Voyager Server Security and Monitoring

Report
Voyager Server Security and
Monitoring
Best practices and tools
Common Security Threats
•
•
•
•
Denial of Service Attacks
Exploitation of a bug in Software or OS
Compromised usernames / passwords
Attacking of other machines from
compromised machine
• User Error
KNOW your system!
• What OS and patch level are you running?
• What non-Ex-Libris components are there and
required to run Voyager?
• What OTHER tools are on the machine and
WHY?
• WHO has access to your system and WHY?
• Who has the root password and WHY?
• Is it backed up? Where, how often and how?
Patching
• Closes bugs in the Software or OS as they
become known
• Sometimes provides improved performance or
functionality
• Is NOT an upgrade!
• Schedule maintenance windows
• Patch Check Advanced (PCA)
• LiveUpgrade (solaris)
Shell Access (Unix)
• Includes SSH, FTP, SFTP, RLOGON, etc
• If possible, disable telnet and FTP
• Disallow ROOT logons and control root access
– sshd.config – “Permit root login no”
• Implement RBAC (Solaris) or Sudo
(Solaris/Linux)
Logging
• Learn your syslog – What is it? What’s in it?
Why is it there? SHOULD it be there?
• Central (remote) Syslog
• Log other programs to Syslog
Hardening
• Remove / Disable unused services
• Make sure “System Accounts” do not have a
login shell
• Solaris Security Toolkit (JASS)
• Harden software packages (Apache, PHP, FTP,
etc)
Hardening – Apache’s httpd.conf
•
•
•
•
CHANGE THE DEFAULTS
Disable directory listings
Allowing “Overrides”
Directory Permissions
Usage Policy
• Who should be accessing your server and
when?
• What are specific people allowed to do?
• Who creates and manages accounts?
• Who manages permissions?
External Security
• Access through Firewall
– Only publicly accessible port should be 80 (http)
– SSH, 70xx, etc can be open to Ex-Libris
– Jerseycat Z39.50
• What other machines can access it from
behind the firewall?
• Internal (machine specific) Firewalls
Server Monitoring
• Be proactive
• Ask questions
Monitoring Logs
• Keep an eye on your syslogs daily.
• Use a monitoring tool such as Logzilla (phpsyslog-ng) or Kiwi Syslog to monitor your
system
Logzilla
Monitoring Services
• ps –ef (unix) / “Services” under control panel
(Windows)
• top (unix)
• Monitoring tools
– Zabbix
– Monit
Zabbix
• Configurable to Monitor, restart and notify
about:
– Services (apache, voyager, etc)
– Files (config files, logs, etc)
– Processor load
– Available memory and disk space
Zabbix
Zabbix
Discussion
• What OS / Hardware are you using now?
• Who is in charge of your System?
• What, if any, tools are you using to monitor or
secure your system?
Resources - Books
•
•
•
•
Books:
Solaris 10 System Administration (Prentice
Hall)
Solaris 10 Security Essentials (Prentice Hall)
Zabbix 1.8 Network Monitoring – Rihards
Olups (Pakt Publishing)
Hardening Apache – Tony Mobily (Apress)
Unix in a Nutshell – Arnold Robbins (O’Reilly
Media)
Resources - Web
• Solaris – http://docs.sun.com
• Solaris Security Toolkit (JASS) http://www.sun.com/software/security/jass/
• Sun Blogs “Dr. Live Upgrade” http://blogs.sun.com/bobn/entry/dr_live_upgrade_or_how
• Zabbix – http://www.zabbix.com
• Logzilla/Php-Syslog-NG - http://code.google.com/p/php-syslog-ng/
• Patch Check Advanced - http://www.par.univie.ac.at/solaris/pca/
• Guide To General Server Security – Recommendations of the
National Institute of Standards and Technology:
http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf
• Building Scalable Syslog Management Solutions (Cisco) http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/
white_paper_c11-557812.html

similar documents