Protogate Freeway® Software Requirements Specification (SRS) DC 900-2021A Protogate, Inc. 12225 World Trade Drive Suite R San Diego, CA 92128 USA Web: www.protogate.com Email: sales@protogate.
Protogate Freeway® Software Requirements Specification (SRS): DC 900-2021A by Protogate, Inc. Published October 2013 Copyright © 2013 Protogate, Inc. This Software Requirements Specification (SRS) identifies the requirements which must be satisfied by the Protogate Freeway® software. The latest version of this document is always available, in a variety of formats and compression options, from the Protogate World Wide Web server (http://www.protogate.com/support/manuals).
Table of Contents Preface...........................................................................................................................................................................vi Purpose of Document ...........................................................................................................................................vi Intended Audience......................................................................................................................................
Protogate Freeway Requirements Specification (SRS) 3.8.20. GEN003820 - Remote Login or Shell is Enabled .........................................................................18 3.8.21. GEN003840 - The rexec Service is Enabled .................................................................................18 3.8.22. GEN004220 - The root Account’s Browser ..................................................................................18 3.8.23. GEN004400 - File Executed Through Aliases Accessibility ...
List of Tables 1. Revision History ........................................................................................................................................................ix 2-1. Referenced Documents..........................................................................................................................................11 4-1. Freeway Software Qualification Methods .............................................................................................................
Preface Purpose of Document This Software Requirements Specification (SRS) identifies the requirements of the Protogate Freeway® software. Intended Audience This document should be read by anyone who needs requirements information about the Protogate Freeway software. Organization of Document This document is organized into the following major sections: Chapter 1 is an overview of this document and of the Protogate Freeway software. Chapter 2 is a list of other documents referenced by this document.
Protogate Freeway Requirements Specification (SRS) Preface (http://www.protogate.com/). Additional information about documents which are specifically referenced by this Software Requirements Specification (SRS) are in Chapter 2 of this document.
Preface Protogate Freeway Requirements Specification (SRS) Freeway Release Addendum: Client Platforms DC-900-1555 Freeway Message Switch User Guide Freeway Software Requirements Specification (SRS) DC-900-1588 DC-900-2021 Freeway Ports, Protocols, and Services (PPS) Freeway Software Version Description (SVD) DC-900-2022 DC-900-2023 Freeway Lifecycle Support Plan (LSP) Freeway Security Features User’s Guide (SFUG) DC-900-2024 DC-908-3004 Freeway Security Target (ST) DC-908-3005 Embedded ICP Softw
Protogate Freeway Requirements Specification (SRS) Preface Bit-Stream Protocol Programmer Guide DC-900-1574 BSC Programmer Guide BSCDEMO User Guide DC-900-1340 DC-900-1349 BSCTRAN Programmer Guide DDCMP Programmer Guide DC-900-1406 DC-900-1343 FMP Programmer Guide Military/Government Protocols Programmer Guide DC-900-1339 DC-900-1602 N/SP-STD-1200B Programmer Guide NASCOM Programmer’s Guide DC-908-1359 DC-900-2010 SIO STD-1300 Programmer Guide TIMI Programmer’s Guide DC-908-1559 DC-900-2011 X.
Chapter 1. Scope 1.1. Identification This document describes the requirements which must be met by the Protogate Freeway® software, when running on a Protogate Freeway system. 1.2. System Overview The Protogate Freeway is a data communication system which connects one or more serial-link channels (Wide-Area-Network, or WAN channels) of various types to one or more IP (Internet Protocol) networks. The Freeway acts as a gateway, providing WAN channel access to clients on the IP network.
Chapter 2. Reference Documents A full list of Protogate documents is in the Preface Section of this document. Documents referenced by this Software Requirements Specification (SRS) are listed in Table 2-1. Table 2-1.
Chapter 3. Requirements 3.1. Required States and Modes Once booted, a Freeway is always in only one state: ready. All references to any Freeway operation in this document refer to a Freeway in the ready state. 3.2. Freeway Capability Requirements This section describes the requirements which are specific to the primary mission of most Freeways, which is to enable WAN access via an IP network. 3.2.1.
