Use qbee.io to harden your security. Simple things to improve security are shortly described below:
configure your firewall correctly. Most likely you want to block all access from the outside
check that you have the right users on the system and do some additional analysis with regards to password age and type
check all libraries that habe CVE annotaions and consider if action is needed
rotate ssh keys with certain time intervals
delete bootstrap keys that are not needed anymore
This example shows how to distribute and rotate ssh keys:
In the example below existing users, password strength and password age is examined:
In this example three facts need further consideration:
- apart from root and user there is a PlcAdmin. Are both user and PlcAdmin needed or is this a default service account that was not deactivated?
- root has a password that is 175 days old. Both other users have a password that is 218 days old. Could this be the default passowrd for user and PlcAdmin?
- root seems to have a new password, but whereas user and PlcAdmin use SHA-512 root uses only insecure MD5.
The following example shows libraries that have CVE annotations and should be checked and/or updated. The system even suggest a possible update that is available in the repository:
Overall there are many active and passive measures to increase security and configure the system as safely as possible. qbee helps to do this also for administrators that do not have a lot of experience with this.