1 / 20

Voyager Server Security and Monitoring

Voyager Server Security and Monitoring. Best practices and tools. Common Security Threats. Denial of Service Attacks Exploitation of a bug in Software or OS Compromised usernames / passwords Attacking of other machines from compromised machine User Error. KNOW your system!.

hank
Download Presentation

Voyager Server Security and Monitoring

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Voyager Server Security and Monitoring Best practices and tools

  2. Common Security Threats • Denial of Service Attacks • Exploitation of a bug in Software or OS • Compromised usernames / passwords • Attacking of other machines from compromised machine • User Error

  3. KNOW your system! • What OS and patch level are you running? • What non-Ex-Libris components are there and required to run Voyager? • What OTHER tools are on the machine and WHY? • WHO has access to your system and WHY? • Who has the root password and WHY? • Is it backed up? Where, how often and how?

  4. Patching • Closes bugs in the Software or OS as they become known • Sometimes provides improved performance or functionality • Is NOT an upgrade! • Schedule maintenance windows • Patch Check Advanced (PCA) • LiveUpgrade (solaris)

  5. Shell Access (Unix) • Includes SSH, FTP, SFTP, RLOGON, etc • If possible, disable telnet and FTP • Disallow ROOT logons and control root access • sshd.config – “Permit root login no” • Implement RBAC (Solaris) or Sudo (Solaris/Linux)

  6. Logging • Learn your syslog – What is it? What’s in it? Why is it there? SHOULD it be there? • Central (remote) Syslog • Log other programs to Syslog

  7. Hardening • Remove / Disable unused services • Make sure “System Accounts” do not have a login shell • Solaris Security Toolkit (JASS) • Harden software packages (Apache, PHP, FTP, etc)

  8. Hardening – Apache’s httpd.conf • CHANGE THE DEFAULTS • Disable directory listings • Allowing “Overrides” • Directory Permissions

  9. Usage Policy • Who should be accessing your server and when? • What are specific people allowed to do? • Who creates and manages accounts? • Who manages permissions?

  10. External Security • Access through Firewall • Only publicly accessible port should be 80 (http) • SSH, 70xx, etc can be open to Ex-Libris • Jerseycat Z39.50 • What other machines can access it from behind the firewall? • Internal (machine specific) Firewalls

  11. Server Monitoring • Be proactive • Ask questions

  12. Monitoring Logs • Keep an eye on your syslogs daily. • Use a monitoring tool such as Logzilla (php-syslog-ng) or Kiwi Syslog to monitor your system

  13. Logzilla

  14. Monitoring Services • ps –ef (unix) / “Services” under control panel (Windows) • top (unix) • Monitoring tools • Zabbix • Monit

  15. Zabbix • Configurable to Monitor, restart and notify about: • Services (apache, voyager, etc) • Files (config files, logs, etc) • Processor load • Available memory and disk space

  16. Zabbix

  17. Zabbix

  18. Discussion • What OS / Hardware are you using now? • Who is in charge of your System? • What, if any, tools are you using to monitor or secure your system?

  19. Resources - Books Books: • Solaris 10 System Administration (Prentice Hall)Solaris 10 Security Essentials (Prentice Hall) • Zabbix 1.8 Network Monitoring – RihardsOlups (Pakt Publishing) • Hardening Apache – Tony Mobily (Apress) • Unix in a Nutshell – Arnold Robbins (O’Reilly Media)

  20. Resources - Web • Solaris – http://docs.sun.com • Solaris Security Toolkit (JASS) - http://www.sun.com/software/security/jass/ • Sun Blogs “Dr. Live Upgrade” - http://blogs.sun.com/bobn/entry/dr_live_upgrade_or_how • Zabbix – http://www.zabbix.com • Logzilla/Php-Syslog-NG - http://code.google.com/p/php-syslog-ng/ • Patch Check Advanced - http://www.par.univie.ac.at/solaris/pca/ • Guide To General Server Security – Recommendations of the National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf • Building Scalable Syslog Management Solutions (Cisco) - http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html

More Related