Site Security
-
Upload
colorado-massey -
Category
Documents
-
view
39 -
download
0
description
Transcript of Site Security
![Page 1: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/1.jpg)
Site Security
and Administration
http://www.gridpp.ac.uk/wiki/SiteSecuritySteve Cobrin <[email protected]>
![Page 2: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/2.jpg)
Site Security and Administration
• Proposing a wiki to be used to discuss some basic Site Security and SysAdmin issues– focusing on Unix, Unix-like and Unix-derived
systems. e.g. Solaris, AIX, HP-UX, Linux, GNU/Linux, FreeBSD, MacOSX, OpenBSD, etc
• Will not look at deploying or using LCG/EGEE middleware
![Page 3: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/3.jpg)
Introduction
• There are quite a few areas of security and administration, which don't seem to be discussed enough.
• Why not?– Old topics (been doing this for > 20 years)– Boring– Done it! Been there! Read the book (Practical Unix Security)
• However if overlooked– Less security– Forever reinventing the wheel– Less stability– Less quality– Poor mentorship
• So, lets share best practices!
![Page 4: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/4.jpg)
Initial commissioning of machines (building, configuration,
deployment)
• Defining the life-cycle / work-flow of machines.
![Page 5: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/5.jpg)
Initial commissioning of machines (building,
configuration, deployment)(continued)
• Differing type of operating systems – Many different Linux distributions – Some centrally administered others ad-hoc
administration – Linux and Unix system interoperability – MacOSX
![Page 6: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/6.jpg)
Security Documents
• Internal Documents: – Site Security Policies – Acceptable Use Policies – Incident Response Procedures – Baseline Security Documents – Local Security Hardening Procedures
• Standard off the shelf documents: – BSI 7799 /ISO 27001 Standards – The Centre for Internet Security Benchmarks
![Page 7: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/7.jpg)
SysAdmin Procedures
• Initial build and deployment of systems - Kickstart, Imaging
• Documentation - Useful documentation used at sites • Patch Management - e.g. OS Vendor and Distribution
patches – up2date – yumit/pakiti (http://pakiti.sourceforge.net)
• Software Management - e.g. 3rd party software, compiling from source, etc
• Cluster management - for example how you perform kernel updates across a large cluster
![Page 8: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/8.jpg)
SysAdmin Procedures(continued)
• Admin methods - how you go about configuration tasks (e.g. logging in as root, use of SSH keys, Sudo (http://courtesan.com/sudo)
• Managing non-user accounts • Helpdesk Systems - • Configuration Management and Change Control
– CFengine (http://www.cfengine.org/) – RT (http://bestpractical.com/rt) and Footprints – SubVersion
![Page 9: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/9.jpg)
Security Monitoring & Forensics
• Logging - – Central Syslogging (syslog-ng)– level of error logging for tools like ssh
• Network Monitoring – Any network tracing or forensics that you perform
(tracing IDs via processes)• Snort (http://www.snort.org/)• Sguil (http://sguil.sourceforge.net/)
• General Monitoring– Nagios (http://www.nagios.org) – Tripwire (http://sourceforge.net/projects/tripwire/) &
AIDE (http://sourceforge.net/projects/aide)
![Page 10: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/10.jpg)
Security Monitoring & Forensics(continued)
• Inventorying & Auditing - – Tests that are performed to check security.
• Bastille (http://www.bastille-linux.org/)• Nessus (http://www.nessus.org/)• SARA (http://www-arc.com/sara/)
• Forensics - procedures, techniques
• Benchmarking - performance, network
• Alerts and Escalation
![Page 11: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/11.jpg)
SysAdmin Training
• SAGE Job Descriptions(http://www.sage.org/pubs/8_jobs/)
• Linux Professional Institute(http://www.lpi.org)
• Red Hat Certification
![Page 12: Site Security](https://reader036.fdocuments.in/reader036/viewer/2022083005/56813745550346895d9ed78a/html5/thumbnails/12.jpg)
THANK YOU
• Please visit web site
• http://www.gridpp.ac.uk/wiki/SiteSecurity