GLI-19: - Gaming Laboratories International
GLI-19: - Gaming Laboratories International
GLI-19: - Gaming Laboratories International
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
<strong>GLI</strong> Standard #<strong>19</strong> – Standards for Interactive <strong>Gaming</strong> Systems (Suppliers) Version 1.0<br />
Final<br />
perform <strong>Gaming</strong> Platform level commands.<br />
d) Any publicly installable theme packages must be hosted and monitored on the official<br />
website for the game, and all themes uploaded must be verified to ensure they contain no<br />
potential exploits or malware.<br />
7.3 Technical Controls<br />
7.3.1 Proxy Servers.<br />
a) The <strong>Gaming</strong> Platform must be capable of operating through multiple proxy servers.<br />
Correct operation of games must not depend on a refresh request from the end player<br />
device reaching the <strong>Gaming</strong> Platform.<br />
7.3.2 Self-Monitoring.<br />
a) The <strong>Gaming</strong> Platform must implement the self-monitoring of critical components (e.g.<br />
central hosts, network devices, firewalls, links to third parties, etc.).<br />
b) A critical component which fails self-monitoring tests must be taken out of service<br />
immediately. The component must not be returned to service until there is reasonable<br />
evidence that the fault has been rectified.<br />
7.3.3 Protection from Attacks.<br />
a) All reasonable precautions must be taken to protect the <strong>Gaming</strong> Platform against attacks<br />
based upon the replay of authentic or non-authentic messages (for example, Distributed<br />
Denial of Service Attack).<br />
b) The software must be able to reasonably detect and/or prevent a man-in-the-middle style<br />
attack without invading the end user’s privacy.<br />
c) If a man-in-the-middle attack has been suspected, all communications between the<br />
suspected client and server must be terminated with a message displayed to the end user<br />
as to why communications were terminated.<br />
d) Upon termination of client-server communications, the appropriate steps to determine if<br />
the end user was performing a man-in-the-middle attack. If it was determined that a manin-the-middle<br />
attack was attempted, the appropriate actions in regards to cheating must be<br />
Chapter Seven: Information Systems Security (ISS) Requirements Page 54<br />
Copyright © 2011 <strong>Gaming</strong> <strong>Laboratories</strong> <strong>International</strong>, LLC<br />
All Rights Reserved.