Operational security

AJ

he/him

Winter 2 batch

Security/privacy nerd

What we're covering

tl;dr: security-related production environment best practices

General stuff
Secure software sources
Source installation management
Logs

What we're not covering

System-level stuff
Webapp stuff
General operational skills
Cryptography
Deploying HTTPS

General stuff

Conservative service management

Rigorous structure (Puppet/Ansible/Chef/etc. - etckeeper is super easy)

Use automatic software upgrades (`unattended-upgrades` + `needsrestart` packages in Debian and Debian derivatives)

Encrypt data in motion

General stuff II

Use `sudo`, not the root account

Disallow all (direct) logins to root

Document setups

Do all of these things now

Secure software sources

Prefer software from official distribution repositories

It's more trustworthy and has stronger authentication/integrity guarantees

Don't install unpackaged software (except your application)

Too hard to manage (esp. for upgrades)

Source installation management

Minimal permissions (don't use sledgehammers like `sudo chmod -R 777 .`)

Don't allow the app to write to itself

Give write access to logs, temporary files, and state

Logs

Restrict logfile permissions

Don't let your app tamper with logs (use syslog, systemd-journald)

Delete your logs

Otherwise you're handing free data to attackers

Thanks!

Questions

Vote on whether we'll cover HTTPS or cryptography next week

Access this presentation again

https://strugee.net/presentation-operational-security

Or get the source code

Operational security

AJ

he/him

Winter 2 batch

Security/privacy nerd

What we're covering

tl;dr: security-related production environment best practices

What we're not covering

General stuff

Conservative service management

Rigorous structure (Puppet/Ansible/Chef/etc. - etckeeper is super easy)

Use automatic software upgrades (unattended-upgrades + needsrestart packages in Debian and Debian derivatives)

Encrypt data in motion

General stuff II

Use sudo, not the root account

Disallow all (direct) logins to root

Document setups

Do all of these things now

Secure software sources

Prefer software from official distribution repositories

It's more trustworthy and has stronger authentication/integrity guarantees

Don't install unpackaged software (except your application)

Too hard to manage (esp. for upgrades)

Source installation management

Minimal permissions (don't use sledgehammers like sudo chmod -R 777 .)

Don't allow the app to write to itself

Give write access to logs, temporary files, and state

Logs

Restrict logfile permissions

Don't let your app tamper with logs (use syslog, systemd-journald)

Delete your logs

Otherwise you're handing free data to attackers

Thanks!

Questions

Vote on whether we'll cover HTTPS or cryptography next week

Access this presentation again

https://strugee.net/presentation-operational-security

Or get the source code

Use automatic software upgrades (`unattended-upgrades` + `needsrestart` packages in Debian and Debian derivatives)

Use `sudo`, not the root account

Minimal permissions (don't use sledgehammers like `sudo chmod -R 777 .`)