HP ArcSight Appliance Hardening Guidelines

HP ArcSight Appliance Hardening Guidelines

Title:                      HP ArcSight Appliance Hardening Guidelines

Document ID:        KM00285646

Product - Version: arcsight express appliance

What are HP's  ArcSight Appliance hardening guidelines?
Solution:
ArcSight Appliance Hardening Guidelines (effective October 2012)
ArcSight ships and supports all of its appliance-based products with a minimal ‘footprint’. This is a key design goal. In other words, there is no software pre-installed on the appliance which is not critical delivering the core functionality of the product.
Additionally, there are no unnecessary external software components installed on the appliances. The appliances are protected further by restricting root access to authorized ArcSight support personnel as needed. NMAP port scan Nessus and other commercial vulnerability scan Cross Site Scripting (XSS) scans Anti-virus scan for all files Fortify Static Code Analyzer third-party software, or tampering with system files is not permitted. Enabling or disabling services is not encouraged, however, w may be necessary from time to time during the troubleshooting process. Customers should take great care when using this feature, at the guidance of ArcSight Customer Support.
As part of our regular Quality Assurance cycle, for every major release, ArcSight takes the utmost of security measures in ensuring that our code is as secure as possible before it’s released to customers. This includes antivirus, antimalware scans, vulnerability scans from multiple commercial and open source vulnerability scanners, MD hashes and the like. We also heavily leverage the US Federal Government STIGs in our own environment, prioritize, and address found issues in our regular release and patch cycles. We also leverage the products of a fellow HP Enterprise Security product, Fortify, and have incorporated the use of this product in all major ArcSight releases, across all product lines. Fortify’s product is designed to ensure that source code is designed and written in a way that prevents application security vulnerabilities. The specific Fortify product which we have incorporated into our release cycle is "Static Code Analyzer" (SCA), and we leverage the latest version. All of our appliance variant products are on hardened OS’s with all unnecessary ports and services disabled by default. Any detected security vulnerabilities that are uncovered during this testing are addressed before release with the highest priority. Examples of the security measures taken are:
NMAP port scan
Nessus and other commercial vulnerability scan
Cross Site Scripting (XSS) scans
Anti-virus scan for all files
Fortify Static Code Analyzer
Specific ArcSight appliance-based products, including Logger, Connector Appliance, ArcSight Express, and NSP, contain embedded firewalls to protect against DOS and DDOS and other external attacks.
The NSP family of products only accepts inbound traffic from Port 22 (SSH) or Port 443 (SSL).
All unnecessary services are disabled by default on all appliances. As an example, SSH and Telnet are disabled by default on Logger and Connector Appliance.
When working with ArcSight Customer Support, temporary root access can be enabled at customers’ request, via a feature called ArcSight Support Login. This is intended solely for the purpose of troubleshooting issues should the need arise.
Installing 3rd party software, or tampering with system files is not permitted. Enabling or disabling services is not encouraged, however, we recognize that such practice may be necessary from time to time during the troubleshooting process. Customers should take great care when using this feature, at the guidance of ArcSight Customer Support.

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2015-09-16 22:35
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.