HP ArcSight Appliance Hardening Guidelines
Title: HP ArcSight Appliance Hardening Guidelines
Document ID: KM00285646
Product - Version: arcsight express appliance
What are HP's ArcSight Appliance hardening guidelines?
ArcSight Appliance Hardening Guidelines (effective October 2012)
ArcSight ships and supports all of its appliance-based products with a minimal ‘footprint’. This is a key design goal. In other words, there is no software pre-installed on the appliance which is not critical delivering the core functionality of the product.
Additionally, there are no unnecessary external software components installed on the appliances. The appliances are protected further by restricting root access to authorized ArcSight support personnel as needed. NMAP port scan Nessus and other commercial vulnerability scan Cross Site Scripting (XSS) scans Anti-virus scan for all files Fortify Static Code Analyzer third-party software, or tampering with system files is not permitted. Enabling or disabling services is not encouraged, however, w may be necessary from time to time during the troubleshooting process. Customers should take great care when using this feature, at the guidance of ArcSight Customer Support.
As part of our regular Quality Assurance cycle, for every major release, ArcSight takes the utmost of security measures in ensuring that our code is as secure as possible before it’s released to customers. This includes antivirus, antimalware scans, vulnerability scans from multiple commercial and open source vulnerability scanners, MD hashes and the like. We also heavily leverage the US Federal Government STIGs in our own environment, prioritize, and address found issues in our regular release and patch cycles. We also leverage the products of a fellow HP Enterprise Security product, Fortify, and have incorporated the use of this product in all major ArcSight releases, across all product lines. Fortify’s product is designed to ensure that source code is designed and written in a way that prevents application security vulnerabilities. The specific Fortify product which we have incorporated into our release cycle is "Static Code Analyzer" (SCA), and we leverage the latest version. All of our appliance variant products are on hardened OS’s with all unnecessary ports and services disabled by default. Any detected security vulnerabilities that are uncovered during this testing are addressed before release with the highest priority. Examples of the security measures taken are:
NMAP port scanNessus and other commercial vulnerability scanCross Site Scripting (XSS) scansAnti-virus scan for all filesFortify Static Code Analyzer
Specific ArcSight appliance-based products, including Logger, Connector Appliance, ArcSight Express, and NSP, contain embedded firewalls to protect against DOS and DDOS and other external attacks.
The NSP family of products only accepts inbound traffic from Port 22 (SSH) or Port 443 (SSL).
All unnecessary services are disabled by default on all appliances. As an example, SSH and Telnet are disabled by default on Logger and Connector Appliance.
When working with ArcSight Customer Support, temporary root access can be enabled at customers’ request, via a feature called ArcSight Support Login. This is intended solely for the purpose of troubleshooting issues should the need arise.
Installing 3rd party software, or tampering with system files is not permitted. Enabling or disabling services is not encouraged, however, we recognize that such practice may be necessary from time to time during the troubleshooting process. Customers should take great care when using this feature, at the guidance of ArcSight Customer Support.