Protogate Freeway® Security FeaturesUser’s Guide (SFUG)DC 908-3004AProtogate, Inc.12225 World Trade DriveSuite RSan Diego, CA92128USAWeb: www.protogat
Chapter 1. Scope1.1. IdentificationThis document describes the capabilities of a Protogate Freeway® which can be used to enhance security.1.2. System O
Chapter 2. Reference DocumentsA full list of Protogate documents is in the PrefaceSection of this document.Documents referenced by this Freeway Securi
Chapter 3. LogsThis chapter describes how to setup and use logging on a Freeway . Logging is useful to keep security high becauseit allows a system ad
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 3. Logs(generally once per day) by the cron daemon.Figure 3-2 shows lines which could
Chapter 4. FirewallThis chapter describes how to setup and use the firewall on a Freeway . The firewall can protect the Freeway fromunwanted connections
Chapter 5. AuditingThis chapter describes how to setup and use system-level event auditing on a Freeway. Auditing is useful to keepsecurity high becau
Chapter 5. Auditing Protogate Freeway Security Features User’s Guide (SFUG)echo "#" >> /etc/security/audit_userfi# Start the kernel-le
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 5. Auditingecho "# Added by /usr/local/freeway/boot.src/rc.startsra:" >&g
Chapter 6. Hardening a FreewayThis chapter shows how to use some of the capabilities of a Freeway to increase security. Many of the examples aretaken
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a Freeway6.2. Unnecessary ServicesOne of the simplest ways to enhance sec
Protogate Freeway® Security Features User’s Guide (SFUG): DC 908-3004Aby Protogate, Inc.Published October 2013Copyright © 2013 Protogate, Inc.This Fre
Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)cp -p /ro/etc/ssh/sshd_config /etc/ssh/# sample bannerecho "
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a FreewayFigure 6-5. Disabling SNMP# For security: prevent snmp from runn
Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)# For security:# Add "TraceEnable Off" line to Apache
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a Freeway6.8. Rotate Log FilesFigure 6-8 shows a method for rotating and
Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)echo "SHELL=/bin/sh" > /etc/crontabecho "PATH=
Protogate Freeway Security Features User’s Guide (SFUG) Chapter 6. Hardening a Freewayecho "# See the echo statements near the end of" >&
Chapter 6. Hardening a Freeway Protogate Freeway Security Features User’s Guide (SFUG)chmod 755 /usr/share/zoneinfotouch /usr/share/zoneinfo/posixrule
Chapter 7. NotesThis chapter contains general information to aid in understanding this document.Table 7-1. Acronym definitionsAcronym DefinitionICP Inte
Appendix A. Sample rc.startsra FileThis appendix shows a sample rc.startsra file which configures and enables several of the security-tighteningcapabili
Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra File# export TARGET2=192.168.1.2export NTP_SERVER=192.168.1.1ex
Table of ContentsPreface...
Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)cp -p /ro/etc/ssh/sshd_config /etc/ssh/# sample bannerecho
Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra Fileecho "ServerTokens Prod" >> /usr/local/etc/
Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)echo "*.*${LOG_DIR}/all.log" > /etc/syslog.con
Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra Fileecho "${LOG_DIR}/sraweb_all.log 644 31*@T05 WZ" &
Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)echo " ping -n -o -t 10 ${TARGET2} > /dev/null ; do
Protogate Freeway Security Features User’s Guide (SFUG) Appendix A. Sample rc.startsra Fileecho "host line already in audit file -- will not tamp
Appendix A. Sample rc.startsra File Protogate Freeway Security Features User’s Guide (SFUG)## echo " /usr/local/bin/zip -r /var/save/\${DATEDIR}.
IndexAAcronyms,27ICP (Intelligent Communications Processor)(see ICP)IP (Internet Protocol)(see IP)NTP (Network Time Protocol)(see NTP)SFUG (Security F
Protogate Freeway Security Features User’s Guide (SFUG)SSecure Shell(see SSH)Security Features User’s Guide(see SFUG)SFUG,27SNMP, 20SSAOD, 27SSH, 19,
Customer Report FormCustomer Report FormWe at Protogate are constantly striving to improve our products. If you have any suggestions or problems you w
List of Tables1. Revision History ...
PrefacePurpose of DocumentThis Freeway® Security Features User’s Guide (SFUG) document identifies the capabilities of a Freeway which canbe used to enh
Preface Protogate Freeway Security Features User’s Guide (SFUG)Appendix Aincludes a sample rc.startsra file, to show how to configure and enable many of
Protogate Freeway Security Features User’s Guide (SFUG) PrefaceICP2432 Hardware Description and Theory of Operation DC-900-1501ICP2432 Electrical Inte
Preface Protogate Freeway Security Features User’s Guide (SFUG)OS/Impact Programmer Guide DC-900-1030Freeway OS/Protogate Programmer’s Guide DC-900-20
Protogate Freeway Security Features User’s Guide (SFUG) PrefaceCustomer SupportIf you are having trouble with any Protogate product, call us at 1-858-
Comments to this Manuals