Sentinel has undergone security hardening before being released. This section describes some of the hardening mechanisms used in Sentinel.
All unnecessary ports are turned off.
Whenever possible, a service port listens only for local connections and does not allow remote connections.
Files are installed with least privileges so that the least number of users can read the files.
Default passwords are not used.
Reports against the database are run as a user that only has SELECT permissions on the database.
All web interfaces require HTTPS.
All communication over the network uses SSL by default and is configured to require authentication.
User account passwords are encrypted by default when they are stored on the file system or in the database.
In addition to the points mentioned in Traditional Installation, the appliance has undergone the following additional hardening:
Only the minimally required packages are installed.
The firewall is enabled by default and all unnecessary ports are closed in the firewall configuration.
Sentinel is automatically configured to monitor the local operating systems syslog messages for audit purposes.