Network SecurityProteus is a purpose built carrier-class appliance based on a proven firewall grade OS with built in protection against zero-day exploits. Proteus’ modular multi-core architecture enables organizations to greatly extend the reliability of their networks by hosting the Proteus configuration database on a storage area network or at a remote location. With Proteus’ one-to-many failover capabilities, there is no single point of failure. If any DNS or DHCP server fails on the global network, Proteus can seamlessly re-route critical traffic to an alternate server to ensure business continuity. Hardened Linux OS Kernel BlueCat Networks engineers selected a stripped-down, firewall-grade Linux operating system kernel based on the premise that a smaller and mature set of modules would pose a smaller security threat. Starting with a base level installation with non-essential services removed, the Linux kernel was compiled with a limited set of features and modules. They avoided using loadable kernel modules and compiled everything into the kernel, which helps ensure that rogue kernel modules cannot be easily inserted by a potential attacker. Firewall and IP stack hardening were added to the kernel for additional security and increased performance. Network service daemons were removed, and the BIND and remote control daemons were started via control scripts instead of the initial connection via the “inet” daemon. This allows complete control over what services are running, and when services can be started. Adonis includes proper log rotation and proper capture of system events to avoid problems that plague many system administrators. A log rotation system constantly examines the state of the logs to prevent attacks that force out-of-control system logging. The appliance’s logs and kernel images are kept in separate partitions to reduce the effect of potential data corruption to a single file system.
|
