Views:

DDEI uses customized Linux kernel and remove unnecessary tools/software/command to secure the environment.

  • QA security testing
    • CSRF/XSS/Command injection/RBAC/Audit Log
  • Web & System vulnerability scan by InfoSec team
    • All high risky issues have been fixed.
  • Source code static scan by Fortify
    • Static code scan by Coverity and Fortify to discover both security and software bugs
  • Black Duck scan for known CVEs and security bugs
    • Every known CVEs or security bugs are carefully reviewed and their impacts to the system and applications are fully assessed
  • PIE/SSP compliant scan
    • PIE compliant ratio: 100%
    • SSP compliant ratio: 100%

DDEI provides token based SSH login to ensure that root account can only be accessed by authorized user.

According to Trend Micro security policy, when DDEI receives a CVE or ZDI vulnerability report, DDEI will do CVSS evaluation. If the vulnerability has impacted DDEI, DDEI will release a critical patch or resolve it in next major release.

DDEI grants access to the management console by user accounts. The built-in administrator account can create both local account and account from AD if integrated with AD. To access the management console, each user account requires a logon password.

The management console accepts passwords that contain the following:

  • 8 to 32 characters
  • At least one upper case letter: A to Z
  • At least one lower case letteR: a to z
  • At least one number: 0 to 9
  • At least one special character: ~!`@#$%^&*()/_+=[] {}-\|<>',.?:;"

Observe the following guidelines for creating a strong password:

  • Avoid words found in the dictionary.
  • Intentionally misspell words.
  • Use phrases or combine words.
  • Use both uppercase and lowercase letters.
  • Account Role

Trend Micro recommends each customer to change the default administrator’s password.

DDEI has three kinds of account roles: Administrator, Investigator and Operator.

The Administrator has complete access to the features and settings contained in the menu items.

  • Dashboard
  • Detections
  • Policies
  • Alerts / Reports
  • Logs
  • Administration
  • Help

The Investigator can view certain features and settings contained in the menu items, but cannot make any administrative modifications.

  • Dashboard
  • Detections
  • Alerts / Reports > Reports > Generated Reports
  • Alerts / Reports > Alerts > Triggered Alerts
  • Logs
  • Help

The Operator can view certain features and settings contained in the menu items, but cannot make any administrative modifications.

  • Dashboard
  • Detections (no access to message body)
  • Alerts / Reports > Reports > Generated Reports
  • Alerts / Reports > Alerts > Triggered Alerts
  • Logs
  • Help

DDEI accesses several Trend Micro services to obtain information about emerging threats and to manage your existing Trend Micro products. For more information, refer to Appendices of the DDEI Administration Guide (Appendix D > Connections and Ports).

 

DDEI can export a backup file of most configuration settings to an encrypted file. If needed, import this file to restore settings.

DDEI can be reset by restoring it to factory default settings.

The following settings can be backed up and restore from the backup file:

  • Screen
  • Tab
  • Dashboard
    • Settings for all widgets only
  • Policies > Policy Management
    • Policy List
    • Content Filtering Rules
    • DLP Rules
    • Antispam Rules
    • Threat Protection Rules
  • Policies > Policy Objects
    • Notifications
    • Message Tags
    • Redirect Pages
    • Archive Servers
    • Data Identifiers
    • DLP Templates
  • Policies > Exceptions
    • Messages
    • Objects (local object exceptions only)
    • URL Keywords
    • Graymail Exceptions
  • Alerts / Reports > Alerts
    • Rules
  • Alerts / Reports > Reports
    • Schedules
  • Administration > Component Updates
    • Schedule
    • Source
  • Administration > System Settings
    • Operation Mode
    • Proxy
    • SMTP
    • Time (date and time format and NTP server settings only)
    • SNMP
  • Administration > Mail Settings
    • Connections
    • Message Delivery
    • Limits and Exceptions
    • SMTP Greeting
    • Edge MTA Relay Servers
  • Administration > Integrated Products/Services
    • Syslog
    • Microsoft Active Directory
    • SFTP
  • Administration > Scanning / Analysis
    • Settings (Submission Filters and Timeout
    • Setting sections only)
    • File Passwords
    • Smart Protection
    • Smart Feedback
    • YARA Rules
    • Time-of-Click Protection
    • Business Email Compromise Protection
    • URL Scanning
  • Administration > Sender Filtering/Authentication
    • Approved Senders
    • Blocked Senders
    • DHA Protection
    • Email Reputation
    • Bounce Attack Protection
    • SMTP Traffic Throttling
    • SPF
    • DKIM Authentication
    • DKIM Signatures
    • DMARC
  • Administration > End-User Quarantine
    • User Quarantine Access
    • EUQ Digest

  • Administration > System Maintenance

    • Storage Maintenance

  • Administration > Accounts / Contacts

    • Accounts
    • Contacts

  • DDEI 7100/7200/9100/9200: Raid 1 configuration
Keywords: features,hardening guide,DDEI,hardening guide,kernel environment,change default password,service address and ports,back up configuration,backup configuration,security hardening,security hardening guide,ddei hardening guide,hardware appliance,account roles