Armored Servers - Bringing Military Security to the Internet

Trusted Data Center @ Armored Servers

Armored Servers is the only Dedicated Server company with a service designed for the Government, Healthcare Industry, Financial institutions, and any company with a desire for heightened security to meet regulations, requirements, and security guidelines. No other dedicated server provider can offer a Trusted Server or Datacenter due to te experience, expertise, cost, and time required. Armored Servers' "Trusted Data Center" provides a secure environment, and a satisified auditor.

MLS is defined in DOD-STD 5200.28, the National Computer Security Center's (NCSC) Orange Book:

"Multilevel Secure - A class of system containing information with different sensitivities that simultaneously permits access by users with different security clearances and needs-to-know, but prevents users from obtaining access to information for which they lack authorization."

In short, MLS allows you to have all your data--no matter what its classification--on a single network. It allows cleared users access to the classified data they need while allowing others access to unclassified data only. This is what we strive to achieve with MLS.

Armored Servers provides Trusted UNIX systems For commercial, financial, healthcare, and government. All for a fixed monthly fee complete with managed/unmanaged hosting and 24x7 support.

The above diagram is an Armored Servers' custom MLS environment to provide content filtering based on who is viewing the information. The Public Web Server forwards the Web Request to the appropriate label. The Web Guard Service Web Server will display the content the user is allowed to view. The actual web contents are only readable and cannot be written to by the webserver displaying information. Writing of data can be designed to be done via another interface or through the Internal Use Only Sensitivity Label. This is ideal for Financial and Healthcare companies. A patient can see all his or her records, and the Insurance Agent can only see a segment of the same information.

What is part of Armored Servers' Trusted Datacenter?

The Solaris 10 with Trusted Extensions (evaluated at EAL4+ for CAPP, RBACPP, and LSPP) http://www.commoncriteriapotal.org.

The Solaris 10 Operating System provides new frameworks for containment (zones), user rights management (roles and authorizations), and process rights management (privileges). The Trusted Extensions software, introduced in te Solaris 10 11/06 OS, extends these frameworks by adding sensitivity labels to provide a mandatory access control (MAC) policy base that implements multilevel security (MLS).

FISMA Compliant
"Each agency shall develop, document, and implement an agency-wide information security program to provide information security for the information and information systems that support the operations and assets of the agency, including those provided or managed by another agency, contractor, or other source..."
--Federal Information Security Management Act of 2002

HIPAA Compliant
Armored Servers' Trusted Datacenter helps healthcare companies protect individuals from having their medical information exposed, Congress enacted the Health Insurance Portability and Accountability Act (HIPAA) in 1996. Sarbanes-Oxley became law in January of 2002 to regulate accounting practices and standards of publicly traded companies. Although accounting may seem like just a financial matter, keep in mind that integrity of information can be ensured only by strict security controls. Therefore, Sarbanes-Oxley has become an information technology problem. Armored Servers' Trusted Datacenter helps to alliviate this problem.

STIG (Security Technical Implementation Guidelines) Compliant
Security Technical Implementation Guidelines http://iase.disa.mil/stigs/stig/

The STIGs and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems. Security Readiness Review Scripts (SRRs) test products for STIG compliance. SRR Scripts are available for all operating systems and database that have STIGs. Armored Servers's Trusted Dedicated Servers are compliant with STIG Guidelines for the Operating System, Databases, and other applications.

Proactive IAVA (Information Assurance Vulnerability Alert) Compliant
The Information Assurance Vulnerability Alert, or IAVA, has for several years been the method by which agencies within the United States Department of Defense monitor for and track the resolution of network vulnerabilities. IAVAs are issued by the DOD-CERT (http://www.cert.mil).

Armored Servers proactively monitors, and verifies new IAVA's on its Trusted Datacenters and Trusted Servers. IAVA reports are emailed to our clients detailing the latest IAVA compliancy and what actions, if any, were taken to be compliant.

