunwind is required (HP-UX, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server)
  • Oracle Solaris UltraSPARC CPU
release-rel-2019-8-1-2404 | Tue Aug 6 19:30:17 PDT 2019
2404
release/rel-2019-8-1-2404
Tue Aug 6 19:30:17 PDT 2019