How is the AppGate Server hardened?

The hardening of the AppGate Server disables all non-essential network services and daemons normally started by the OS. The operating system's nsswitch.conf file is configured to only depend on local files except for hostname resolution, which is set up to use DNS (if available) in addition to local files.

It sets some options to strengthen certain TCP/IP behavior of the OS. For example generation of strong TCP initial sequence numbers (RFC 1948). It also disables the machine's ability to act as a router, makes sure it does not respond to echo broadcasts and ignore IP redirects.

Furthermore, a low level firewalling system is installed to protect the higher levels OS network stack and processes.

 

Updated 2008-11-03 11:57 Copyright © 2002-2008 AppGate Network Security AB. All rights reserved.
Legal notice 		Contact AppGate Network Security
Comments to the webmaster