ALTELL Trust: A full feature security suite

Overview
The purpose of ALTELL TRUST is to provide system and data security in multi-user computing environments. ALTELL TRUST enables enhanced security through:
  • Firmware level (pre-OS boot) control of the access identification and authorization;
  • Firmware based integrity control of critical system elements (including components of the OS) prior to load and execution;
  • Mandatory Access Control and role based policies
  • Separation of the security, administrative and technical administering
  • System Architecture and Components

    ALTELL TRUST has a modular structure. Individual components of the system are designed to protect specific functionalities of a distributed computer network.

    ALTELL Secure BIOS is an advanced firmware product. It ensures integrity of hardware and critical software components before the OS boot.
    Chain of trust in a computing system begins at the firmware of each individual device connected to it. Protecting integrity of firmware is of paramount importance. ALTELL Secure BIOS implements mechanisms of protection of against backdoor hardware attacks such as Rakshasa. It relies on a multistage pre OS boot authorization protocols and role based access control of the users. Integrity of critical elements of hardware and software is first verified before the OS boot and is continuously monitored after that. ALTELL Secure BIOS has been designed according to TCG, NIST BIOS Protection Guidelines and NIST BIOS Protection Guidelines for Servers.

    ALTELL seOS VT is a trusted virtualization environment designed to enable enhanced control of the system integrity, users, processes and applications at run time.
    ALTELL Virtualization Technology - ALTELL seOS VT relies on isolation of users and processes to improve security through containerization. ALTELL seOS VT is transparent to users and can be implemented independently or together with ALTELL Secure BIOS for an additional security layer Virtualization approach to server and storage resources control and management eliminates many common threats and vulnerabilities such as viruses, trojans, DDOS attacks, etc.

    ALTELL Management Module is a full function management suite for deployment, maintenance and operation of the ALTELL TRUST suite.
    ALTELL Management Module is based on combination of ALTELL Secure BIOS, Intel AMT technology and Microsoft System Center Configuration Manager. It is a centralized management and control system that is highly scalable and versatile. ALTELL Management Module is a tool for deployment and maintenance of ALTELL TRUST. By separating security, technical and administrative functions ALTELL Management Module enables an unparalleled level of trust, customization and operational flexibility. A unified management console provides means for centralized, control of firmware, software, monitoring and journaling of user activities. System analysis tools can be integrated by customer request .

    ALTELL Secure BIOS and ALTELL seOS VT can be used separately or in combination with each other (or third party solutions) to meet customer specific security demands. Functions built in ALTELL Secure BIOS and ALTELL seOS VT complement each other and provide means for building a Trusted Compute Environment. .
    How does it work?

    At the time of power-on or a device reboot and prior to the OS boot security modules built in ALTELL Secure BIOS verify integrity of the hardware and the operating system. ALTELL TRUST protects the system from a pre-boot unauthorized access to the hardware administrative tools. The access is controlled by means of multi-factor authorization protocols that are based on use of hardware and/or software tokens (smart card, LDAP/AD or both). ALTELL Secure BIOS enables trusted boot by limiting the boot devices and data to a pre-determined, verified and controlled set.

    After the system boot a secure virtualized compute environment ALTELL seOS VT can be loaded. The purpose of ALTELL seOS VT is to provide runtime security of the system. ALTELL seOS VT ensures verification and continuous monitoring of integrity of itself and the components of the operating system. ALTELL seOS VT contains tools for efficient isolation of processes and users as well as control and monitoring of user activities. As an option advanced encryption mechanisms can be implemented to protect data in transit and storage. ALTELL seOS VT can be implemented on servers, client and network devices.

    ALTELL Management Module enables centralized in- and out-of-band management of system hardware and software. It simplifies installation, configuration and maintenance of ALTELL Secure BIOS and ALTELL seOS VT.