210 likes | 330 Views
Voyager Server Security and Monitoring. Best practices and tools. Common Security Threats. Denial of Service Attacks Exploitation of a bug in Software or OS Compromised usernames / passwords Attacking of other machines from compromised machine User Error. KNOW your system!.
E N D
Voyager Server Security and Monitoring Best practices and tools
Common Security Threats • Denial of Service Attacks • Exploitation of a bug in Software or OS • Compromised usernames / passwords • Attacking of other machines from compromised machine • User Error
KNOW your system! • What OS and patch level are you running? • What non-Ex-Libris components are there and required to run Voyager? • What OTHER tools are on the machine and WHY? • WHO has access to your system and WHY? • Who has the root password and WHY? • Is it backed up? Where, how often and how?
Patching • Closes bugs in the Software or OS as they become known • Sometimes provides improved performance or functionality • Is NOT an upgrade! • Schedule maintenance windows • Patch Check Advanced (PCA) • LiveUpgrade (solaris)
Shell Access (Unix) • Includes SSH, FTP, SFTP, RLOGON, etc • If possible, disable telnet and FTP • Disallow ROOT logons and control root access • sshd.config – “Permit root login no” • Implement RBAC (Solaris) or Sudo (Solaris/Linux)
Logging • Learn your syslog – What is it? What’s in it? Why is it there? SHOULD it be there? • Central (remote) Syslog • Log other programs to Syslog
Hardening • Remove / Disable unused services • Make sure “System Accounts” do not have a login shell • Solaris Security Toolkit (JASS) • Harden software packages (Apache, PHP, FTP, etc)
Hardening – Apache’s httpd.conf • CHANGE THE DEFAULTS • Disable directory listings • Allowing “Overrides” • Directory Permissions
Usage Policy • Who should be accessing your server and when? • What are specific people allowed to do? • Who creates and manages accounts? • Who manages permissions?
External Security • Access through Firewall • Only publicly accessible port should be 80 (http) • SSH, 70xx, etc can be open to Ex-Libris • Jerseycat Z39.50 • What other machines can access it from behind the firewall? • Internal (machine specific) Firewalls
Server Monitoring • Be proactive • Ask questions
Monitoring Logs • Keep an eye on your syslogs daily. • Use a monitoring tool such as Logzilla (php-syslog-ng) or Kiwi Syslog to monitor your system
Monitoring Services • ps –ef (unix) / “Services” under control panel (Windows) • top (unix) • Monitoring tools • Zabbix • Monit
Zabbix • Configurable to Monitor, restart and notify about: • Services (apache, voyager, etc) • Files (config files, logs, etc) • Processor load • Available memory and disk space
Discussion • What OS / Hardware are you using now? • Who is in charge of your System? • What, if any, tools are you using to monitor or secure your system?
Resources - Books Books: • Solaris 10 System Administration (Prentice Hall)Solaris 10 Security Essentials (Prentice Hall) • Zabbix 1.8 Network Monitoring – RihardsOlups (Pakt Publishing) • Hardening Apache – Tony Mobily (Apress) • Unix in a Nutshell – Arnold Robbins (O’Reilly Media)
Resources - Web • Solaris – http://docs.sun.com • Solaris Security Toolkit (JASS) - http://www.sun.com/software/security/jass/ • Sun Blogs “Dr. Live Upgrade” - http://blogs.sun.com/bobn/entry/dr_live_upgrade_or_how • Zabbix – http://www.zabbix.com • Logzilla/Php-Syslog-NG - http://code.google.com/p/php-syslog-ng/ • Patch Check Advanced - http://www.par.univie.ac.at/solaris/pca/ • Guide To General Server Security – Recommendations of the National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf • Building Scalable Syslog Management Solutions (Cisco) - http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html