Infrastructure is comprised of roles roles and roles, how? let's see -
for computing infra - system
for system infra - processess
for processes infra - accounts
These roles either serve or request. For example accounts can serve or request in processing infrastructure.
Remember there is nothing personal about a node / system / workstation / server, it is data that is personal not the system. That is why we always deploy a policy to secure our environment and infrastructure.
There is a need of policy, does not matter complete or not, or even of just one para or a single page, but you should have a policy that guides you about the security, because once you start making a policy, you get a vision and with time your policy comes close to no room for error.
Ok, let's begin and we'll try to see the Security in theory / principle and in practice.
In principle security domains can be -
Physical
Local
Remote
Personnel
Other than that if you read books written by geeks or read the theory you'll find life cycles of security domains and stages, but here I'll try to focus to stay glued to the view of OS. So we can say that if you keep your installer selection to the default, you're establishing a known state of the Physical Domain, if your system initialization in the ready state is close to the default state, this approach to establish a known local domain, you can declare your hardening policy that will define it and will guide you in new deployments.
Similarly, keeping networking configuration narrow and precise is approach to establish a known remote domain.
In practice?
Your design makes the system to serves available resources.
Your policy help you to enforce your system to preserves available resources.
& 4 Qs -
1. Do we need to host this?
2. Does this node or CI need to know and access this?
3. Is system behaviour is normal?
4. Have you applied security updates?
The 3rd question of the 4Q needs proactive monitoring of resources for performance, once you generate a pattern of performance, you can easily figure out not only drops in performance but vulnerabilities and compromises too. Always use sar and logwatch and configure your syslog to log all the priority upper than info to log on a remote host for your entire Infrastructure.
In a linux system you'll have following facilities -
There is a need of policy, does not matter complete or not, or even of just one para or a single page, but you should have a policy that guides you about the security, because once you start making a policy, you get a vision and with time your policy comes close to no room for error.
Ok, let's begin and we'll try to see the Security in theory / principle and in practice.
In principle security domains can be -
Physical
Local
Remote
Personnel
Other than that if you read books written by geeks or read the theory you'll find life cycles of security domains and stages, but here I'll try to focus to stay glued to the view of OS. So we can say that if you keep your installer selection to the default, you're establishing a known state of the Physical Domain, if your system initialization in the ready state is close to the default state, this approach to establish a known local domain, you can declare your hardening policy that will define it and will guide you in new deployments.
Similarly, keeping networking configuration narrow and precise is approach to establish a known remote domain.
In practice?
Your design makes the system to serves available resources.
Your policy help you to enforce your system to preserves available resources.
& 4 Qs -
1. Do we need to host this?
2. Does this node or CI need to know and access this?
3. Is system behaviour is normal?
4. Have you applied security updates?
The 3rd question of the 4Q needs proactive monitoring of resources for performance, once you generate a pattern of performance, you can easily figure out not only drops in performance but vulnerabilities and compromises too. Always use sar and logwatch and configure your syslog to log all the priority upper than info to log on a remote host for your entire Infrastructure.
In a linux system you'll have following facilities -
authpriv
cron
daemon
kern
local [0-7]
lpr
mail
news
syslog
user
and you'll have following priorities for the above facilities -
debug
info
notice
warning
err
crit
alert
emerg
Analyse your requirement, check your policies and decide which facilites and which priorities you are going to log on remote log server.
Continued in next blog - how to accomplish this ^, how to decide upon response strategies and fault analysis.
No comments:
Post a Comment