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements 3.4. Freeway Internal Interface Requirements No internal interface requirements are imposed on the Freeway software; the design of the Freeway software is free to use any internal interfaces which result in meeting the other requirements of this SRS. 3.5.
Chapter 3. Requirements Notes Protogate Freeway Requirements Specification (SRS) An operating system release is considered supported if the vendor continues to provide security patches for the product. With an unsupported release, it will not be possible to resolve security issues discovered in the system software. 3.8.2. GEN000120 - Supported Components Summary Vendor-recommended software patches and updates, and system security patches and updates, must be installed and up-to-date.
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements 3.8.4. GEN000400 - Logon Warning Banner Display Summary The Department of Defense (DoD) login banner must be displayed immediately prior to, or as part of, console login prompts. Notes Failure to display the login banner prior to a logon attempt will negate legal proceedings resulting from unauthorized access to system resources. 3.8.5.
Chapter 3. Requirements Notes Protogate Freeway Requirements Specification (SRS) If a user accesses the root account (or any account) using an unencrypted connection, the password is passed over the network in clear text form and is subject to interception and misuse. This is true even if recommended procedures are followed by logging on to a named account and using the su command to access root. 3.8.9.
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements 3.8.13. GEN002700 - Audit Logs Permissions Summary System audit logs must have mode 0640 or less permissive. Notes If a user can write to the audit logs, audit trails can be modified or destroyed and system intrusion may not be detected. System audit logs are those files generated from the audit system and do not include activity, error, or other log files created by application software. 3.8.14.
Chapter 3. Requirements Notes Protogate Freeway Requirements Specification (SRS) If the system is not configured to audit certain activities and write them to an audit log, it is more difficult to detect and track system compromises and damages incurred during a system compromise. 3.8.18. GEN002820 - Audit Discretionary Access Control Permission Modifications Summary The audit system must be configured to audit all discretionary access control permission modifications.
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements 3.8.22. GEN004220 - The root Account’s Browser Summary Administrative accounts must not run a web browser, except as needed for local service administration. Notes If a web browser flaw is exploited while running as a privileged user, the entire system could be compromised. Specific exceptions for local service administration should be documented in site-defined policy.
Chapter 3. Requirements Notes Protogate Freeway Requirements Specification (SRS) Debug mode is a feature present in older versions of Sendmail which, if not disabled, may allow an attacker to gain access to a system through the Sendmail service. 3.8.27. GEN004640 - Sendmail DECODE Command Summary The SMTP service must not have a uudecode alias active. Notes A common configuration for older Mail Transfer Agents (MTAs) includes an alias for the decode user.
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements 3.8.31. GEN005100 - TFTP SUID/SGID Bit Summary The TFTP daemon must have mode 0755 or less permissions. Notes If TFTP runs with the setuid or setgid bit set, it may be able to write to any file or directory and may seriously impair system integrity, confidentiality, and availability. 3.8.32. GEN005140 - TFTP Documentation Summary Any active TFTP daemon must be authorized and approved in the system accreditation package.
Chapter 3. Requirements Protogate Freeway Requirements Specification (SRS) 3.8.36. GEN006380 - NIS/NIS+ Implemented Under UDP Summary The system must not use UDP for NIS/NIS+. Notes Implementing NIS or NIS+ under UDP may make the system more susceptible to a Denial of Service attack and does not provide the same quality of service as TCP. 3.9. Environment Requirements The Freeway software is intended to be installed and run only on a Protogate Freeway system.
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements 3.11. Software Quality Factors The two software quality factors imposed on the Freeway software are that it must maintain high performance and it must be reliable.
Chapter 3. Requirements Protogate Freeway Requirements Specification (SRS) 3.18. Precedence and Criticality of Requirements All requirements specified in this SRS have equal weight.
Chapter 4. Qualification Provisions This section defines a set of qualification methods and specifies, for each requirement in Chapter 3, methods or procedures which can be used to ensure that the requirement has been met. Table 4-1. Freeway Software Qualification Methods Section Requirement Qualification Notes Name Method Section 3.2.1 DLI/TSI Server Test Setup a Freeway with at least 2 serial datalink ports, loaded with sps_2432b.
