Security hardening and system insight is one of the key usage area of qbee
The qbee device management software is designed to allow a much more secure operation of huge IoT systems. There are different checks and best practices that can be used to achieve the best possible security.
Use qbee to harden your security. Simple things to improve security are shortly described below:
configure your firewall correctly. Most likely you want to block all access from the outside
check that you have the right users on the system and do some additional analysis with regards to password age and type
check all libraries that habe CVE annotaions and consider if action is needed
rotate ssh keys with certain time intervals
delete bootstrap keys that are not needed anymore
This example shows how to distribute and rotate ssh keys:
In the example below existing users, password strength and password age are examined:
In this example three facts need further consideration:
- apart from root and user there is a PlcAdmin. Are both user and PlcAdmin needed or is this a default service account that was not deactivated?
- root has a password that is 175 days old. Both other users have a password that is 218 days old. Could this be the default password for "user" and "PlcAdmin"?
- root seems to have a new password, but whereas user and PlcAdmin use SHA-512 root uses only insecure MD5.
The following example shows libraries that have CVE annotations and should be checked and/or updated. The system even suggest a possible update that is available in the repository:
Overall there are many active and passive measures to increase security and configure the system as safely as possible. qbee helps to do this also for administrators that do not have a lot of experience with this.