Security

  • Anti-Virus Whitelist Process

    Submit a ticket Scan your file at http://virusscan.jotti.org/en. If it is more than ClamAV, it is your responsibility to remediate. If only ClamAV has a finding, you can request a whitelist Submit the file to site admins (via ticket, email or other delivery) Site admin will scans your file. If it...
  • Certificates

    CONS3RT sites supporting government users (e.g HmC) requires the use of PKI certificate credentials for authentication. These can include: DoD Common Access Card (CAC) External Certificate Authority (ECA) (https://public.cyber.mil/eca/) DoD External and Federal PKI Interoperability approved orga...
  • CVE-2020-0601 Curveball Vulnerability Guidance

    Immediate Action Required 1/22/2020 Microsoft has released a security update to fix "a broad cryptographic vulnerability" impacting the Windows operating system. The bug was discovered and reported by the US National Security Agency (NSA) THE CVE-2020-0601 BUG The vulnerability, (also known ...
  • Firewall Default Configuration

    The default firewall configuration of a machine in a deployment run is set as follows: Linux inbound ports allowed on the cons3rt-net 22 TCP 5902 TCP ICMP Windows inbound ports allowed on the cons3rt-net 3389 TCP/UDP 5902 TCP All other incoming traffic on the cons3rt-net is either blocked or rej...
  • IATT-like Connectivity

    IATT-like Connectivity By default, teams can not access systems inside of HmC from an external source other than through the HmC portal. This is by design and part of the security accreditation. However, for organization with short term test and evaluation needs, there is an Interim Authority ...
  • Password Complexity Rules

    Complexity Rules: Password must be more than 14 and fewer than 121 characters in length Password can not be the same as, nor contain, the user name Password must contain at least two uppercase letters Password must contain at least two lowercase letters Password must contain at least two numbers...