Host Based Security System: Difference between revisions

Browse history interactively

← Previous edit

Content deleted Content added

VisualWikitext

Revision as of 02:59, 18 August 2021 edit NoAppliedVoltage (talk \| contribs) 424 edits m Replaced dead external links with achieved ones. Tagged dead link. Tag: Visual edit ← Previous edit		Latest revision as of 00:01, 13 January 2024 edit undo BD2412 (talk \| contribs) Autopatrolled, Administrators 2,529,165 edits m clean up spacing around commas and other punctuation fixes, replaced: ,h → , h (2) Tag: AWB
(8 intermediate revisions by 8 users not shown)
Line 1: {{Short description\|Department of Defense suite of software applications}} {{Update\|date=June 2019}} ~~The~~ '''Host Based Security System''' ('''HBSS''') is the official name given to the United States [[United States Department of Defense\|Department of Defense]] (DOD) [[commercial off-the-shelf]] (COTS) suite of software applications used within the DOD to monitor, detect, and defend the DOD computer networks and systems. The [[Enterprise-wide Information Assurance and computer Network Defense Solutions Steering Group]] (ESSG) sponsored the acquisition of the HBSS System for use within the DOD Enterprise Network. HBSS is deployed on both the [[NIPRNet\|Non-Classified Internet Protocol Routed Network]] (NIPRNet) and [[SIPRNet\|Secret Internet Protocol Routed Network]] (SIPRNet) networks, with priority given to installing it on the NIPRNet. HBSS is based on [[McAfee\|McAfee, Inc]]'s [[ePolicy Orchestrator]] (ePO) and other McAfee point product security applications such as [[Host Intrusion Prevention System]] (HIPS).▼ ~~{{Orphan\|date=June 2011}}~~ ▲The '''Host Based Security System''' ('''HBSS''') is the official name given to the United States [[United States Department of Defense\|Department of Defense]] (DOD) [[commercial off-the-shelf]] (COTS) suite of software applications used within the DOD to monitor, detect, and defend the DOD computer networks and systems. The [[Enterprise-wide Information Assurance and computer Network Defense Solutions Steering Group]] (ESSG) sponsored the acquisition of the HBSS System for use within the DOD Enterprise Network. HBSS is deployed on both the [[NIPRNet\|Non-Classified Internet Protocol Routed Network]] (NIPRNet) and [[SIPRNet\|Secret Internet Protocol Routed Network]] (SIPRNet) networks, with priority given to installing it on the NIPRNet. HBSS is based on [[McAfee\|McAfee, Inc]]'s [[ePolicy Orchestrator]] (ePO) and other McAfee point product security applications such as [[Host Intrusion Prevention System]] (HIPS). == History == Seeing the need to supply a comprehensive, department-wide security suite of tools for DOD System Administrators, the ESSG started to gather requirements for the formation of a host-based security system in the summer of 2005. In March 2006, [[BAE Systems]] and McAfee were awarded a contract to supply an automated host-based security system to the department. After the award, 22 pilot sites were identified to receive the first deployments of HBSS.<ref>{{Cite web\|date=2010-06-19\|title=Host Based Security System (HBSS)\|url=http://www.disa.mil/hbss/index.html\|access-date=2021-08-18\|archive-url=https://web.archive.org/web/20100619104318/http://www.disa.mil/hbss/index.html\|~~access~~archive-date=~~2021~~2010-0806-~~18\|website=web.archive.org~~19}}</ref> During the pilot roll out, DOD System Administrators around the world were identified and trained on using the HBSS software in preparation for software deployment across DOD. On October 9, 2007, the [[Joint Task Force for Global Network Operations]] (JTF-GNO) released [[Communications Tasking Order]] (CTO) 07-12 (''Deployment of Host Based Security System (HBSS)'') mandating the deployment of HBSS on all Combatant Command, Service and Agency (CC/S/A) networks within DOD with the completion date by the 3rd quarter of 2008.<ref>{{Cite web\|date=2010-12-05\|title=infoexchange\|url=http://www.afcea.org/events/landwarnet/08/infoexchange.asp\|access-date=2021-08-18\|archive-url=https://web.archive.org/web/20101205013909/http://www.afcea.org/events/landwarnet/08/infoexchange.asp\|~~access~~archive-date=~~2021~~2010-0812-~~18\|website=web.archive.org~~05}}</ref> The release of this CTO brought HBSS to the attention of all major department heads and CC/S/A's, providing the ESSG with the necessary authority to enforce its deployment. Agencies not willing to comply with the CTO now risked being disconnected from the DOD [[Global Information Grid]] (GIG) for any lack of compliance. Lessons learned from the pilot deployments provided valuable insight to the HBSS program, eventually leading to the [[Defense Information Systems Agency]] (DISA) supplying both pre-loaded HBSS hardware as well as providing an HBSS software image that could be loaded on compliant hardware platforms. This proved to be invaluable to easing