Standard Information Assurance
The ASTi Server is built around Red Hat® Enterprise Linux®, providing a communications solution that runs on a fully National Information Assurance Partnership (NIAP) validated operating system. NIAP is a U.S. Government initiative created to meet the security testing needs of both information technology (IT) consumers and producers.
To the end user this means that the entire product suite runs on an NIAP approved operating system. Couple this with ASTi's IA Maintenance option and you have an NIAP approved OS that eliminates all High and Medium severity issues1 while locking down the platform in a known working configuration and adhering to the most current security requirements.
Applicable Product Lines:
- Telestra Studio & Studio VM
- Telestra Target
- Red Hat® Enterprise Linux®
- Minimal OS Footprint
- Only essential OS elements are included, for example the server platform does not include a desktop environment since it is unnecessary, this aids in eliminating functions or features that increase security risk.
- User ID and Password Authentication
- This includes the ability to assign unique user ID and passwords to individual accounts.
- Secure Remote Access
- Access is restricted to essential configuration and management elements required for operation.
- All remote access is provided through secure means and the plain text remote access capabilities were removed.
- Due to embedded nature of the platform, remote access cannot be completely removed.
- Security Enhanced LinuxTM (SELinux) provides support for MLS (Multi-Level Security) policies.
- Faster MLS switching through use of iSCSI or Diskless network boot
- Diskless and iSCSI support offers:
- Erasure of clients after powering off
- Central model management
- Time-saving solution (site visits, hard disk drive swapping, etc.)
- Tracks activities and modifications to the entire system, including file system operations, process system calls, user actions such as password changes, account additions/deletions/modification, use of authentication services, and configuration changes (such as time changes).
- Minimize Open Network Ports
- All unnecessary network ports not vital to server operation are closed.
- BIOS Password Protection
- BIOS protection includes security features that restrict access to the BIOS Setup program and restrict who can boot the computer.
- Set a supervisor password and user password for the BIOS setup program and booting the computer.
- Removable Drive
- Standard configuration of each platform provides the ability to remove and secure non-volatile media.
- Diskless operation options also available.