Reflection for Secure IT Server for UNIX

An SSH File Transfer Solution


Reflection for Secure IT Server for UNIX uses the SSH protocol to provide secure file transfer and remote administration services for UNIX environments. It is part of the Reflection for Secure IT family of SSH clients and servers for Windows and UNIX—all designed to protect data in motion.

Note: Reflection for Secure IT Server for UNIX includes a single license of Reflection for Secure IT Client for UNIX.

With Reflection for Secure IT Server for UNIX, you can:
  • Replace nonsecure Telnet and FTP with a secure, encrypted alternative.
  • Secure remote administration of critical servers, even over untrusted networks.
  • Safely transmit sensitive data and ensure that transfers are completed.
  • Access any TCP/IP-based application through a secure transmission tunnel.

In these ways, you can support safer information sharing and meet growing regulatory requirements with confidence.

Key Features in Version 8.0
  • New zLinux platform support: SUSE Linux Enterprise Server 10 (64-bit).
  • IBM AIX 7.1 (POWER) support.
  • Red Hat Enterprise Linux 6 support (x86 and x86-64).
  • Dedicated audit logs for all SFTP and SCP2 file transfers.
  • Meets DoD requirements for use of SHA-2 algorithms.
  • SFTP version 4 support.
  • UTF-8 character set support.

Technical Specifications

Secure Shell Access

  • Secure remote terminal connections
  • Secure remote command execution

Secure File Transfer

  • SCP and SFTP version 4 protocol support
  • SCP and SFTP special features:
    • Smart Copy (to eliminate redundant copying of identical source and target files)
    • File transfer resume after interrupted downloads
    • Recursive directory copying
    • Remote-to-remote transfers (SCP)
    • Automatic ASCII mode for specified file extension types (SFTP)
  • Support for High Performance Enabled (HPN) file transfer
  • chroot environment support
  • Unattended scheduled file transfers

Access Control

  • Assignable rights (allow or deny):
    • Terminal shell access
    • Exec requests
    • File transfer access
    • SFTP activities (browse, download, upload, delete, and rename)
  • Assignable to (subconfigurations):
    • Global
    • Groups
    • Users
    • Per client system (by IP address or domain name)
    • Tunneling
  • TCP port forwarding (local and remote)
  • FTP protocol
  • X11 protocol
  • Background and “one-shot” (single use) forwarding ports

Standards Support

  • Compliance with IETF Secsh Internet drafts and RFCs 4250–4254, 4256, 4462, 4345, and 4716
  • UTF-8 character support

Cryptographic Library Validation

  • FIPS 140-2 Level 1 (Certificate #1027)

Algorithms

  • Ciphers:
    • AES (128-, 192-, and 256-bit CTR)
    • AES (128-, 192-, and 256-bit CBC)
    • 3DES (3 56-bit key EDE)
    • Blowfish (128-bit)
    • CAST (128-bit)
    • Arcfour (128- and 256-bit)
  • MACs:
    • HMAC-MD5
    • HMAC-MD5-96
    • HMAC-SHA1
    • HMAC-SHA1-96
    • HMAC-SHA256
    • HMAC-SHA512
    • RIPEMD160
    • Meets DoD requirements for SHA-2
  • Key exchange:
    • Diffie-Hellman
    • GSS-API key exchange
    • RSA
    • DSA

Authentication

  • Server authentication:L
    • Public key (RSA and DSA)
    • PKI X.509 certificates
    • Kerberos (gssapi-keyex)
  • User authentication:
    • Password
    • Public key
      • RSA and DSA user keys
      • Key agent utility for private key management
      • Agent forwarding
      • Host name aliasing for host key storage
      • PKCS#11 smart card support on Solaris 10 SPARC platforms
    • Keyboard interactive:
      • PAM (Pluggable Authentication Module)
      • RSA SecurID
      • RADIUS
      • Keyboard-interactive password
    • PKI X.509 certificates
    • Kerberos (gssapi-with-mic)
  • Reflection PKI Services Manager:
    • Centralized configuration and management of PKI functions across multiple Reflection for Secure IT Windows servers, UNIX servers, and UNIX clients
    • Standalone service module supported on most platforms supported by Reflection for Secure IT Windows and UNIX servers
    • DoD PKI certified
    • FIPS 140-2 Level 1-validated for most supported platforms (Certificate #1048)
    • RFCs 2253, 2560, and 3280
    • X.509 certificates for server and client authentication (X.509 versions 1-3)
    • Version 2 X.509 CRL
    • OCSP revocation checks
    • HSPD-12 support
    • Support for LDAP and HTTP certificate and CRL repositories
    • Certificate extensions supported:
      • CDP
      • IDP
      • AIA
      • Policy constraints
      • Basic constraints
      • Name constraints
      • Extended key usage
    • Customizable configuration on per trust anchor basis
    • Fully customizable mapping of SSH user account names to certificates
    • SOCKS proxy support
    • PKI client command line utility for querying services availability and certificate validity
  • LDAP:
    • Directory-accessed user shell configurations
    • Support for mkhomedir PAM module for automatic creation of LDAP user home directory
  • Other:
    • Configurable pre-authenticated session limit

Accounting/Auditing

  • Logon events for all authentication methods
  • Detailed file transfer event capture, including uploads, downloads, and directory listings
  • Notification of exceeded maximum password attempts
  • HP-UX SAM auditing and security tool support
  • Sun Solaris Basic Security Module auditing support
  • Sun Solaris Least Privilege Model support
  • AIX System Resource Controller support
  • Dedicated audit log for all file transfers

Performance

  • High Performance Enabled (HPN) support leverages dynamic TCP windows for improved file transfer performance
  • Granular control of data compression levels enables performance calibration

Operating Systems

  • HP-UX 11i v2 (PA-RISC)
  • HP-UX 11i v2 (Itanium)
  • HP-UX 11i v3 (Itanium)
  • IBM AIX 5.3 (POWER)
  • IBM AIX 6.1 (POWER)
  • IBM AIX 7.1 (POWER)
  • Red Hat Enterprise Linux 5 (x86)*
  • Red Hat Enterprise Linux 5 (x86-64)*
  • Red Hat Enterprise Linux 6 (x86)*
  • Red Hat Enterprise Linux 6 (x86-64)*
  • Sun Solaris 9 (SPARC)*
  • Sun Solaris 10 (SPARC)*
  • Sun Solaris 10 (x86)*
  • Sun Solaris 10 (x86-64)*
  • SUSE Linux Enterprise Server 10 (x86)*
  • SUSE Linux Enterprise Server 10 (x86-64)*
  • SUSE Linux Enterprise Server 11 (x86)*
  • SUSE Linux Enterprise Server 11 (x86-64)*
  • zLinux: SUSE Linux Enterprise Server 10 (64-bit)*

Customizable installation directory available for Solaris and Linux platforms

System Requirements

  • Any system that meets the minimum requirements for the UNIX/Linux operating system
  • Network interface card
  • For all Itanium systems, the library libunwind is required (HP-UX, Red Hat Enterprise Linux, and SUSE Linux Enterprise Server)
  • IBM AIX 5.3 Maintenance Level 5300-5
  • Sun Solaris UltraSPARC CPU