SITS - Secure login Terminal Server
SITS is a security product designed specifically for customers with very high security requirements, i.e. like the Swedish Defense, intelligence services, defense industry, government and many others.
SITS uses defense active cards, a defense-approved card reader and a specially designed security software to offer the users smart card based login to their desktop, IT environment and applications they are authorized to reach/use
SITS protects your network, servers and your applications from unauthorized use by means of strong encryption, access control and filtering of all communications to/from the organisation's servers and applications.
SITS offers the organization's users support for PKI-based Single-Sign-On (SSO) through strong authentication (also called two-factor authentication).
This means that the user can log in to his or her desktop on the terminal server and reach all the applications for which he or she has permission to use without having to enter the PIN more than once.
SITS also performs automatic password change in the background for the user so that he or she does not have to remember long and complicated passwords.
SITS follows the specification according to X.509 security standard for three-way authentication.
SITS is a security product that consists of three major parts;
- SITS TK that should be installed on all PC clients that should have a secure access to the SITS TS/AS environment.
- SITS TS that is intended to be installed on one or more of the organizations Terminal Servers.
- SITS AS which should be installed on the Application Servers that is to be protected by SITS.
SITS is used to secure so called Server Based computing (or Cloud based computing, as it's also often called).
Server-based computing is a common term for solutions that are using a thin client to connect to a central server located in a remote data center (whether or not it is operated by your own personnel or if it's outsourced to another vendor).
SITS can easily be integrated and used in different server-based IT environments and applications that want to use PKI functionality and X.509 certificate-based security.
SITS offers a centralized authentication of the organization's users and the applications that they have permission to use.
Via SITS administration, the security administrator can configure which applications, IT systems/resources and websites a particular user should have access to.
The security administrator can easily configure which applications, IT systems and websites a particular user and/or role should have.
If you want, you can assign users to different specific privileges. However, it's both easier and more logical to use roles to assign users different privileges. When a new user is added to the system, the user connects to a pre-configured role, thus acquiring the privileges that he/she has.
SITS offers the organization several advantages, including:
- A secure and cost-effective IT processing. Using SITS and a Terminal Server environment is a very good way to reduce costs while increasing both operational and IT security at the same time.
- A scalable and flexible security solution that is easily integrated into both large and small terminal server and application server installations.
- Stronger login security. SITS replaces traditional password logins with strong authentication based on PKI functionality and X.509 certificate-based security, i.e. the risk that the organization's users choose weak passwords which are easy to guess is eliminated.
- Work saftely from a remote location. The users can log in to the company's network with strong authentication (2FA) and access their desktops and their applications safely from any location (the only requirement is that there is an Internet connection).
- Higher security. All data is stored and processed solely in the server environment and all communication between client and server is encrypted, unlike a traditional terminal server solution, i.e there are no data availbale in the client at risk of exposure.
- Secure Single-Sign-On. Once the user has authenticated himself with his smart card and logged into the terminal server, the user gets a desktop and a secure SSO access to all their (eligible) applications.
- Easy user management. A security administrator can associate a Windows user to a smart card so that he or she can log in as the same user and get the same desktop as when password login was used.
- Traceability. All operations and actions performed by a security administrator in the SITS administration are logged so it's possible to follow up who did what and when.
SITS TK - Secure Thin Client
SITS TK is a security software designed for use together with SITS Terminal Server (SITS TS) and SITS Application Server (SITS AS). SITS TK is installed on the PC clients which should have a secure access to the organizations Terminal Servers and Application Servers. A standard PC client can be used with SITS TK, but in practice, a PC with tempered resistant hardware is usually used.
SITS TK is used to secure user login with strong authentication as well as to encrypt all the communication to/from SITS TS and SITS AS.
SITS TK software consists of a micro core and functionality for managing smart cards, card reader, PKI encryption, etc.
SITS TK is diskless and thus completely independent of the PC's IT security protection. The client boots up on the security-approved micro core from a USB memory or a CD-ROM, i.e. neither the PC's harddrive or the PC's Windows operating system is used by SITS TK.
SITS TK has several built-in security features, such as:
- Automatic locking of the workplace when the user extracts the smart card from the card reader or upon a certain (configurable) time of inactivity. The inactivity function is connected to the computer's screen saver and lock function. When the user reinserts the smart card to the reader, the user logs in again and can continue to work from the place where he or she stopped before.
- Protected prints that are handled by a print client that authenticates the user's card certificate against a print server.
- PKI-based Single-Sign-On (SSO) so that the user can reach the applications he/she is authorized to use with only one login.
- Strong authentication of the user all the way from the PC client, via the Terminal Server to the application running on the Application Server.
- Secure access to the organization's IT resources. No unknown clients can connect to your organization's terminal servers or application servers because both SITS TK and SITS TS use bi-directional authentication, i.e. so called "spoofing" is not possible since the SITS TK client and the SITS TS server make strong authentication of each other. Since neither server nor client accepts traffic from any unauthorized party, internal and external data breach and "man in the middle" attacks are impossible.
- SITS TK encrypts all communication between the client, the terminal server and the application server, which provides protection against takeover and manipulation of the session and replay attacks.
- Since SITS TK is diskless, no data is stored locally on the client when it is turned off or when the current terminal session is terminated or paused. We thus receive a very high level of security since all data stays at the server side, i.e. no data can be exposed for an unauthorized user even if he or she has physical access to the PC client.
- With SITS TK you can have up to 8 different environments that are security-separated, i.e. you can have two windows open at the same time, one of which may be secret and the other top secret.