Dropbox 2 – Requirements

The services we want to be able to support remotely include:

  • Vulnerability assessments
  • Penetration tests
  • Web application tests
  • Database assessments
  • Configuration reviews

To do so, the platform should meet the following requirements:

  • Hardware
    • Small form factor
    • Few/no moving parts
    • Low cost
  • Deployment
    • Headless
    • Minimal client interaction (power/Ethernet)
    • Outbound SSL/TLS connectivity only
  • Secure
    • Tamper resistant
    • No local network accessible services
  • Troubleshooting
    • DNS “exfiltration” of configuration data
    • Dump and encrypt logs to removable storage
  • Highly Configurable (with or without remote access)
    • DHCP
    • Static IP
    • Support for outbound proxies
    • Support for proxy authentication (basic auth/NTLM)
    • Support for multiple testers
  • Secure Access (requires private key authentication)
    • SSH
    • VNC
    • HTTP proxy (squid)
    • SOCKS proxy
  • High Availability
    • Resiliant connections
    • Automatic service restarts

 

Leave a Reply

Your email address will not be published. Required fields are marked *