Audited items
This table lists the items that are audited by the Security Audit tool:
Item | Description |
---|---|
$HCIROOT/server/
hssecurity.ini: Security mode |
Advanced security mode ensures that the maximum amount of defensive support is enabled within Cloverleaf. Basic security does mitigate some risk through user security that is enforced by certificates, but it is not the recommended level of security. You should ensure strong business needs are driving running Cloverleaf on basic security. Turning off security mode makes the environment more vulnerable to being hacked. You must ensure that the maximum amount of defensive support is enabled within Cloverleaf by turning on advanced security mode. Basic security mitigates some risk through user security that is enforced by certificates, but it is not the recommended level of security. You must ensure extremely strong business needs are driving running Cloverleaf with No security mode enabled. |
$HCIROOT/server/
hssecurity.ini: Audit Server |
Turning off the Audit Server prevents oversight of activity on the system, which makes detection of a data breach and malicious behavior in general difficult to track. Ignorance of a data breach is not defense against liability for a data breach. You should strongly consider turning this feature back on. |
$HCIROOT\tclprocs |
The system is vulnerable to command injection when a command can manipulate the host operating system or the file system files. Command injection is an attack in which the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remedy is to discourage this functionality. If that is not possible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands have no opportunity to run. |
$HCISITE\ java_uccs |
The system is vulnerable to command injection when a command can manipulate the host operating system or the file system files. Command injection is an attack in which the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remedy is to discourage this functionality. If that is not possible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands have no opportunity to run. |
hciverify results |
The integrity of the system is maintained by ensuring all aspects of the system are secure. Hackers seek out the weakest points in a system. Not enabling runtime and library integrity checking means that a malicious alteration of those libraries go unnoticed longer. This risks a breach going unnoticed for a long period of time. |
Netconfig fileset-ftp/host |
The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on allowed hosts should be configured as soon as possible. |
Netconfig fileset-ftp/FTPS Secure Option TLSV1.1/1 + Any mode High risk |
TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information you send or get through this site. You should only support TLS v1.2 with full client authentication. |
Netconfig fileset-ftp/FTPS Secure Option TLSV1.2 + Client mode Medium risk |
When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information you send or get through this site. You should only support TLS v1.2 with full client authentication. |
Netconfig http-client/HTTPS TLSV1.1/1 + Any mode High risk |
TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information sent or received through this functionality. You should only support TLS v1.2 with full client authentication. |
Netconfig http-client/HTTPS TLSV1.2 + Client mode Medium risk |
When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information sent or received through this functionality. You should only support TLS v1.2 with full client authentication. |
Netconfig http-client/Proxy |
Proxy host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. |
Netconfig java/direct-retriever/POP3 retriever |
Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. |
Netconfig java/direct-retriever/SSL Socket Factory |
SSL Socket Factory does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig java/direct-sender/SMTP Sender |
Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. |
Netconfig java/direct-sender/ SSL Socket Factory |
SSL Socket Factory does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig java/ion-retriever/ION Retriever |
Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on allowed hosts should be configured as soon as possible. |
Netconfig java/ion-sender/SMTP Sender |
Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. |
Netconfig java/ws-client/Conduit |
Proxy server may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig java/ws-client/Soap Consumer |
Policy Generator/Use Transport Security is turned off. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig java/ws-rawclient/Conduit |
Proxy server may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig java/ws-server/Engine |
Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig java/ws-server/SoapProvider |
Policy Generator/Use Transport Security is turned off. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig mqs |
Server name may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. |
Netconfig pdl-tcpip |
This is a depreciated functionality. It is recommended to discontinue use as soon as possible. Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. SSL is turned off. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig tcpip TLSV1.1/1 + Any mode High risk |
TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information sent or received through this functionality. You should only support TLS v1.2 with full client authentication. |
