Security hardening

Use qbee.io to harden your security. Simple things to improve security are shortly described below:

  • configure your firewall correctly. Most likely you want to block all access from the outside

  • check that you have the right users on the system and do some additional analysis with regards to password age and type

  • check all libraries that habe CVE annotaions and consider if action is needed

  • rotate ssh keys with certain time intervals

  • delete bootstrap keys that are not needed anymore

This example shows how to distribute and rotate ssh keys:

qbee-ssh-key-rotation-security-hardening

In the example below existing users, password strength and password age is examined:

Tip

In this example three facts need further consideration:

  • apart from root and user there is a PlcAdmin. Are both user and PlcAdmin needed or is this a default service account that was not deactivated?
  • root has a password that is 175 days old. Both other users have a password that is 218 days old. Could this be the default passowrd for user and PlcAdmin?
  • root seems to have a new password, but whereas user and PlcAdmin use SHA-512 root uses only insecure MD5.

qbee-security-user-analysis

The following example shows libraries that have CVE annotations and should be checked and/or updated. The system even suggest a possible update that is available in the repository:

qbee-security-library-check-CVE

Overall there are many active and passive measures to increase security and configure the system as safely as possible. qbee helps to do this also for administrators that do not have a lot of experience with this.