> ## Documentation Index
> Fetch the complete documentation index at: https://docs.cloud.red/llms.txt
> Use this file to discover all available pages before exploring further.

# Agent Security

> Security information for the Cloud.Red Agent Version 3.0 or greater

WorldTech IT has successfully obtained SOC2 compliance certification.  <br />

* This demonstrates our dedication to maintaining strong controls and procedures related to security, availability, processing integrity, confidentiality, and privacy within our organization.  <br />
* Clients and partners can trust that our operations adhere to industry-recognized standards, reflecting a serious commitment to quality and security in our services. <br />
  [2018 SOC 2® Description Criteria (With Revised Implementation Guidance – 2022)](https://www.aicpa-cima.com/resources/download/get-description-criteria-for-your-organizations-soc-2-r-report) <br />

<br />

The Cloud.Red Agent is a specialized and secure appliance that provides essential services in a controlled environment.  <br />

Based on Red Hat Embedded Linux, it has been meticulously designed to offer robust security without compromising functionality.  <br />

The following features demonstrate the security of the Cloud.Red agent: <br />

### Embedded Linux Image

* **Limited Version:**  <br />
  The Cloud.Red agent utilizes a custom-created Linux image based on Red Hat Embedded Linux.  <br />
  This is a streamlined version that excludes all unnecessary components, ensuring an optimized and secure environment.  <br />
* **Focused Libraries & Binaries:**  <br />
  Only the essential libraries and binaries required to support the agent are included.  <br />
  This is not a full Linux installation, reducing the attack surface and increasing the system's integrity.  <br />

### Security-Enhanced Linux (SELinux)

* **SELinux Kernel Modules:**  <br />
  These are enabled in the Cloud.Red agent, fortifying the system against unauthorized access and modifications.  <br />
* **Defined Policies:**  <br />
  Carefully crafted policies have been implemented to strictly regulate process permissions.  <br />
  These policies ensure that processes can only perform actions and access resources that are vital for their proper operation.  <br />

### Controlled Network Access

* **Limited Open Ports:**  <br />
  The appliance's operating system maintains a local firewall, with rules only allowing access on application-specific ports.  <br />
  Application listeners are defined to only allow traffic from specific hosts, dropping foreign traffic.  <br />
* **SSH Access Restriction:**  <br />
  SSH access to the appliance is expressly prohibited, further enhancing the system's security posture.  <br />

### Compliance with License Agreement

* **Customer Access Restriction:**  <br />
  Direct access to the appliance by customers is not permitted, in strict adherence to our license agreement with Red Hat.  <br />
* **Software Installation Limitation:**  <br />
  Installing additional client software on the appliance is impossible, reinforcing the system's stability and minimizing potential vulnerabilities.  <br />