Netconfig tcpip TLSV1.2 + Client mode Medium risk |
When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information sent or received through this functionality. You should only support TLS v1.2 with full client authentication. |
Netconfig tcpip |
Host may be at outside of user domain. The best defense against malicious behavior is to allowlist what is permissible. Without limiting the permitted hosts, connections outside of the domain to any public place are possible. Limitations on permitted hosts should be configured as soon as possible. SSL is turned off. This functionality does not support TLS v1.2. Prior versions of TLS have known vulnerabilities which could be exploited to intercept encrypted communication. Someone could see or change the information sent or received through this functionality. Do not use this functionality. |
Netconfig tcpip TLSV1.1/1 + Any mode High risk |
TLS v1.1 has known vulnerabilities which could be exploited to intercept encrypted communication. Without correct validation of the encryption cipher, you can spoof the chain of trust underlying the client's encryption token. Someone could see or change the information sent or received through this functionality. You should only support TLS v1.2 with full client authentication. |
Netconfig tcpip TLSV1.2 + Client mode Medium risk |
When a self-signed certificate is accepted, it lacks correct validation of the encryption cipher. It is difficult for the server to know definitively if the encryption cypher is legitimate. Someone could see or change the information sent or received through this functionality. You should only support TLS v1.2 with full client authentication. |
Site Preference SMAT/Data Encryption ((HIGH)) |
Encrypting data that contains sensitive information is an effective control against malicious alterations and inappropriate access. The SMAT database is known to contain sensitive information. Turning off this control increases the risk of a data breach. Enabling encryption has a small effect on the performance of the system. This should be enabled. |
Site Preference Error Database Encryption ((Medium)) |
Encrypting data that contains sensitive information is an effective control against malicious alterations and inappropriate access. Although the error database is unlikely to contain sensitive information, there is no guarantee that it never will. Turning off this control increases the risk of a data breach. Enabling encryption has a small effect on the performance of the system. This should be enabled. |
Site Preference Internal Database Encryption ((Medium)) |
Encrypting data that contains sensitive information is an effective control against malicious alterations and inappropriate access. Although the internal database is unlikely to contain sensitive information, there is no guarantee that it never will. Turning off this control increases the risk of a data breach. Enabling encryption has a small effect on the performance of the system. This should be enabled. |
$HCISITE tclprocs folder Tcl file |
Permitting a command to manipulate the host operating system or the file system files makes the system vulnerable to command injection. Command injection is an attack in which the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remediation is to not permit or encourage this functionality. If that is not feasible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands are not permitted. |
$HCISITE java_uccs Java class file |
Permitting a command to manipulate the host operating system or the file system files makes the system vulnerable to command injection. Command injection is an attack in which the goal is running malicious commands on the host operating system. In this attack, the attacker-supplied operating system commands are usually run with the privileges of the vulnerable application. The best remediation is to not permit or encourage this functionality. If that is not feasible, then you must validate all user-supplied input to ensure unintentional or malicious OS commands are not permitted. |
SSL cipher algorithm check For AES 64, 56, 28, and so on.
For SHA1 |
Although the Advanced Encryption Standard (AES) is trusted by the U.S. Government and numerous other organizations, using a 64-bit and lower key makes the cipher vulnerable to brute force attacks. A determined actor could crack the encryption in a reasonable time frame to make using 64-bit or lower keys a known vulnerability. It is recommended that only AES-128 is used.
SHA-1 is not secure and extremely vulnerable against attacks by a determined actor. Many organizations no longer accept SHA-1 SSL certificates. For example, Microsoft, Google, and Apple. It is highly recommended that you instead use a minimum of SHA-2. For example, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. |
CA root CA Root algorithm check |
Detects the CA certificate that uses the SHA-1 signature algorithm that is not recommended. SHA-1 is not secure and is extremely vulnerable against attacks by a determined actor. Many organizations no longer accept SHA-1 SSL certificates. For example, Microsoft, Google, and Apple. It is highly recommended that you instead use a minimum of SHA-2. For example, SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256. Upgrade the CA certificate using the Certificate Manager tool. |