voyager server security and monitoring best practices and tools
TRANSCRIPT
![Page 1: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/1.jpg)
Voyager Server Security and Monitoring
Best practices and tools
![Page 2: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/2.jpg)
Common Security Threats
• Denial of Service Attacks• Exploitation of a bug in Software or OS• Compromised usernames / passwords• Attacking of other machines from
compromised machine• User Error
![Page 3: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/3.jpg)
KNOW your system!
• What OS and patch level are you running?• What non-Ex-Libris components are there and
required to run Voyager?• What OTHER tools are on the machine and
WHY?• WHO has access to your system and WHY?• Who has the root password and WHY?• Is it backed up? Where, how often and how?
![Page 4: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/4.jpg)
Patching
• Closes bugs in the Software or OS as they become known
• Sometimes provides improved performance or functionality
• Is NOT an upgrade!• Schedule maintenance windows• Patch Check Advanced (PCA)• LiveUpgrade (solaris)
![Page 5: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/5.jpg)
Shell Access (Unix)
• Includes SSH, FTP, SFTP, RLOGON, etc• If possible, disable telnet and FTP• Disallow ROOT logons and control root access– sshd.config – “Permit root login no”
• Implement RBAC (Solaris) or Sudo (Solaris/Linux)
![Page 6: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/6.jpg)
Logging
• Learn your syslog – What is it? What’s in it? Why is it there? SHOULD it be there?
• Central (remote) Syslog• Log other programs to Syslog
![Page 7: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/7.jpg)
Hardening
• Remove / Disable unused services• Make sure “System Accounts” do not have a
login shell• Solaris Security Toolkit (JASS)• Harden software packages (Apache, PHP, FTP,
etc)
![Page 8: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/8.jpg)
Hardening – Apache’s httpd.conf
• CHANGE THE DEFAULTS• Disable directory listings• Allowing “Overrides”• Directory Permissions
![Page 9: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/9.jpg)
Usage Policy
• Who should be accessing your server and when?
• What are specific people allowed to do?• Who creates and manages accounts?• Who manages permissions?
![Page 10: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/10.jpg)
External Security
• Access through Firewall– Only publicly accessible port should be 80 (http)– SSH, 70xx, etc can be open to Ex-Libris– Jerseycat Z39.50
• What other machines can access it from behind the firewall?
• Internal (machine specific) Firewalls
![Page 11: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/11.jpg)
Server Monitoring
• Be proactive• Ask questions
![Page 12: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/12.jpg)
Monitoring Logs
• Keep an eye on your syslogs daily.• Use a monitoring tool such as Logzilla (php-
syslog-ng) or Kiwi Syslog to monitor your system
![Page 13: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/13.jpg)
Logzilla
![Page 14: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/14.jpg)
Monitoring Services
• ps –ef (unix) / “Services” under control panel (Windows)
• top (unix)• Monitoring tools– Zabbix– Monit
![Page 15: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/15.jpg)
Zabbix
• Configurable to Monitor, restart and notify about:– Services (apache, voyager, etc)– Files (config files, logs, etc)– Processor load– Available memory and disk space
![Page 16: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/16.jpg)
Zabbix
![Page 17: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/17.jpg)
Zabbix
![Page 18: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/18.jpg)
Discussion
• What OS / Hardware are you using now?• Who is in charge of your System?• What, if any, tools are you using to monitor or
secure your system?
![Page 19: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/19.jpg)
Resources - Books
Books:• Solaris 10 System Administration (Prentice Hall)
Solaris 10 Security Essentials (Prentice Hall)• Zabbix 1.8 Network Monitoring – Rihards Olups
(Pakt Publishing)• Hardening Apache – Tony Mobily (Apress)• Unix in a Nutshell – Arnold Robbins (O’Reilly
Media)
![Page 20: Voyager Server Security and Monitoring Best practices and tools](https://reader036.vdocuments.mx/reader036/viewer/2022062314/56649da25503460f94a8f2f3/html5/thumbnails/20.jpg)
Resources - Web• Solaris – http://docs.sun.com• Solaris Security Toolkit (JASS) -
http://www.sun.com/software/security/jass/• Sun Blogs “Dr. Live Upgrade” -
http://blogs.sun.com/bobn/entry/dr_live_upgrade_or_how• Zabbix – http://www.zabbix.com• Logzilla/Php-Syslog-NG - http://code.google.com/p/php-syslog-ng/• Patch Check Advanced - http://www.par.univie.ac.at/solaris/pca/• Guide To General Server Security – Recommendations of the National
Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf
• Building Scalable Syslog Management Solutions (Cisco) - http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html