Stability and Security at the CoreThe Operating SystemThe stability of Gateway Guardian begins with GGOS, the open source core of the system. GGOS integrates a number of technologies, including a customized Linux 2.2 kernel, a specialized boot loader to work in embedded environments, and operating system services based on security audited source code. GGOS utilizes NetMaster's specialized package manager and init system to create a modular design that allows for functional extensibility while providing a trusted environment to run policy enforcement services such as firewalling, VPN, bandwidth management and QoS. 
A key factor in the stability of the system is the fact that GGOS is specifically designed as an operating system for deployment of policy enforcement operations and its supporting services. The core architecture is built with least-privilege policies in mind, and is shipped with only those services needed to perform its functionality. This significantly reduces potential vulnerability threats as only required services are added which have been audited and are essential to the operation of the device. This also allows us to take an operating system that typically is installed with over a gigabyte of supporting binaries to be sized down to less than 8 megabytes, essential for embedded environments. This also allows us to expand the architecture in the future to include Mandatory Access Controls (MAC) based on the Bell-LaPadula security model to prevent and manage subject classification and access. By separating the security policy logic from the enforcement mechanisms in this architecture, we are able to increase the data and application integrity of devices embedded with GGOS while providing least privilege requirements as required by the most stringent security classifications. The Core and Policy Enforcement layers currently support the following network and data services:
Package ManagementExtending the core functionality of GGOS is provided with the use of a specialized package management system that provides verification services with MD5 checksums. In this way, GGOS can be enhanced with new services for specific partner needs by building and assembling packages that can then be deployed to the partner's security appliances. Through the use of NetMaster's SafetyNet deployment system, a secure SSL auto-updating service, NetMaster can even push these new enhanced features to all of the partner's clients, easing the deployment hassles in enhancing existing product in the field. Policy EnforcementIn the policy enforcement layer, GGOS applies security policy decisions by extracting configuration parameters with the XML engine and then intelligently calculating and applying required policies at any given time. This allows GGOS to apply rules by groups of defined network resources for firewall, VPN and bandwidth policies, and associate it with the time of day. It can also dynamically change policies such as VPN access rights, network routes and traffic shaping throughput based on events and reallocation of resources. Through this architecture, in the future, we can dynamically create security associations with dedicated Policy Decision Point services and manage all policies in real time through a central policy server, rather than storing the configuration parameters on the enforcement device itself. Secure Remote Management CommunicationsSecure communications to GGOS is provided through Secure Shell (SSH), and through 128-bit RSA encrypted SSL streams. Through this, packages, configuration changes and requested instructions can be securely sent to the enforcement device from a centrally managed remote console or can be manually applied by an experienced security technician. |
|