Chapter 4. Qualification Provisions Section Protogate Freeway Requirements Specification (SRS) Requirement Qualification Notes Name Method Section 3.8.6 GEN000560 Password Protect Enabled Accounts Check Login to the Freeway, su - shell to become a root-level user, and execute the command awk -F’:’ ’{ if ( $2 == NULL ) print $0; }’ < /etc/master.passwd to verify that there are no users with empty passwords.
Protogate Freeway Requirements Specification (SRS) Section Chapter 4. Qualification Provisions Requirement Qualification Notes Name Method Section 3.8.12 GEN002680 Audit Logs Accessibility Check Login to the Freeway, su - shell to become a root-level user, then execute the command ls -la /var/audit/, to verify that none of the files in that directory are accessible in any way by any user other than a root-level user (root or shell).
Chapter 4. Qualification Provisions Section Protogate Freeway Requirements Specification (SRS) Requirement Qualification Notes Name Method Section 3.8.17 GEN002800 Audit Login, Logout, and Session Initiation Check Login to the Freeway, su - shell to become a root-level user, then execute the command grep flags /etc/security/audit_control to verify that either ’lo’ or ’+lo’ and ’-lo’ are listed on the "flags" and "naflags" lines of /etc/security/audit_control.
Protogate Freeway Requirements Specification (SRS) Section Chapter 4. Qualification Provisions Requirement Qualification Notes Name Method Section 3.8.23 GEN004400 File Executed Through Aliases Accessibility Check Login to the Freeway, su - shell to become a root-level user, then execute the command find / -name aliases -depth -print, to find any "aliases" file. That file should not exist anywhere on a Freeway, because Freeways do not support email of any kind. Section 3.8.24 GEN004580 .
Chapter 4. Qualification Provisions Section Protogate Freeway Requirements Specification (SRS) Requirement Qualification Notes Name Method Section 3.8.33 GEN005200 X Displays Exporting Check Login to the Freeway, su - shell to become a root-level user, then execute the command ps -ax |grep X, to verify that Freeway does not run XWindow. Section 3.8.
Chapter 5. Requirements Traceability This document specifies the software requirements of the Freeway software only, without reference to any higher-level or lower-level components of any other system(s) of which the Freeway software might be a part. There is therefore no traceability of the requirements specified in this SRS to any other system or subsystem requirements.
Chapter 6. Notes This chapter contains general information to aid in understanding this document. Table 6-1.
Index DID, 11, 32 DISA, 13 DLI, 12, 32 Document conventions, ix A Acronyms, 32 DID (Data Item Description) (see DID) DISA (Defense Information Systems Agency) (see DISA) DLI (Data Link Interface) (see DLI) ICP (Intelligent Communications Processor) (see ICP) IP (Internet Protocol) (see IP) SRG (Security Requirements Guide) (see SRG) SRS (Software Requirements Specification) (see SRS) STIG (Security Technical Implementation Guide) (see STIG) TSI (Transport Subsystem Interface) (see TSI) WAN (Wide Area Netw
Protogate Freeway Requirements Specification (SRS) P W Packaging Requirements, 23 Personnel-related Requirements, 23 Precedence and Criticality of Requirements, 24 Preface, vi Product support, ix WAN, 10, 32 Wide Area Network (see WAN) Q Qualification methods, 25 Qualification Provisions, 25 R Reference documents, vi, 11 Required States and Modes, 12 Requirements Traceability, 31 S Safety Requirements, 13 Security and Privacy Requirements, 13 Security Requirements Guide (see SRG) Security Technical I
Customer Report Form Customer Report Form We at Protogate are constantly striving to improve our products. If you have any suggestions or problems you would like to report regarding our hardware, software, or documentation, please complete the following form and mail it to us at Protogate, Inc., 12225 World Trade Drive, Suite R, San Diego, CA, 92128, USA. Or contact us via email: , voice: (858) 451-0865, or fax: (877) 473-0190.