Stock Abbreviation : Topsec      Stock Code : 002212
7*24 hour service: 400-777-0777
Product Service
View all
  • Infrastructure Network
  • Data security
  • Industrial Internet Security
  • IoT
  • Safety service and operation
  • Cloud computing and cloud security
  • Zero Trust
Border Security
Application Security
Security Management
Safety Detection
Endpoint Security
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Consulting and support services
Security Operations
Red blue confrontation service
Security Cloud Service
New technology testing services
Security integration
Industry specific services
Popular products
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
Special Topics in Security
Security Research
About Us
About Topsec
China's leading cyber security, big data and cloud service provider
Learn about Topsec
About Us
Contact Us
Zero Trust
Build a dual system security framework of zero trust inference and trusted inference.
EN

Security Audit Gateway System

Centralized management | Identity authentication | Permission control | O&M audit

Security Audit Gateway System Overview

Topsec Security Audit Gateway System (TopSAG) is developed based on NGTOS security operating system platform with independent intellectual property rights and years of experience in cybersecurity protection. Based on 4A management concept and security proxy as the core, the system has sustainable innovation in the field of O&M, providing customers with a full range of O&M security solutions for pre-incident prevention, monitoring during incidents, and post-incident audit, which is suitable for government, finance, energy, telecommunications, transportation, military, education, and other industries.

Activity & Announcement
Advantages
Account management

It includes master account and sub account management, with the user account as the master account, and the original IT system account as the sub account. By separating identity and authorization through master/sub accounts, it enhances the reliability of identity authentication and system authorization, essentially solves the problem of account management confusion, and provides guarantee for authentication, authorization, and audit.

Identity authentication

To enhance access security, the system provides high-strength identity authentication, supports connection between local authentication servers and third-party authentication servers (such as AD Domain, LDAP, and RADIUS servers). In addition, it supports OTP dynamic tokens, SMS messages, UsbKey, digital certificates, facial recognition, and other authentication methods for strong two-factor authentication to ensure identity reliability.

Centralized authorization

The emphasis on "centralized" authorization is logically instead of physically. The system provides a unified authorization interface, which can implement not only coarse-grained authorization based on application boundaries, such as authorizing the assets users can access, but also fine-grained authorization within applications, such as restricting user behavior.

Operation

The operations of personnel are recorded as logs, and managers can view relevant audit logs in the system. Operation audit mainly covers personnel's account management, authentication, account assignment, permission assignment, and account usage (login, resource access, and operation behavior). All operations are well documented.

Application
Scenario

The system is deployed in the way of "physical bypass and logical tandem", without changing the network topology and without affecting the normal business operation. Single-node system deployment is the simplest and most typical deployment mode, and is suitable for most network environments.

Issues Resolved
  • Enables security O&M management and compliance audit within a unit.
Scenario

The system can be deployed in two-node cluster mode where the major and standby nodes provide services through the same virtual IP address, and O&M personnel and management personnel access the bastion host through the virtual IP address.

Issues Resoled
  • Implements normal data synchronization and automatic node failover, ensuring data security and continuity of O&M management.
Value to Customers
Compliance

Through centralized and unified management, two-factor authentication, permission control, periodic password change, real-name audit, and other functions, the system helps enterprises meet relevant policy requirements.

Improved O&M efficiency

The system provides H5 O&M, SSO, and other functions, so that quick Q&M can be performed by using a browser with no need to install O&M tools or memorize asset passwords.

O&M risks under control

The system controls the operation permissions of O&M personnel, and enables the users to set blacklists and whitelists for high-risk commands to avoid misoperation and abuse of permissions.

Complete accountability system

The system associates accounts with natural persons and records information about "who, where, when, and what" for O&M each time, enhancing the manageability and traceability of O&M personnel and assets.

Success Case
Relevant Recommendations
RELIABLE NETWORK SAFE WORLD

Product Service

Security Research

Special Topics in Security

About Us
Hot products
Next Generation Firewall NGFW® Hyper-converged Management Emergency Response Service Data Security Management Platform
Typical cases
CNCC security construction project Loophole Scanning Project of a Communication Group Internet surface exposure detection project of a central ministry
More Recommendations
Data Security Cloud Computing Industrial Internet Internet of Vehicles
Copyright © 2022 Topsec Technologies Group. All Rights Reserved Privacy Policy