Many network intruders begin an attack by scanning the target network. Detection of such a scan offers one indication that an attack is about to begin. Appliance software attempts to detect such scans by monitoring access to ports that are not active on the appliance system, but are typically exploited by hackers (for example, FTP, POP3, IMAP). Upon detection, the appliance automatically adds the source IP address of the potential attacker to the firewall rule-set and blocks all future packets that appear to originate from that address. This functionality is implemented using the Port Sentry tool (for details, see http://sourceforge.net/projects/sentrytools).
• |
Appliances have a minimal version of the 64-bit SUSE Linux® Enterprise Server (SLES) 11 operating system preinstalled. |
• |
Many tools and packages that represent common vulnerabilities are stripped out of the distribution. For example, server instances of Telnet, FTP server, rlogin, NFS, Samba, and lpr are not installed on the appliance. |
• |
• |
ping — The appliance’s Console Program uses the ping utility to verify network access during the appliance setup process. The Console Program requires a user account distinct from the browser interface user account. For more information, see User authentication on appliances . |
• |
traceroute — The traceroute utility is used only as an option in the alerting system; users can specify to traceroute to a particular IP address if an alert is triggered. There is no other access to the traceroute utility other than through the alerting system. |
• |
All standard Linux® user accounts available on the appliance (such as, shutdown, halt, and mailnull) have no login shell that allows an attacker to enter shell commands. For more information, see User authentication on appliances . |
Appliances use Apache Tomcat to facilitate communication between the software components on the appliances, primarily between the Management Server and the Archiver. Communications between software components are encrypted, with the exception of Sniffer to Archiver data transfer. Appliances require SSL and client authentication for any request received from an external source (external to the appliance). For more information, see Secure data transfer between software components.
Access to appliances is restricted and secured in the following ways:
© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center