1) We use a custom build of Linux instead of a pre-built common distribution. This effectively eliminates the functionality of most 'root kits' available today.
2) Every package is verified and built in-house on a secured build machine.
3) Package management is handled by in-house software.
4) Only software necessary for performing the actions and functions of the Gateway are installed on the system limiting the number of tools a would be attacker can abuse.
5) No common external access utilities exist on the system. (ie: wget httpclient, ftp client, ncftp, lynx ...) Generally exploits use these types of tools to move additional software onto target machines.
1) The 'root' user login is disabled by default.
2) The 'admin' user is the only user that can connect via ssh.
3) All system accounts use 'shadow' password tools.
4) system accounts lockout for period of time after 5 consecutive bad login attempts.
5) 'Console', 'Admin', 'Service', and 'Client' only exist in the system database. Then do not exist as Kernel system users.
Services / Ports / firewall
(displayed in ruleset order)
1) All ports/services/addresses are denied by default at the firewall
2) IP spoof detection in use.
3) Syn packet filtering turned on.
4) UDP / ICMP filtering
5) Internal IP address blacklist is applied.
6) ports 80 (http) and 443 (https) are allowed (in/out)
7) port 25 (smtp) is allow (outgoing only)
8) Port 22 (SSH) is allowed
9) everything else is explicitly denice (again)
Software / Applications
1) Outgoing smtp mail is handled by custom build mail application. (sendmail is NOT installed)
2) SUMO file scanning is performed at regular intervals on the system to detect possible compromised files.
3) Web interface and Gateway service processes run unprivileged.
4) Internal database server runs with network support disabled.
5) Management web interface operates over authenticated ssl only (https port 443).
Management Gateway services
1) Connections to the Management Gateway from remote clients and the core are passed over ssl encrypted connections on port 443. The ssl sessions are signed by a special LANDesk signed certificate. If this certificate is modified in any way, the Gateway service will shut down.
2) Gateway client connections providing improper authentication or inappropriate syntax or public key data are dropped.
3) Five (configurable) invalid authentication from clients will lockout the client for a pre-determined amount of time (also configurable).
4) Once the connection between a core and a client is established, the handshake and data encryption keys are left to the core. No un-encryption is performed by the Gateway Service. This eliminates the possibility of a 'man in the middle' attack at the gateway.
5) All incoming connections (except ssh) are handled by the Gateway service, including web services. Apache or IIS servers are not used or installed.