Use qbee.io to ensure that your firewall is configured correctly. Most likely you want ton actively block all access from the outside. With remote access handled by qbee.io you can drop all connections to any port. In addition it is easy to become aware of all users on a system (also the default support users from equipment vendors) and remove them or assign strong passwords. Periodically change user passwords or rotate ssh keys. If a legacy system shows a vulnerability of a library this library can be exchanged if needed.
This example shows the play out and rotation of new ssh keys:
In the example below existing users, password strength and password age is examined:
In this example three facts need further consideration:
- apart from root and user there is a PlcAdmin. Are both user and PlcAdmin needed or is this a default service account that was not deactivated?
- root has a password that is 175 days old. Both other users have a password that is 218 days old. Could this be the default passowrd for user and PlcAdmin?
- root seems to have a new password, but whereas user and PlcAdmin use SHA-512 root uses only insecure MD5.
The following example shows libraries that have CVE annotations and should be checked and/or updated. The system even suggest a possible update that is available in the repository:
Overall there are many active and passive measures to increase security and configure the system as safely as possible. qbee helps to do this also for administrators that do not have a lot of experience with this.