Security Considerations for Cado Host
- Static Analysis: Cado Host releases undergo the same static analysis as the primary Cado platform in our release pipeline, ensuring thorough security checks.
- Code Signing: Cado Host Windows binaries are signed with an EV (Extended Validation) code signing certificate, ensuring authenticity and integrity.
- Custom Storage Options: Customers can configure their own storage bucket or web server to host the Cado Host binary. This allows for scanning the binary with their own security tools, though it requires maintaining the latest version.
- Temporary Write-Only Credentials: Cado Host uses limited-time, write-only credentials generated by the Cado platform for accessing cloud storage, minimizing security risks.
- Encrypted Communication: All communication between Cado Host and cloud storage is encrypted using TLS, ensuring data security during transfer.
Privilege Requirements
Cado Host requires elevated privileges to access raw disk and memory for full forensic collection. Running without elevated privileges will limit its ability to access these resources, preventing a complete forensic investigation.