Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Discovery Analyzer (DDAN) Hardening Guide

    • Updated:
    • 19 Nov 2019
    • Product/Version:
    • Deep Discovery Analyzer 6.5
    • Platform:
    • N/A N/A
Summary

This article gives a high-level overview of the security hardening and features implemented in DDAN appliance.

Details
Public

DDAN uses the Linux Kernel from Centos7 and remove unnecessary tools/software/services to secure the environment.

According to Trend Micro security policy, when DDAN receives a CVE or ZDI vulnerability report, DDAN will do CVSS evaluation. If the vulnerability has impacted DDAN, DDAN will release a critical patch or resolve it in next major release.

DDAN has informed customer to change the default password for admin in Admin Guide.

DDAN grants access to the management console by user accounts. The built-in administrator account can create both local account and account from AD if integrated with AD. To access the management console, each user account requires a logon password.

For local account, the password is controlled by Password Policy in Administration-System Settings-Password Policy. When enabled the strong password policy, DDAN will require the strong password with:

  • At least 8 characters
  • Alphanumeric characters (A-Z, a-z, 0-9) with both upper and lower case letters
  • At least one special character

Observe the following guidelines for creating a strong password:

  • Avoid words found in the dictionary.
  • Intentionally misspell words.
  • Use phrases or combine words.
  • Use both uppercase and lowercase letters.
  • Account Role.

DDAN has three kinds of account roles: Administrator, Investigator and Operator.

  • The Administrator takes full control of DDAN.
  • The Investigator can:

    • Submit objects to analyze
    • Read-only access to submitted objects, analysis results, and product settings
    • Download access to investigation package, including submitted objects
  • The Operator has read-only access to submitted objects, analysis results, and product settings.

DDAN accesses several Trend Micro services to obtain information about emerging threats and to manage your existing Trend Micro products. For more information, refer to Appendices of the DDAN Administration Guide (Appendix A > Service Addresses and Ports).

DDAN has the ability to enforce TLS 1.2 ensuring compliance and security for data in motion. This is a new feature in DDAN 6.5.

DDAN can export a backup file of most configuration settings to an encrypted file. If needed, import this file to restore settings.

DDAN can be reset by restoring it to factory default settings

The following settings cannot be backed up:

  • Widget settings in Dashboard page
  • Exceptions
  • User-defined Suspicious Objects
  • Sandbox Management settings: Archive Passwords/Submission Settings/Smart Feedback/Sandbox for macOS/YARA Rules
  • Alert Rules
  • Report Schedules and Customization settings in Report page
  • Component Updates Settings
  • Integrated Products/Services:

    • Smart Protection
    • ICAP
    • Microsoft Active Directory
    • Log Settings
  • System Settings :

    • Proxy
    • SMTP
    • Time (time zone and format)
    • SNMP
    • Password Policy
    • Session Timeout
  • Accounts and Contacts
  • Data back up settings
  • Deep Discovery Inspector 1000: Raid 5 configuration
  • Deep Discovery Inspector 1100/1200: Raid 1 configuration
Premium
Internal
Rating:
Category:
Solution Id:
000149498
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.