the deployment task on the newly trained HBSS System Administrators and provided a consistent department-wide software baseline. DISA further provided step-by-step documentation for completing an HBSS baseline creation from a freshly installed operating system. The lessons learned from the NIPRNet deployments simplified the process of deploying HBSS on the SIPRNet. Line 17 ⟶ 15: * March 27, 2007: The ESSG approved the HBSS for full-scale deployment throughout the DoD enterprise * October 9, 2007: The [[Joint Task Force for Global Network Operations\|JTF-GNO]] releases CTO 07-12 * November, 2009: The [[United States Air Force\|Air Force]] awarded [[Northrop Grumman]] with the deployment of HBSS on the SIPRNet<ref>Henry Kenyon, ''Northrop Grumman Wins Air Force SIPRNET Contract'', http://www.afcea.org/signal/signalscape/index.php/2009/11/northrop-grumman-wins-air-force-siprnet-contract/, 3/13/2010~~</ref>~~ {{Dead link\|date=August 2021}}</ref> == HBSS components == Throughout its lifetime, HBSS has undergone several major baseline updates as well as minor maintenance releases. The first major release of HBSS was known as Baseline 1.0 and contained the McAfee ePolicy orchestrator engine, HIPS, [[software compliance profiler]] (SCP), [[rogue system detection]] (RSD), [[asset baseline manager]] (ABM), and assets software. As new releases were introduced, these software products have evolved, had new products added, and in some cases, been completely replaced for different products. As of January, 2011, HBSS is currently at Baseline 4.5, Maintenance Release 2.0 (MR2). MR2 contains the following software:▼ === HBSS Baseline 4.5 MR2 components === ▲As of January, 2011, HBSS is currently at Baseline 4.5, Maintenance Release 2.0 (MR2). MR2 contains the following software: ~~{\| class="wikitable collapsible" style="width:100%;"~~ \|- ~~! As of January, 2011, HBSS is currently at Baseline 4.5, Maintenance Release 2.0 (MR2). MR2 contains the following software:~~ \|- ~~\| <div style="height: 500px;overflow:-moz-scrollbars-vertical;overflow-y:auto;">~~ ==== Microsoft products ==== {\| class=~~redtable border=1~~wikitable \|- ! Software application Line 60 ⟶ 52: ==== Optional products/components ==== {\| class=~~redtable border=1~~wikitable \|- ! Software application Line 79 ⟶ 71: ==== SIPRNet-only products/components ==== {\| class=~~redtable border=1~~wikitable \|- ! Software application Line 89 ⟶ 81: \| Rollup Extender \| 1.2.8 \|} ~~</div>~~ \|} Line 102 ⟶ 92: <!----==== Security compliance profiler ==== The security compliance profiler (SCP) was one of the original products provided in HBSS Baseline 1.0. It was removed from HBSS as of Baseline 2.0 and replaced with the policy auditor component. The SCP is an integral component of ePO that provides enterprise-wide reporting on security patches, including the Microsoft® operating systems.<ref>'''System Compliance Profiler''', http://www.mcafee.com/us/enterprise/products/promos/system_security_management/epolicy_orchestrator/compliance_profiler.html, 3/14/2010</ref> ----> Line 127 ⟶ 117: ==== Device control module/data loss prevention ==== The DCM component of HBSS was introduced in HBSS Baseline 2.0 specifically to address the use of USB devices on DOD networks. JTF-GNO CTO 09-xxx, ''removable flash media device implementation within and between Department of Defense (DOD) networks'' was released in March, 2009 and allowed the use of USB removable media, provided it meets all of the conditions stated within the CTO. One of these conditions requires the use of HBSS with the DCM module installed and configured to manage the USB devices attached to the system.<ref>{{Cite web\|date=2011-01-20\|title=DoD Can Use USB Securely {{!}} Blog Central\|url=http://blogs.mcafee.com/enterprise/public-sector/dod-can-use-usb-securely\|access-date=2021-08-18\|archive-url=https://web.archive.org/web/20110120192355/http://blogs.mcafee.com/enterprise/public-sector/dod-can-use-usb-securely\|~~access~~archive-date=~~2021~~2011-0801-~~18\|website=web.archive.org~~20}}</ref> The DCM was renamed to the data loss prevention (DLP) in HBSS Baseline 3.0 MR3. ==== Assets publishing service ==== Line 141 ⟶ 131: == HBSS support == The DISA Risk Management Executive Office (RE) formerly [[field security office]] (FSO) provides free technical support for all HBSS Administrators through their help desk. DISA has three tiers of support, from Tier I to Tier III. Tier I and Tier II support is provided by DISA FSO, while Tier III support is provided by McAfee. DISA FSO Support is available using one of the following methods:<ref>{{Cite web\|date=2010-02-12\|title=DoD Information Assurance Tools\|url=http://iase.disa.mil/tools/index.html\|access-date=2021-08-18\|archive-url=https://web.archive.org/web/20100212232302/http://iase.disa.mil/tools/index.html\|~~access~~archive-date=~~2021~~2010-0802-~~18\|website=web.archive.org~~12}}</ref> {\|