Professional Documents
Culture Documents
Avp Hardening Guideline: Mediakind Internal User Guide 1 (9) David Blythman 1553-2020-02-20 E
Avp Hardening Guideline: Mediakind Internal User Guide 1 (9) David Blythman 1553-2020-02-20 E
2020-02-20 E
v9.41
Revision History:
Copyright
Disclaimer
The contents of this document are subject to revision without notice due to
continued progress in methodology, design and manufacturing. MediaKind
shall have no liability for any error or damage of any kind resulting from the
use of this document.
Trademarks
All trademarks mentioned herein are the property of their respective owners.
These are shown in the document Trademark Information.
MediaKind Internal
USER GUIDE 2 (9)
Prepared (Subject resp) No.
2020-02-20 E
Contents
1 Introduction .............................................................................................2
1.1 Scope ..........................................................................................2
1.2 Target group................................................................................3
1.3 Prerequisites ...............................................................................3
1.3.1 Documents ..................................................................................3
1.3.2 Tools............................................................................................3
1.3.3 Conditions ...................................................................................3
2 Hardening Guidelines .............................................................................3
2.1 General information about product hardening............................3
2.2 Hardening during product development (pre-hardening report) 4
2.2.1 Operating system hardening ......................................................5
2.3 Hardening during service delivery ..............................................6
2.3.1 Accept hardware configuration ...................................................6
2.4 Operating system hardening ......................................................7
2.5 Application software hardening ..................................................7
2.6 Operation & Maintenance ...........................................................7
2.6.1 System and software updates ....................................................7
2.6.2 System access control, authentication, authorization ................7
2.6.3 Intrusion Detection / Protection ..................................................7
2.7 Network and IP traffic related hardening ....................................8
2.7.1 Securing services........................................................................8
2.8 Logging .......................................................................................8
2.8.1 Logging configuration .................................................................8
2.8.2 Time synchronization ..................................................................8
2.9 Post-work ....................................................................................8
3 Terminology and Abbreviations ............................................................9
4 References ...............................................................................................9
1 Introduction
1.1 Scope
This user guide describes the hardening procedure of AVP. This includes:
2020-02-20 E
Local policy requirements for hardening are out of scope of this document.
1.3 Prerequisites
1.3.1 Documents
1.3.2 Tools
1.3.3 Conditions
2 Hardening Guidelines
An attack surface is any aspect of the product through which an attacker can
modify the operation of the product with malicious intent.
• Using the AVP as a gateway into the rest of the operation and
maintenance network or data networks.
MediaKind Internal
USER GUIDE 4 (9)
Prepared (Subject resp) No.
2020-02-20 E
o Unit upgrade.
2020-02-20 E
• Users ‘ftp’ and ‘nobody’ have been defined but have no login capability
and the password has been given an undecodable value.
• FPGA binaries
• Application packages
is assured by:
• Manifest files.
MediaKind Internal
USER GUIDE 6 (9)
Prepared (Subject resp) No.
2020-02-20 E
Software updates can only be installed via the AVP upgrade tool.
2.2.1.5 Logging
• Auto rotate is enabled on the host card. In addition to the current log
file the previous eight files are kept. When the current log file is
replaced the oldest log file is deleted from the system.
• All system log files can be fetched in a single zip file from the unit via
the GUI.
2020-02-20 E
All AVP system and software updates are performed using the upgrade utility.
This ensures the integrity of the system.
2020-02-20 E
The following user selectable security options are detailed in the Security
User Guide:
2.8 Logging
2.9 Post-work
• When the unit has rebooted check that there are no unexpected
alarms such as:
o Uncontrolled release
2020-02-20 E
4 References
[1] AVP Security User Guide v9.41