Prevention of DOS Attacks

The following list shows measures implemented in VOSS Automate to protect the system against Denial of Service (DOS) attacks:

• Firewall protection:

  • TCP flood protection against:

    • the SSH port

    • web server ports

  • SYN flood protection

• Configurable session limits for the VOSS Automate platform SSH access is Sessions per user and Sessions per application. An administrator can set and modify the number of SSH sessions allowed:

  • system-wide (default is 10 if not set)

  • for a user (default is 10 if not set)

See SSH Session Limit for detailed information.

• The usage of ports, protocols, and services are registered with the DoD PPS Database

• An automated, continuous on-line monitoring of the system is implemented, with:

  • Audit trail creation capability in a format that a log viewing application can immediately alert personnel of any unusual or inappropriate activity with potential Information Assurance (IA) implications.

  • A command line command that a user can automatically disable the system if serious IA violations are detected.

• Applications are monitored and notifications sent when resource conditions reach a predefined threshold indicating there may be attack occurring, for example through SNMP traps and triggers.

• High disk utilization is managed due to error notifications. For log files, disk utilization is managed by:

  • daily log rotation

  • 4 weeks of backlogs

  • the creation of new (empty) log files after rotating old ones

  • log file compression

  • a logging restriction of 20 messages per minute

• A continuous cycle of updating packages during releases is in place with notifications during updates. Commands to carry out a security check or update can be run at any time.