210 likes | 345 Views
Configuring and Managing RNI Security: System Access Control RNI Release 3.1 SP2. C-PAMRAMI-WGE-0139-01. Introduce actions that Sensus has taken to prevent visibility and access to system resources. The goal of this module is to:.
E N D
Configuring and Managing RNI Security: System Access Control RNI Release 3.1 SP2 C-PAMRAMI-WGE-0139-01
Introduce actions that Sensus has taken to prevent visibility and access to system resources. The goal of this module is to:
Recall actions taken by Sensus to secure RNI servers prior to shipment to utility. • Describe why obtaining a commercial Secure Socket Layer (SSL) certificate is important. Module Objectives
Controlling System Access System Access Control
Understanding RNI System Hardening System Access Control Intended to eliminate as many security risks (such as unauthenticated and unauthorized access to the system) as possible For 3.x, Sensus performs system hardening on the following RNI components: • Network Controller • Web server • Database server • Stats server • Red Hat Enterprise Linux • Apache Web server • Apache Tomcat • OpenLDAP server
Linux-Based Hardening Actions System Access Control Applies to Network Controller and Web servers Performed during installation by Sensus Actions performed: • Add default root user • Change root password to complex password • Register server with Red Hat Network • Disable user mounted file systems • Disable USB devices • Change directory and file permissions on sensitive system resources and critical files • Remove unused user accounts
Linux-Based Hardening Actions (Continued) System Access Control • Lock down existing user accounts • Set password policy for local users • Lock down crontab files • Set requirements for PAM (Pluggable Authentication Modules) support • Customize login in banner (optional) • Set permissions for network configurations • Secure files associated with auditing and logging • Configure remote delivery of syslog messages to central location • Configure SSH access only for strong, authenticated sessions • Configure SNMP as needed • Configure audit services to track critical actions on system
Database Server Hardening Actions System Access Control Performed during installation by Sensus Actions performed: • Change default passwords to complex passwords for local user accounts • Set password policy • Set account lockout policy • Set audit policy • Set security options • Change default passwords on SQL server
Stats Server Hardening Actions System Access Control Performed during installation by Sensus Actions performed: • Change default passwords to complex passwords for local user accounts • Set password policy • Set account lockout policy • Set audit policy • Set security options • Enable SSL on default Web server
Apache Web Server Hardening Actions System Access Control Performed after Linux hardening Performed during installation by Sensus Actions performed: • Remove track and trace HTTP methods • Remove insecure encryption ciphers
Apache Tomcat Server Hardening Actions System Access Control Performed after Apache Web server hardening Performed during installation by Sensus Actions performed: • Remove default tomcat5 files • Remove default tomcat6 files • Replace shutdown password on tomcat5 install • Replace shutdown password on tomcat6 install • Update default session timeout as needed
OpenLDAP Server Hardening Actions System Access Control Performed during installation by Sensus Actions performed: • Remove insecure encryption ciphers • Disable anonymous bind • Create Read-Only and Read/Write accounts for application access • Hash all passwords • Restrict access to password hashes
What is the purpose of the system hardening procedures performed by Sensus? • Limit system access to administrators • Prevent password changes on the system • Reduce risk of unauthorized access to system • Hide selected servers from users
Which of the following actions is common to server hardening procedures for the various RNI components? • Customize log in banner • Change default passwords • Register server with Red Hat • Remove track and trace HTTP methods
Controlling System Access System Access Control
SSL and SSL Certificates Defined System Access Control Secure Sockets Layer (SSL) is a standard security protocol used to establish an encrypted link between a server and a client • Typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook) Browser and server need an SSL Certificate to establish the secure connection SSL Certificates identify a key pair and the identity of the certificate/website owner RNI uses SSL and SSL certificates to secure communications between the hardware servers and its software application users
Impact of Using SSL Certificates System Access Control Users must be authenticated, use a unique password, to log in Users must enter the server addresses with https:// instead of http:// Enabled by default on Web server and Statistics server (if present)
Which of the following are true about SSL-enabled Sensus servers? • Users must be authenticated, use a unique password, to log in • Provides secure communications between RNI servers and software application users • Users must enter the server addresses with https:// in front • All of the above