Hardening

A key element in an organization's security posture is the security provided in the network infrastructure - the routers, switches, access points, remote access servers, etc. These products can be exploited by malevolent users, and compromised systems can serve as hosts for network attacks.

Network device hardening is thus provided to ensure device security, as follows:

Security by default design

This includes allowing only needed default options, with other options remaining off by default; using only secure, default implementations; forcing password changes, aging, and lockouts; securing the storage of sensitive data (passwords, keys, logs); providing no hidden accounts or backdoors; forcing SNMP public community string changes; defaulting to a secure state during failure, power-down, boot-up, rollover, upgrades; and depending on a reliable and secure time source.

DoS

Ensuring that platforms are not susceptible to spoofing attacks through detailed testing; having an active DoS response mechanism; secure logging of DoS attempts; using pseudo-random number generation for TCP sequencing.

Security vulnerability management

Ensuring that platforms are verified not to be vulnerable to exploitation; using only qualified and validated third-party vendors / products; being proactive with reported bugs and protocol weaknesses; having systems to respond, notify, fix and distribute fixes, patches and workarounds.

Secure development process

This is the way our team designs and tests for security strengths and weaknesses; doing regular and detailed code reviews; using a secure software build process; hiring cleared personnel.

Code and configuration integrity

Helping to ensure the integrity of the configuration files, binary files and firmware; authenticating the embedded application software with code signing certificates.