Voyager Server Security and Monitoring

1. Voyager Server Security and Monitoring Best practices and tools

2. Common Security Threats • Denial of Service Attacks • Exploitation of a bug in Software or OS • Compromised usernames / passwords • Attacking of other machines from compromised machine • User Error

3. KNOW your system! • What OS and patch level are you running? • What non-Ex-Libris components are there and required to run Voyager? • What OTHER tools are on the machine and WHY? • WHO has access to your system and WHY? • Who has the root password and WHY? • Is it backed up? Where, how often and how?

4. Patching • Closes bugs in the Software or OS as they become known • Sometimes provides improved performance or functionality • Is NOT an upgrade! • Schedule maintenance windows • Patch Check Advanced (PCA) • LiveUpgrade (solaris)

5. Shell Access (Unix) • Includes SSH, FTP, SFTP, RLOGON, etc • If possible, disable telnet and FTP • Disallow ROOT logons and control root access • sshd.config – “Permit root login no” • Implement RBAC (Solaris) or Sudo (Solaris/Linux)

6. Logging • Learn your syslog – What is it? What’s in it? Why is it there? SHOULD it be there? • Central (remote) Syslog • Log other programs to Syslog

7. Hardening • Remove / Disable unused services • Make sure “System Accounts” do not have a login shell • Solaris Security Toolkit (JASS) • Harden software packages (Apache, PHP, FTP, etc)

8. Hardening – Apache’s httpd.conf • CHANGE THE DEFAULTS • Disable directory listings • Allowing “Overrides” • Directory Permissions

9. Usage Policy • Who should be accessing your server and when? • What are specific people allowed to do? • Who creates and manages accounts? • Who manages permissions?

10. External Security • Access through Firewall • Only publicly accessible port should be 80 (http) • SSH, 70xx, etc can be open to Ex-Libris • Jerseycat Z39.50 • What other machines can access it from behind the firewall? • Internal (machine specific) Firewalls

11. Server Monitoring • Be proactive • Ask questions

12. Monitoring Logs • Keep an eye on your syslogs daily. • Use a monitoring tool such as Logzilla (php-syslog-ng) or Kiwi Syslog to monitor your system

13. Logzilla

14. Monitoring Services • ps –ef (unix) / “Services” under control panel (Windows) • top (unix) • Monitoring tools • Zabbix • Monit

15. Zabbix • Configurable to Monitor, restart and notify about: • Services (apache, voyager, etc) • Files (config files, logs, etc) • Processor load • Available memory and disk space

16. Zabbix

17. Zabbix

18. Discussion • What OS / Hardware are you using now? • Who is in charge of your System? • What, if any, tools are you using to monitor or secure your system?

19. Resources - Books Books: • Solaris 10 System Administration (Prentice Hall)Solaris 10 Security Essentials (Prentice Hall) • Zabbix 1.8 Network Monitoring – RihardsOlups (Pakt Publishing) • Hardening Apache – Tony Mobily (Apress) • Unix in a Nutshell – Arnold Robbins (O’Reilly Media)

20. Resources - Web • Solaris – http://docs.sun.com • Solaris Security Toolkit (JASS) - http://www.sun.com/software/security/jass/ • Sun Blogs “Dr. Live Upgrade” - http://blogs.sun.com/bobn/entry/dr_live_upgrade_or_how • Zabbix – http://www.zabbix.com • Logzilla/Php-Syslog-NG - http://code.google.com/p/php-syslog-ng/ • Patch Check Advanced - http://www.par.univie.ac.at/solaris/pca/ • Guide To General Server Security – Recommendations of the National Institute of Standards and Technology: http://csrc.nist.gov/publications/nistpubs/800-123/SP800-123.pdf • Building Scalable Syslog Management Solutions (Cisco) - http://www.cisco.com/en/US/technologies/collateral/tk869/tk769/white_paper_c11-557812.html