Project Home
Project Home		 Trackers
Trackers		 Documents
Documents		 Wiki
Wiki		 Discussion Forums
Discussions		 Project Information
Project Info
Community/Discussion/General/Security policy compliant/List of Posts
Forum Topic - Security policy compliant: (5 Items)
   
Update
Hii Sing Chung
08/24/2012 11:25 AM
post95119
Security policy compliant   
I am a security personnel working in a secured environment. There have been many suggestions on the use of QNX on thin 
clients. I have little info on QNX. 
I would like to know if QNX can comply to all our security policies. I am not able to list all policies' items here. 
However, some of which are:
- Maximum and Minimum password age.
- built-in administrator account must be renamed.
- account must expire in 90 days.
- two-factor authentication for remote administration
- password must meet complexity requirements
- ftp, dhcp, dns, telnet, qdaemon, lpd, CDE, NFS, must be disabled
- account lock out threshold
- user must change password at next logon
- account lockout duration
- minimum number of weeks before a password can be reset
- the number of days before a system issues a warning that a password change is required
Mario Charest
08/24/2012 2:13 PM
post95128
RE: Security policy compliant   
Who told you that? 

> -----Message d'origine-----
> De : Hii Sing Chung [mailto:community-noreply@qnx.com]
> Envoyé : 24 août 2012 11:25
> À : general-community
> Objet : Security policy compliant
> 
> I am a security personnel working in a secured environment. There have been
> many suggestions on the use of QNX on thin clients. I have little info on QNX.
> I would like to know if QNX can comply to all our security policies. I am not
> able to list all policies' items here. However, some of which are:
> - Maximum and Minimum password age.
> - built-in administrator account must be renamed.
> - account must expire in 90 days.
> - two-factor authentication for remote administration
> - password must meet complexity requirements
> - ftp, dhcp, dns, telnet, qdaemon, lpd, CDE, NFS, must be disabled
> - account lock out threshold
> - user must change password at next logon
> - account lockout duration
> - minimum number of weeks before a password can be reset
> - the number of days before a system issues a warning that a password
> change is required
> 
> 
> 
> 
> _______________________________________________
> 
> General
> http://community.qnx.com/sf/go/post95119
> To cancel your subscription to this discussion, please e-mail general-
> community-unsubscribe@community.qnx.com
Hii Sing Chung
08/24/2012 7:57 PM
post95136
Security policy compliant   
I don't know what you are referring to. I just want to know if QNX can be securely hardened like that of Windows or 
Linux.
I have never worked with a QNX but I did ask the developers if a set of security policies can be applied to them and 
they told me cannot (because QNX is embedded system). So, I want to confirm that.
If it cannot comply to security policy, then such devices shouldn't be on our network.
Mario Charest
08/27/2012 9:12 AM
post95141
RE: Security policy compliant   

> -----Message d'origine-----
> De : Hii Sing Chung [mailto:community-noreply@qnx.com]
> Envoyé : 24 août 2012 19:58
> À : general-community
> Objet : Security policy compliant
> 
> I don't know what you are referring to. I just want to know if QNX can be
> securely hardened like that of Windows or Linux.
> I have never worked with a QNX but I did ask the developers if a set of
> security policies can be applied to them and they told me cannot (because
> QNX is embedded system). So, I want to confirm that.

It's confirmed ;-)

> If it cannot comply to security policy, then such devices shouldn't be on our
> network.
> 
> 
> 
> _______________________________________________
> 
> General
> http://community.qnx.com/sf/go/post95136
> To cancel your subscription to this discussion, please e-mail general-
> community-unsubscribe@community.qnx.com
Malte Mundt
09/05/2012 6:43 AM
post95384
Re: Security policy compliant   
I am not sure if your company is developing the QNX-based device? If the project is large enough, it may be worthwhile 
discussing possible options.

QNX is based on a Microkernel. All the stuff you mention below are not part of the kernel. They are implemented as 
standard processes, and as such, can be modified or extended to match your required behaviour. QNX has a Custom 
Engineering department that possibly could do this.

> I am a security personnel working in a secured environment. There have been 
> many suggestions on the use of QNX on thin clients. I have little info on QNX.
>  
> I would like to know if QNX can comply to all our security policies. I am not 
> able to list all policies' items here. However, some of which are:
> - Maximum and Minimum password age.
> - built-in administrator account must be renamed.
> - account must expire in 90 days.
> - two-factor authentication for remote administration
> - password must meet complexity requirements
> - ftp, dhcp, dns, telnet, qdaemon, lpd, CDE, NFS, must be disabled
> - account lock out threshold
> - user must change password at next logon
> - account lockout duration
> - minimum number of weeks before a password can be reset
> - the number of days before a system issues a warning that a password change 
> is required

Return


  A subsidiary of BlackBerry             All content ©2004-2013, QNX Software Systems