Hyrax - Secure Installation Guidelines: Difference between revisions
From OPeNDAP Documentation
⧼opendap2-jumptonavigation⧽
(New page: # Always use a firewall; for Hyrax, never allow direct access to the BES # Better to run the BES on a second machine where only the BES port is open # Log issues: How to manage the log fil...) |
No edit summary |
||
| Line 1: | Line 1: | ||
# Always use a firewall | =Overview= | ||
# | Security is an important and unfortunately complex issue. Any computer security expert will tell you that the best way to keep your systems secure is to never, ever, let them have network access. Obviously that's not really what you had in mind or you wouldn't be thinking about installing Hyrax. You can improve the security of Hyrax using a number of mechanisms, from following best practices for installation, to requiring secure authentication for the entire server. | ||
# Log | |||
# Run the BES and Tomcat | '''Disclaimer:''' At OPeNDAP we consider security to be a top priority. However, we are not security experts. What follows is a summary of what we currently know to be the most effective methods for securing your Hyrax installation. | ||
=Best Practices For Secure Installation= | |||
# '''Always use a firewall''' - Keep your Hyrax server behind a firewall and configure the firewall to only forward requests to the appropriate port (typically 8080 for Tomcat and 80 for Apache) on your Hyrax system. Be sure to have the firewall block direct access to the BES. | |||
# '''Seperate the BES and Hyrax''' - We feel that it is better to run the BES on a second machine where '''only''' the BES port is open, and where the BES system is completely blocked by the firewall. | |||
# '''Restrict Log and Configuration File Access''' - It is an unfortunate fact that many (if not most) IT security problems arise from within an organization and not from outside attacks. Given this situation it is important to restrict access to the log files generated by and configuration files used by Hyrax. | |||
#* ''Log Files'' - Logs can reveal how the code works and allow a hostile observer to interact with the server and view important details about the resulting effect. | |||
#* ''Configuration Files'' - By default Hyrax comes with logging set up to record access and errors. This can be further reduced if one desires. However unrestricted access to the Hyrax configuration files could allow a hostile individual to turn on extensive logging in order to learn more baout the system. | |||
#* '''''Secure the logs, secure the configuration.''''' | |||
# '''Run Hyrax as a Restricted user.''' - We strongly recommend that you run Hyrax as a restricted user. Running Hyrax as ''root'' or the ''super user'' is actively discouraged, as doing so creates the potential for dire consequenes. What this means is that you should create a special user for bot the BES and Tomcat. These users should have restricted privileges and should only be allowed to write to the directories required by Tomcat and the BES. | |||
=Restricting System Access= | |||
One may also choose to restrict user access to Hyrax. This can be done by configuring Tomcat to demand user authentication, and if required, [http://en.wikipedia.org/wiki/Secure_Sockets_Layer TSL/SSL]. | |||
For Tomcat 5.x see: | |||
* [[OLFS 1.2.0: Configuration#Security| Our instructions for enabling Tomcat User Autentication]] | |||
*[http://tomcat.apache.org/tomcat-5.5-doc/index.html Tomcat 5.x Documentation] | |||
**[http://tomcat.apache.org/tomcat-5.5-doc/realm-howto.html Section 6: Configuring/Managing User Realms] | |||
**[http://tomcat.apache.org/tomcat-5.5-doc/ssl-howto.html Section 12: Configuring SSL] | |||
For Tomcat 6.x see: | |||
*[http://tomcat.apache.org/tomcat-6.0-doc/index.html Tomcat 6.x Documentation] | |||
**[http://tomcat.apache.org/tomcat-6.0-doc/realm-howto.html Section 6: Configuring/Managing User Realms] | |||
**[http://tomcat.apache.org/tomcat-6.0-doc/ssl-howto.html Section 12: Configuring SSL] | |||
''(Note that Hyrax has not yet been tested against Tomcat 6.x)'' | |||
Requiring user authentication and using SSL doesn't actually change Hyrax's vulnerability to attack, but it willl increase the security of your server by: | |||
* Limiting the number of users to those with authentication credentials. | |||
* Protecting those authentication credentials by using SSL encryption. | |||
* Protecting data content by transmitting it in an encrypted form. | |||
Revision as of 01:32, 21 September 2007
Overview
Security is an important and unfortunately complex issue. Any computer security expert will tell you that the best way to keep your systems secure is to never, ever, let them have network access. Obviously that's not really what you had in mind or you wouldn't be thinking about installing Hyrax. You can improve the security of Hyrax using a number of mechanisms, from following best practices for installation, to requiring secure authentication for the entire server.
Disclaimer: At OPeNDAP we consider security to be a top priority. However, we are not security experts. What follows is a summary of what we currently know to be the most effective methods for securing your Hyrax installation.
Best Practices For Secure Installation
- Always use a firewall - Keep your Hyrax server behind a firewall and configure the firewall to only forward requests to the appropriate port (typically 8080 for Tomcat and 80 for Apache) on your Hyrax system. Be sure to have the firewall block direct access to the BES.
- Seperate the BES and Hyrax - We feel that it is better to run the BES on a second machine where only the BES port is open, and where the BES system is completely blocked by the firewall.
- Restrict Log and Configuration File Access - It is an unfortunate fact that many (if not most) IT security problems arise from within an organization and not from outside attacks. Given this situation it is important to restrict access to the log files generated by and configuration files used by Hyrax.
- Log Files - Logs can reveal how the code works and allow a hostile observer to interact with the server and view important details about the resulting effect.
- Configuration Files - By default Hyrax comes with logging set up to record access and errors. This can be further reduced if one desires. However unrestricted access to the Hyrax configuration files could allow a hostile individual to turn on extensive logging in order to learn more baout the system.
- Secure the logs, secure the configuration.
- Run Hyrax as a Restricted user. - We strongly recommend that you run Hyrax as a restricted user. Running Hyrax as root or the super user is actively discouraged, as doing so creates the potential for dire consequenes. What this means is that you should create a special user for bot the BES and Tomcat. These users should have restricted privileges and should only be allowed to write to the directories required by Tomcat and the BES.
Restricting System Access
One may also choose to restrict user access to Hyrax. This can be done by configuring Tomcat to demand user authentication, and if required, TSL/SSL.
For Tomcat 5.x see:
For Tomcat 6.x see:
(Note that Hyrax has not yet been tested against Tomcat 6.x)
Requiring user authentication and using SSL doesn't actually change Hyrax's vulnerability to attack, but it willl increase the security of your server by:
- Limiting the number of users to those with authentication credentials.
- Protecting those authentication credentials by using SSL encryption.
- Protecting data content by transmitting it in an encrypted form.
