Installation guide
Protogate Freeway Requirements Specification (SRS) Chapter 3. Requirements
3.8.31. GEN005100 - TFTP SUID/SGID Bit
Summary The TFTP daemon must have mode 0755 or less permissions.
Notes If TFTP runs with the setuid or setgid bit set, it may be able to write to any file or directory
and may seriously impair system integrity, confidentiality, and availability.
3.8.32. GEN005140 - TFTP Documentation
Summary Any active TFTP daemon must be authorized and approved in the system accreditation
package.
Notes TFTP is a file transfer protocol often used by embedded systems to obtain configuration data
or software. The service is unencrypted and does not require authentication of requests. Data
available using this service may be subject to unauthorized access or interception.
3.8.33. GEN005200 - X Displays Exporting
Summary X displays must not be exported to the world.
Notes Open X displays allow an attacker to capture keystrokes and to execute commands remotely.
Many users have their X Server set to xhost +, permitting access to the X Server by anyone,
from anywhere.
3.8.34. GEN005300 - Changed SNMP Community Strings
Summary SNMP communities, users, and passphrases must be changed from the default.
Notes Whether active or not, default SNMP passwords, users, and passphrases must be changed to
maintain security. If the service is running with the default authenticators, then anyone can
gather data about the system and the network and use the information to potentially
compromise the integrity of the system or network(s).
3.8.35. GEN005500 - SSH Version 1 Compatibility
Summary The SSH daemon must be configured to only use the SSHv2 protocol.
Notes SSHv1 is not a DoD-approved protocol and has many well-known vulnerability exploits.
Exploits of the SSH daemon could provide immediate root access to the system.
Protogate DC-900-2021A 21