Security hardening

Security hardening and system insight is one of the key usage area of qbee

The qbee device management software is designed to allow a much more secure operation of huge IoT systems. There are different checks and best practices that can be used to achieve the best possible security.

Use qbee to harden your security. Simple things to improve security are shortly described below:

  • configure your firewall correctly. Most likely you want to block all access from the outside

  • check that you have the right users on the system and do some additional analysis with regards to password age and type

  • check all libraries that have CVE annotations and consider if action is needed

  • rotate ssh keys with certain time intervals

  • delete bootstrap keys that are not needed anymore

This example shows how to distribute and rotate ssh keys:

qbee-management-of-ssh-keys

In the example below existing users, password strength and password age are examined:

Tip

In this example three facts need further consideration:

  • apart from root and user there is a PlcAdmin. Are both user and PlcAdmin needed or is this a default service account that was not deactivated?
  • root has a password that is 175 days old. Both other users have a password that is 218 days old. Could this be the default password for "user" and "PlcAdmin"?
  • root seems to have a new password, but whereas user and PlcAdmin use SHA-512 root uses only insecure MD5.

qbee-security-user-analysis

The following example shows libraries that have CVE annotations and should be checked and/or updated. The system even suggest a possible update that is available in the repository:

qbee-security-library-check-CVE

Overall there are many active and passive measures to increase security and configure the system as safely as possible. qbee helps to do this also for administrators that do not have a lot of experience with this.