Audited items

This table lists the items that are audited by the Security Audit tool:

Item Description
$HCIROOT/server/ hssecurity.ini:

Security mode

Advanced security mode ensures that the maximum amount of defensive support is enabled within Cloverleaf. Basic security does mitigate some risk through user security that is enforced by certificates, but it is not the recommended level of security. You should ensure strong business needs are driving running Cloverleaf on basic security.

Turning off security mode makes the environment more vulnerable to being hacked. You must ensure that the maximum amount of defensive support is enabled within Cloverleaf by turning on advanced security mode.

Basic security mitigates some risk through user security that is enforced by certificates, but it is not the recommended level of security. You must ensure extremely strong business needs are driving running Cloverleaf with No security mode enabled.

$HCIROOT/server/ hssecurity.ini:

Audit Server

Turning off the Audit Server prevents oversight of activity on the system, which makes detection of a data breach and malicious behavior in general difficult to track. Ignorance of a data breach is not defense against liability for a data breach. You should strongly consider turning this feature back on.

$HCIROOT\tclprocs

The system is vulnerable to command injection when a command can manipulate the host operating system or the file system files. Command injection is an attack in which the goal is running malicious commands on the host operating system.

In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application.

The best remedy is to discourage this functionality. If that is not possible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands have no opportunity to run.

$HCISITE\ java_uccs

The system is vulnerable to command injection when a command can manipulate the host operating system or the file system files. Command injection is an attack in which the goal is running malicious commands on the host operating system.

In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application.

The best remedy is to discourage this functionality. If that is not possible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands have no opportunity to run.

hciverify results

The integrity of the system is maintained by ensuring all aspects of the system are secure. Hackers seek out the weakest points in a system. Not enabling runtime and library integrity checking means that a malicious alteration of those libraries go unnoticed longer. This risks a breach going unnoticed for a long period of time.

Netconfig

fileset-ftp/host

The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on allowed hosts should be configured as soon as possible.

Netconfig

fileset-ftp/FTPS Secure Option

TLSV1.1/1 + Any mode

High risk

TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information you send or get through this site.

You should only support TLS v1.2 with full client authentication.

Netconfig

fileset-ftp/FTPS Secure Option

TLSV1.2 + Client mode

Medium risk

When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information you send or get through this site.

You should only support TLS v1.2 with full client authentication.

Netconfig

http-client/HTTPS

TLSV1.1/1 + Any mode

High risk

TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information sent or received through this functionality.

You should only support TLS v1.2 with full client authentication.

Netconfig

http-client/HTTPS

TLSV1.2 + Client mode

Medium risk

When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information sent or received through this functionality.

You should only support TLS v1.2 with full client authentication.

Netconfig

http-client/Proxy

Proxy host may be at outside of user domain.

The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible.

Netconfig

java/direct-retriever/POP3 retriever

Host may be at outside of user domain.

The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

Netconfig

java/direct-retriever/SSL Socket Factory

SSL Socket Factory does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

java/direct-sender/SMTP Sender

Host may be at outside of user domain.

The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible.

Netconfig

java/direct-sender/ SSL Socket Factory

SSL Socket Factory does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

java/ion-retriever/ION Retriever

Host may be at outside of user domain.

The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on allowed hosts should be configured as soon as possible.

Netconfig

java/ion-sender/SMTP Sender

Host may be at outside of user domain.

The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible.

Netconfig

java/ws-client/Conduit

Proxy server may be at outside of user domain.

The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

java/ws-client/Soap Consumer

Policy Generator/Use Transport Security is turned off. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

java/ws-rawclient/Conduit

Proxy server may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

java/ws-server/Engine

Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

java/ws-server/SoapProvider

Policy Generator/Use Transport Security is turned off.

This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

mqs

Server name may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

Netconfig

pdl-tcpip

This is a depreciated functionality. It is recommended to discontinue use as soon as possible.

Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

SSL is turned off. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

tcpip

TLSV1.1/1 + Any mode

High risk

TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information sent or received through this functionality.

You should only support TLS v1.2 with full client authentication.

Netconfig

tcpip

TLSV1.2 + Client mode

Medium risk

When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information sent or received through this functionality.

You should only support TLS v1.2 with full client authentication.

Netconfig

tcpip

Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible.

Limitations on permitted hosts should be configured as soon as possible.

SSL is turned off. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality.

Do not use this functionality.

Netconfig

tcpip

TLSV1.1/1 + Any mode

High risk

TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information sent or received through this functionality.

You should only support TLS v1.2 with full client authentication.

Netconfig

tcpip

TLSV1.2 + Client mode

Medium risk

When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information sent or received through this functionality.

You should only support TLS v1.2 with full client authentication.

Site Preference

SMAT/Data Encryption ((HIGH))

Encrypting data that contains sensitive information is an effective control against malicious alterations and inappropriate access. The SMAT database is known to contain sensitive information. Turning off this control increases the risk of a data breach.

Enabling encryption has a small effect on the performance of the system. This should be enabled.

Site Preference

Error Database Encryption ((Medium))

Encrypting data that contains sensitive information is an effective control against malicious alterations and inappropriate access. Although the error database is unlikely to contain sensitive information, there is no guarantee that it never will. Turning off this control increases the risk of a data breach. Enabling encryption has a small effect on the performance of the system. This should be enabled.

Site Preference

Internal Database Encryption ((Medium))

Encrypting data that contains sensitive information is an effective control against malicious alterations and inappropriate access. Although the internal database is unlikely to contain sensitive information, there is no guarantee that it never will. Turning off this control increases the risk of a data breach.

Enabling encryption has a small effect on the performance of the system. This should be enabled.

$HCISITE

tclprocs folder

Tcl file

Permitting a command to manipulate the host operating system or the file system files makes the system vulnerable to command injection. Command injection is an attack in which the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remediation is to not permit or encourage this functionality.

If that is not feasible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands are not permitted.

$HCISITE

java_uccs

Java class file

Permitting a command to manipulate the host operating system or the file system files makes the system vulnerable to command injection. Command injection is an attack in which the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remediation is to not permit or encourage this functionality. If that is not feasible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands are not permitted.

SSL cipher algorithm check

For AES 64, 56, 28, and so on.

For SHA1

Although the Advanced Encryption Standard (AES) is trusted by the U.S. Government and numerous other organizations, using a 64-bit and lower key makes the cipher vulnerable to brute force attacks. A determined actor could crack the encryption in a reasonable time frame to make using 64-bit or lower keys a known vulnerability.

It is recommended that only AES-128 is used.

SHA-1 is not secure and extremely vulnerable against attacks by a determined actor. Many organizations no longer accept SHA-1 SSL certificates. For example, Microsoft, Google, and Apple.

It is highly recommended that you instead use a minimum of SHA-2.

For example, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.

CA root CA Root algorithm check

Detects the CA certificate that uses the SHA-1 signature algorithm that is not recommended.

SHA-1 is not secure and is extremely vulnerable against attacks by a determined actor. Many organizations no longer accept SHA-1 SSL certificates. For example, Microsoft, Google, and Apple. It is highly recommended that you instead use a minimum of SHA-2.

For example, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256.

Upgrade the CA certificate using the Certificate Manager tool.