Prevention of DOS Attacks¶
The following list shows measures implemented in VOSS Automate to protect the system against Denial of Service (DOS) attacks:
Firewall protection:
TCP flood protection against:
the SSH port
web server ports
SYN flood protection
Configurable session limits for the VOSS Automate platform SSH access is Sessions per user and Sessions per application. An administrator can set and modify the number of SSH sessions allowed:
system-wide (default is 10 if not set)
for a user (default is 10 if not set)
See SSH Session Limit for detailed information.
The usage of ports, protocols, and services are registered with the DoD PPS Database
An automated, continuous on-line monitoring of the system is implemented, with:
Audit trail creation capability in a format that a log viewing application can immediately alert personnel of any unusual or inappropriate activity with potential Information Assurance (IA) implications.
A command line command that a user can automatically disable the system if serious IA violations are detected.
Applications are monitored and notifications sent when resource conditions reach a predefined threshold indicating there may be attack occurring, for example through SNMP traps and triggers.
High disk utilization is managed due to error notifications. For log files, disk utilization is managed by:
daily log rotation
4 weeks of backlogs
the creation of new (empty) log files after rotating old ones
log file compression
a logging restriction of 20 messages per minute
A continuous cycle of updating packages during releases is in place with notifications during updates. Commands to carry out a security check or update can be run at any time.