The operating system on Safeguard appliances has been hardened uses several methods to restrict access. These measures include the following:
- Prevent console access and restrict network access
- Disable or remove unused services
- Disable or remove unused programs and operating system components
- Implement highly restrictive ACLs
- Use Local Security Policy
The only way to apply code changes—such as an application update, component change, or an operating system security patch—to an application is via a patch provided by One Identity. These patches are a proprietary format, are AES-256 encrypted using an X.509 certificate as the key, and are further authenticated by the use of a patch key that is uniquely generated based on both hardware and software attributes of the appliance. This ensures that only patches that come from One Identity can be applied to an appliance.