Protogate Freeway 3112 User's Guide

Protogate Freeway® Security FeaturesUser’s Guide (SFUG)DC 908-3004AProtogate, Inc.12225 World Trade DriveSuite RSan Diego, CA92128USAWeb: www.protogat

Chapter 1. Scope1.1. IdentificationThis document describes the capabilities of a Protogate Freeway® which can be used to enhance security.1.2. System O

Chapter 2. Reference DocumentsA full list of Protogate documents is in the PrefaceSection of this document.Documents referenced by this Freeway Securi

Chapter 3. LogsThis chapter describes how to setup and use logging on a Freeway . Logging is useful to keep security high becauseit allows a system ad

Protogate Freeway Security Features User’s Guide (SFUG) Chapter 3. Logs(generally once per day) by the cron daemon.Figure 3-2 shows lines which could

Chapter 4. FirewallThis chapter describes how to setup and use the firewall on a Freeway . The firewall can protect the Freeway fromunwanted connections

Chapter 5. AuditingThis chapter describes how to setup and use system-level event auditing on a Freeway. Auditing is useful to keepsecurity high becau

Chapter 5. Auditing Protogate Freeway Security Features User’s Guide (SFUG)echo "#" >> /etc/security/audit_userfi# Start the kernel-le

Protogate Freeway Security Features User’s Guide (SFUG) Chapter 5. Auditingecho "# Added by /usr/local/freeway/boot.src/rc.startsra:" >&g

Chapter 6. Hardening a FreewayThis chapter shows how to use some of the capabilities of a Freeway to increase security. Many of the examples aretaken

Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a Freeway6.2. Unnecessary ServicesOne of the simplest ways to enhance sec

Protogate Freeway® Security Features User’s Guide (SFUG): DC 908-3004Aby Protogate, Inc.Published October 2013Copyright © 2013 Protogate, Inc.This Fre

Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)cp -p /ro/etc/ssh/sshd_config /etc/ssh/# sample bannerecho "

Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a FreewayFigure 6-5. Disabling SNMP# For security: prevent snmp from runn

Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)# For security:# Add "TraceEnable Off" line to Apache

Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a Freeway6.8. Rotate Log FilesFigure 6-8 shows a method for rotating and

Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)echo "SHELL=/bin/sh" > /etc/crontabecho "PATH=

Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a Freewayecho "# See the echo statements near the end of" >&

Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)chmod 755 /usr/share/zoneinfotouch /usr/share/zoneinfo/posixrule

Chapter 7. NotesThis chapter contains general information to aid in understanding this document.Table 7-1. Acronym definitionsAcronym DefinitionICP Inte

Appendix A. Sample rc.startsra FileThis appendix shows a sample rc.startsra file which configures and enables several of the security-tighteningcapabili

Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra File# export TARGET2=192.168.1.2export NTP_SERVER=192.168.1.1ex

Table of ContentsPreface...

Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)cp -p /ro/etc/ssh/sshd_config /etc/ssh/# sample bannerecho

Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra Fileecho "ServerTokens Prod" >> /usr/local/etc/

Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)echo "*.*${LOG_DIR}/all.log" > /etc/syslog.con

Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra Fileecho "${LOG_DIR}/sraweb_all.log 644 31*@T05 WZ" &

Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)echo " ping -n -o -t 10 ${TARGET2} > /dev/null ; do

Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra Fileecho "host line already in audit file -- will not tamp

Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)## echo " /usr/local/bin/zip -r /var/save/\${DATEDIR}.

IndexAAcronyms,27ICP (Intelligent Communications Processor)(see ICP)IP (Internet Protocol)(see IP)NTP (Network Time Protocol)(see NTP)SFUG (Security F

Protogate Freeway Security Features User’s Guide (SFUG)SSecure Shell(see SSH)Security Features User’s Guide(see SFUG)SFUG,27SNMP, 20SSAOD, 27SSH, 19,

Customer Report FormCustomer Report FormWe at Protogate are constantly striving to improve our products. If you have any suggestions or problems you w

List of Tables1. Revision History ...

PrefacePurpose of DocumentThis Freeway® Security Features User’s Guide (SFUG) document identifies the capabilities of a Freeway which canbe used to enh

Preface Protogate Freeway Security Features User’s Guide (SFUG)Appendix Aincludes a sample rc.startsra file, to show how to configure and enable many of

Protogate Freeway Security Features User’s Guide (SFUG) PrefaceICP2432 Hardware Description and Theory of Operation DC-900-1501ICP2432 Electrical Inte

Preface Protogate Freeway Security Features User’s Guide (SFUG)OS/Impact Programmer Guide DC-900-1030Freeway OS/Protogate Programmer’s Guide DC-900-20

Protogate Freeway Security Features User’s Guide (SFUG) PrefaceCustomer SupportIf you are having trouble with any Protogate product, call us at 1-858-