What makes GlobalNET secure?
GlobalNET Help Guide
Search Results
What makes GlobalNET secure?
The recently released GlobalNET version 2 brings with it a superior user experience along with a host of advanced security features. This note focuses on the latter.
GlobalNET v2 was built from the ground up to be secure, starting with a security hardened infrastructure including:
- FedRAMP-compliant hosting platform provided by Amazon Web Services (AWS)
- Modern, secure operating system: Red Hat Enterprise Linux version 7.2 (RHEL/7)
- Security Technical Implementation Guide (STIG) scanning and compliance
- Virtual Private Cloud, firewalls and security groups port management
- Continuous monitoring (response time, disk, memory and CPU usage)
- Additional continuous monitoring systems planned and in development
The RHEL/7 operating system includes a powerful security platform called Security-enhanced Linux, or SELinux. Developed by the NSA and released to the open source community in 2000, SELinux provides a suite of access control security policies that satisfy DoD-style mandatory access controls (MAC). From the NSA SELinux team:
NSA Security-enhanced Linux is a set of patches to the Linux kernel and some utilities to incorporate a strong, flexible mandatory access control (MAC) architecture into the major subsystems of the kernel. It provides an enhanced mechanism to enforce the separation of information based on confidentiality and integrity requirements, which allows threats of tampering and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications.
At the Drupal Application level, a suite of features support increased security:
- Drupal best practices for writing secure code (and code reviews)
- Strong password policy
- Session idle timeout (resulting in logout)
- Strong - and exhaustively tested - permissions structure
- Tracking and logging of role and permission changes
- Speaking of tests: over 500 automated tests run before every release
- Context and role-aware help system
Sponsored by the Defense Security Cooperation Agency (DSCA), GlobalNET represents a network of organizations and their representative members who are working to foster national and international collaboration as well as to maintain relationships, and strengthen partner capacity.