ASL Features

From Atomicorp Wiki

Share/Save/Bookmark
Jump to: navigation, search

ASL Features 

   * Complete Intrusion Prevention:  Everything you need to protect your server in one product!
         o HIPS: Host Intrusion Prevention System, with built in rootkit detection and prevention.
         o KIPS: Kernel Intrusion Prevention System, prevents insertion of rootkits and malware into kernel, protects against memory and stack based attacks and other methods rootkits use to take over your system, Role Based and Mandatory Access Control, Trusted Path and more!
         o WIPS/WAF:  Web Intrusion Prevention System/Web Application Firewall:  Application layer firewalling through mod_security using the industry leading rules created by our Information Assurance lab gotroot.com and optimized for Cpanel and Plesk Server Administrator environments. A must for PCI-DSS compliance!  Protects against cross site scripting, SQL injection, remote code inclusion, directory recursion and many many other web based attacks.

   * Realtime shunning/firewalling and blocking of attack sources and user control over automatic "deshunning" time lines.
         o Realtime Blacklists of spammers, malware and attackers.
         o Full RBL support works with all DNS based RBLs such as spamhaus and others.
         o Geoblocking based on countries.

   * "Just in Time" Virtual Patching for web applications. Helps to protect vulnerable applications that can not be patched immediately.

   * Automated file upload scanning protection, realtime prevention of malicious file uploads such as rootkits, viruses, worms, shells, spambots and more!. Scans all Web, FTP and SSH based file uploads. Files can be quarantined for further investigation, or can be automatically deleted before they are ever uploaded to the system!

   * Built in vulnerability and compliance scanner and remediation system to ensure that your system is operating in a safe, secure and compliant manner.

   * Web comment/blog/referrer spam protection.

   * Denial of Service protection

   * Malware/Antispam/Antivirus protection.
         o Realtime malware/virus/trojan protection from web, mail, file and local based attacks.
         o Includes Real Time malware, antivirus and rootkit signatures.
         o Third party signatures such as Google Blacklists, SaneSecurity, SecuriteInfo and MalwarePatrol.

   * Auto-learning Role Based Access Control.  Easier to use than SELinux!
         o An intelligent and highly secure robust Role-Based Access Control (RBAC) system that can generate least privilege policies for your entire system with no configuration, from the Grsecurity project.
         o Auto-learning mode - allows you to generate your own top down least privilege policies.
         o ASL also supports SELinux policies.

   * Real time web content redaction system, which helps protect a system from accidentally serving up malware and can be used to help prevent data leakage of information, such as credit cards, SSNs or other sensitive customer data.

   * Automated secure log management with secure remote logging with intelligent log reduction, event detection and alerting!  Ships with a world class set of policies that requires no tuning or configuration and works out of the box to detect intrusions, policy violations and system emergencies.
         o Real-time e-mail notifications of attacks and system emergencies.
         o Intelligent log reduction and event detection.
         o Easy to use XML based policies for custom event detection and alerting.

   * Web based GUI management, and built to work with web with control panels such as Plesk Server Administrator (PSA). (CPanel version coming soon!)
         o Domain based control over antispam and antimalware features.
         o Works with virtual and real servers.

   *      Stack Protection: The Most powerful stack and heap overflow protection available for Linux, using the PaX project stack protection enhancement for the Linux kernel.
         o More powerful than the execshield and randomization protection found in normal Linux kernels.
         o Protects your Linux server against stack and heap based overflow exploits in services on the system, such as apache, mysql, postgres, bind, secure shell and others.
         o Provides for high end randomization of the kernel, stack, library, and heap bases.

   *      Trusted Path Execution, which restricts untrusted users such as apache to execute commands only owned by root, thus simply preventing a whole class of exploit techniques used by attackers, or internet worms. This can also be used to prevent your users from uploading dangerous software to your servers!

   * Virtualization Support: Works with VMWare, VServer, Xen, KVM/QEMU, lguest, Virtuozzo, Parallels, OpenVZ and more. ASL also includes built in the Xen, KVM/QEMU, lguest and VServer technologies.  Now you can have it all:  Security and Virtualization and without the extra cost!

   * Auto Healing/Hardening: Automatically hardens Linux servers based on security policies, and ships with a world class set of policies developed by our security experts.
         o Automatically disables unsafe functions in web technologies such as PHP to help prevent entire classes of vulnerabilities.
         o Specially hardened chroot capabilities, and protection against exploitable null-pointer dereference bugs in the kernel, and other enhancements from the Grsecurity project.
         o Users are restricted to only view their processes.
         o Sensitive kernel functions are denied to normal users.

   * World class support team, with email, web based and phone support.
Retrieved from "http://www.atomicorp.com/wiki/index.php/ASL_Features"
Personal tools