I want to enable RabbitMQ Management plugin on my production environment, but I'm not sure about the security concerns this might bring.
I already have a few applications connected to the RMQ, and hence can't change the credentials now (I'm using default).
Could anyone shed some light on this? I want to know what all things I might need to worry about and what I could do to minimise vulnerabilities.
Thanks!
Management Plugin use credentials, which is enough for most cases unless you want it to be accessible from outside. At this case iptables is your friend. In addition you can proxy HTTP api and management interface via nginx (or apache) and use additional security layer like basic auth.
If you are a bit paranoid (like me) you can combine all 3 methods to have more protection (and have non-trivial access to your management interface from non-usual locations like free wifi zone in airport when flow control get applied ont your server, but this is quite unusual situation).
UPD:
Note: if your application is badly-designed and mix routine job with management job under same account you may get into some troubles. I suggest you management plugin Permission section for further reading.
Usually, separate account for application and management job, as well as disabling default guest account (for outside only or in general) is the best choice from security point of view.
If you are forced to use default guest account you can disable management plugin for it and create separate account for administration only. In fact in recent RabbitMQ version it is disabled for accessing from outside.
To do this, firs create administration user (account with administrator tag), make sure it works and then update guest use by removing all tags it has (actually, removing administrator tag is the only one set by default for guest account).
Here is a pic of default guest account with note what to remove.
Related
Azure allows partners to manage customer's resources.
But as startups serving enterprise customers, we might be asked to install our software on customer's Azure Linux server resource and manage it, but we dont want them to access the Linux box via shell or clone it entirely thereby making a copy without our knowledge. How do you solve this?
For the install, I'd write a bash script to install your application by wget'ing the binaries and setting some environment settings. If you want to take it a step further, your client can create an ARM template that spins up the VM and installs your app via custom script extension. When it comes to managing the application, you should be able to view log files in Azure using Application Insights and perform administrative functions using the app. If an issue arises that cannot be diagnosed from the log files and the built-in app diagnostics (e.g. the install failed, app cannot write to log files in local dir), I'd do a screen share with the client and troubleshoot.
You could create a web application that would talk to the OS and perform the administrative tasks you wish. This way, you only need to open one port (possiblity 443 - HTTPS) and share login credentials w/ your partner. This way your OS is protected -- administrative tasks can only be performed through a web UI.
By doing a quick Google search, you can find some open-source options:
http://ajenti.org/
http://www.webmin.com/
https://cockpit-project.org/
You need to ensure you create users for your customer with limited access. Get Webdmin as an example: https://doxfer.webmin.com/Webmin/Webmin_Users
A standard, out-of-the-box Webmin installation has only one user
(called root or admin) who can use every feature of every module. On a
home or office system used by just one person, that is all you need.
Even if your system has multiple users, there may be only one who
needed to perform system administration tasks.
However, there are many situations in which the administrator may want
to give some people access to a subset of Webmin's features. For
example, you may have a person in your organization whose job it is to
create and edit DNS zones and records. On a normal Unix system, this
person would have to be given root access so that he can edit the zone
files and re-start the DNS server when necessary. Unfortunately, once
someone is able to login as root he has full control of the system and
can do whatever he wants.
Webmin solves this kind of problem by allowing you to create
additional users who can login, but only access a few modules. You can
further restrict what the user can do within each module, so that he
cannot abuse its features to perform actions that he is not supposed
to. Because Webmin still runs with full root privileges even when used
by a restricted user, it still has access to all the configuration
files and commands that it needs.
This is a question for Azure experts, in particular around the Windows VM's available in Azure.
Do they make any changes to the base build? Hardening and security standards? Or are they standard builds fresh out the box?
Any information on this would be greatly appreciated.
yes. Public and up-to-date information about security measures like compliance, some technical details, etc, can be found on the Azure Trust Center.
However, i do not think that Microsoft reveals all of the internal implementation information, but a lot of work is doing around isolation of hypervisor, root os, guest vms. Also, there is the Azure Fabric Controller is the "brain" that secures and isolates customer deployments and manage the commands sent to Host OS/Hypervisor, and the Host OS is a configuration-hardened version of Windows Server.
Some basic information can be found here:
https://technet.microsoft.com/en-us/cloud/gg663906.aspx
Azure Fabric Controller: https://azure.microsoft.com/en-us/documentation/videos/fabric-controller-internals-building-and-updating-high-availability-apps/
And i recommend to follow Mark Russinovich, Azure CTO, as his video are one of the most internal-details-revealing i ever saw.
You might wanna check out the CIS hardened Images in the Azure Marketplace: https://www.cisecurity.org/cis-hardened-images-now-in-microsoft-azure-marketplace/
Ther you can choose between two levels of hardening, depending on your workload as well as there multiple Windows Server versiosn and even some Linuxs distrubutions. If you want to harden the VMs yourself, I would check out the Dev-Sec Project on github: https://github.com/dev-sec
There you can customize the hardening to your needs if you have an automation tool in place like chef, puppet etc.
I wonder what is the security level for azure hosted websites. Is it Medium/High or Full?
They run in Full Trust (source).
However, they use a Sandbox mechanism, and as a result some APIs are not available (e.g. Sockets using IPv6), or do not work as expected (for example, the Socket.Available property is unavailable, which restricts the use of some libraries such as NetFTP).
If you are considering using WA Websites for scenarios in which .NET Security might be a problem, I suggest you to get in touch with Microsoft support to ensure that the specific features you may need are supported on this environment.
I want to move my website to Windows Azure, but need to make sure that I'm using PFS on all my instances and roles. (regular web roles and Websites as well)
How do I configure this so that each deployment is automatically configured this way?
This excellent article by André N. Klingsheim explains detailed options for hardening the SSL/TLS configuration on Windows Server and Windows Azure. This includes
Disabling SSL
Enabling TLS
Changing Cipher Suite Priorities
The author additionally provides a NuGet package as well as related source code for handling these updates during Azure role startup.
If you want to enforce (perfect) forward secrecy over just enabling it you will probably want to disable all cipher suites not supporting that. Looking at the relevant powershell script all TLS_RSA_*-suites need to be removed from $preferredCipherSuites. Note that this will drop compatibility with some (mostly legacy) browsers/clients.
Please also see this answer that contains several resources on cipher suite recommendations.
I believe that forcing PFS from the server side required a registry change.
This can be achieved for Web Roles using a start up script as described here
Given the need to change the registry, I don't think this is possible for Windows Azure Websites.
I've got three different apps, all in GWT, none using Spring. Today, all of them got their own security layer provided by Tomcat. I want to setup a security layer shared by all of them. So that I don't have to deal with changes in the security layer for every app (following the DRY principle). I believe it's something similar to what Google does. Every time I try to login to any Google app, I'm taken to account.google.com.
How can I do that? Maybe setting this webapp Accounts to deal with every aspect of the accounts (log in and out, edit account, etc), and connect the session (or authentication) to my webapps?
You could deploy a Central Authentication Service and use it as an authentication provider for your applications.
Using a library (for example gwt-cas) to call your CAS will reduce your code duplication to a few lines of configuration per project.
You'll want to look into container-managed security. Here's the salient documentation.