Nexus Hybrid Access Gateway is shipped as a virtual appliance that uses an Ubuntu base image. With every release of Hybrid Access Gateway this base image is hardened in different areas:

• Only installing required software and services
• Restricted user management
• Continuous security updates 

Installed services

During installation, Hybrid Access Gateway installs only the OpenSSH server for communication from outside. A Postgres database is installed and only used for local communication. Connections from outside are disabled by default. During the installation, the default firewall of Ubuntu is applied.

Restricted user management

All services in Hybrid Access Gateway are running as a separate user. Authentication from outside is not allowed with that user. For authentication from outside, the user agadmin is created during installation. Writing permissions to Hybrid Access Gateway-related files are restricted to power users.

Continuous security updates

With every release of Hybrid Access Gateway, all binaries are updated to the latest versions to prevent security vulnerabilities as much as possible. Therefore, vulnerabilities like Spectre and Meltdown get fixed as soon as updates are available. A steady release cycle ensures prompt security updates.

Penetration testing

On a regular basis, Nexus instructs specialized, external companies to perform penetration tests on the latest versions of Hybrid Access Gateway, to ensure that it maintains it high security status.