New Tree structure view

Command Control rules are created using an intuitive, drag and drop visual interface that reduces the need for complex manual scripting.

Account Groups

Account Groups contain groupings of both User accounts and Host accounts and can be assigned to rules under both the Submitting and Executing Groups.

Sub-rules

Create nested sub-rules for more complex rule structures.

Copy and Link Rules

Copying and linking of Rules is now supported

Multiple Perl scripts to a Rule

Perl scripts can be created and assigned to individual Rules to enhance the authorization structure. Within the Perl script editor it is possible to obtain and manipulate the metadata used by agents.

Single repository for all commands, scripts, times & account groups

Command Control contains a reusable component library with the following features: Making a modification will globally update the component; The ability to disable each component; The ability to create copies.

Multi-definition Commands

Single command containers now support multiple definitions.

Drag and Drop Rule Administration

Just drag components (commands, times etc.) into the Rule you are working on.

Script-less Authorization

Authorize or deny at the Rule level, no need for a script.

Integrated Test Suite

Command Control contains a comprehensive test suite that allows rules to be tested against expected outcomes.

Fortefi Compliance Auditor

With the Fortefi Compliance Auditor, rules can be created to pull any number of audit events matching a given filter into the tool at any specific frequency. As well as providing access to activity across the entire Framework, it is possible for auditors to view security transactions, play back recordings of user keystrokes, and record notes against each record to create permanent archives of activity.

Command Control Shells

Each agent is provided with a number of fully integrated shells based around the ksh or csh shells; these can provide clients with differing levels of interaction, which include.

• Session Capture only - User will login and perform commands as normal but a complete keystroke log of their session is captured and stored.
• Audit only – All commands typed by users will be sent to the Command Control reports module to build a complete audit trail of users’ sessions, there is no command authorization in this case.
• Authorization – All users’ commands will be passed to Command Control for authorization.

Command Control Extras

A number of optional features are included to enhance the functionality of Command Control.

• FTP Daemon – Provides an FTP replacement to allow fully audited and authenticated FTP transactions.
• Messaging Agent – Provides functionality to send email alerts.
• Remote Shell Daemon – Provides an rsh replacement to allow audited and authenticated rsh transactions.
• Remote Copy Command - Provides an rcp replacement to allow audited and authenticated rcp transactions.

Web-based Console

Command Control and the entire Framework is managed via a user friendly web-based console which can be accessed throughout intranet and extranet zones.

Simple to deploy and configure

Download and install the Framework installers from the Fortefi web site then pull down and deploy all managers/agents online from the centrally located web console. The Framework application is the only component that needs to be installed on each platform; all updates (inc. Framework) are deployed through the console.

Single configurable port

All agent traffic is directed down a single SSL encrypted port to allow for easy product configuration through firewalls.

Database Encryption

Command Control is driven from a SQLite database back-end where some or all databases can be AES encrypted.

Automatic Failover and Load-balancing

The hosts console allows agents to be configured into a hierarchical domain structure; multiple Command Control managers can be assigned to each domain, with automatic replication to the primary manager. By introducing this structure the deployment is load balanced. Agents will contact the local manager in their immediate domain unless that manager becomes unavailable, in this case the agent will automatically seek the next closest manager for authentication.

Live Update Functionality

The entire product suite, including Command Control utilizes the Frameworks’ live update functionality; this allows administrators to centrally download, test and deploy fixes or enhancements without the requirement of manually accessing the hosts, or scheduling down time.

Role-based Access Control

The Framework contains its own role-based access control mechanism that defines what a Framework user can do. Additional privileges are required to enable the modification of Command Control rules or view reports / keystroke logs.

Extensible Framework

The Fortefi Framework allows the easy deployment of additional solutions that work in conjunction with Command Control. The framework modularity allows client environments to be adapted and scaled according to need, without the requirement to install new products that may not interact well with the existing solutions. One such example might be to deploy the Fortefi Provisioning module to provide centralized management functionality for the creation and management of users, groups and security policy.