NSA Guideline Compliant
http://www.nsa.gov/snac

NSA has developed and distributed configuration guidance for SUN Solaris that is currently being used throughout the government and by numerous entities as a security baseline for their SUN Solaris systems. Armored Servers' Trusted Servers are compliant with these Guidelines.

NIST Guideline Compliant
http://csrc.nist.gov/

The NIST guidelines serve as a road map for federal agencies in meeting mandates set by te Federal Information Security Management Act (FISMA). Government agencies will be required to have certain security controls, policies and procedures in place.

"This document of security guidelines is going to play a key role in helping federal agencies effectively select and implement security controls," Shashi Phoha, NIST Information Technology Laboratory Director, said in a statement.

At the heart of the initiative is an effort to protect the confidentiality, integrity and availability of all federal information systems that are not part of the national security system.

The security controls in the new NIST guidelines span 17 key areas, ranging from user identification to authentication to risk assessment.

DCID6/3 Compliant PL1 - PL5

http://www.fas.org/irp/offdocs/DCID_6-3_20Manual.htm

The DCID6/3 manual provides uniform policy guidance and requirements for ensuring adequate protection of certain categories of intelligence information that is stored or processed on an information system (IS).

There are four primary C&A (Certification and Accreditation) models that agencies use as a basis to architect their standardized C&A process. The four C&A models are the National Information Assurance Certification and Accreditation Process (NIACAP) model, the National Institute of Standards and Technology (NIST) model, the Defense Information Technology Systems Certification and Accreditation Process (DITSCAP) model, and the DCID 6/3 model.

The DCID 6/3 model is based on certification and accreditation performed on information systems that are characterized by Protection Levels (PL), and DCID 6/3 defines five different protection levels. DCID 6/3 deals only with classified information and its PL model helps ensure that only property cleared people have access to classified information.

NOTE: Armored Servers' Trusted Servers meet DCID requirements, yet must be individually accredidated for a PL level.

Full documentation for FISMA accreditation that include:
CTP Certification Test Procedures
Evidence of Risk mitigation through Armoring and OS Minimization
Design and architecture documents
Common Criteria Certification documents

Solaris 10 Zones and Trusted Extensions
Solaris Trusted Extensions extends Solaris security by enforcing a mandatory access control policy. Sensitivity labels are automatically applied to all souces of data (networks, filesystems, windows) and consumers of data (user and processes). Access to all data is restricted based on the relationship between the label of the data (object) and the consumer (subject). http://www.opensolaris.org/os/community/security/projects/tx/

Zones/Containers to provide Virtual Servers:
Zones provide a new isolated primitive for the Solaris OS, which is a secure, flexible, scalable, and lightweight: virtualized OS services which look like different Solaris instances. http://www.sun.com/bigadmin/content/zones/

Integrate Trusted Oracle Database into your Trusted System with Armored Servers
Oracle Database can be integrated into a Trusted UNIX design complete with Row Level Security and Virtual Private Databases (VPD). There are no other competitors providing this type of security. Make Armored Servers' your business partner and provide the security your company, and clients, need. The designs that Armored Servers' provides would cost any company thousands of dollars to setup and thousands more to maintain. Let us do the work for you.

Why not RedHat Enterprise Linux 5 using SELINUX?
One of the major differences between RedHat Linux's SELINUX and Trusted Solaris/Solaris 10 is regarding network labeling. Unlike Trusted Extensions, RedHat Enterprise Linux 5 can only accept remote connections from systems that use explicit labeled networking protocols. This makes network labeling an issue when using RedHat in a network-based environment, especially the Internet.

"[Our] business has been securing Operating Systems and applications. Instead of re-designing systems over and over for my clients, I developed Armored Servers' Trusted Datacenter to reduce the paperwork burden, armoring and security work, and C&A process. Why use another product where you must combine and minimize when you can use another that has already been done?" -- Founder of Armored Servers