HP OSMS white paper: Security of Open Source Middleware Stacks
require tools outside of the main middleware stack, although tools such as Bastille help you to do the job
right.
This section describes a set of security tools and techniques that are secondary to the primary purpose of
a middleware stack. These tools are extraneous to the installed components, yet they operate in support
of the primary components by bolstering their reliability through security.
This section includes the following topics:
• “Intrusion Management”
• “Advanced Access Control”
• “Monitoring and Forensic Tools”
Intrusion Management
Intrusion management attempts to mitigate security breaches. To mitigate a breach, you must detect
unauthorized system access as quickly as possible. Intrusion begins with a weakness. Theoretically, if
there is no weakness, there can be no breaches. Unfortunately, weaknesses do exist and even apparently
secure systems might contain unnoticed weaknesses that remain even after the most diligent audits.
Moreover, new software, new hardware, or new personnel can introduce additional issues.
The following are just some of the methods for mitigating an attack:
• limiting a breach by isolating services and assets
• encrypting the assets so they are unusable
• detecting the intrusion as it happens
• responding quickly
• closing the breach
The section“Essential Security” (page 11) described a bastion host, which is an isolated, fortified system
that provides services to untrusted clients and is, therefore, exposed to risk of attack. Such a system is best
isolated in a DMZ to reduce threats to other systems and to protect the other systems in case the bastion
host is compromised. Using chroot, a standard command line tool, can provide a similar environment,
only this time the isolation is within a system. The files available to processes are limited by isolating risky
processes into what are known as “chroot jails.” Placing processes in a self-contained environment limits
an intruder's access to a minimal subset of the system internals. In this way, the principle of least privilege
is enforced.
Protecting the contents of sensitive data stores is essential. Encryption can reduce the risk of exposing
sensitive data. Tools such as GnuPG can encrypt files that need protection. A secure design of the encryption
process, especially when working with the encryption keys, is essential. The resulting data store can contain
information that is unreadable except by clients who possess the encryption key.
The goal of intrusion detection is to detect the signatures of known attacks. Unfortunately, intrusion
detection is ineffective against previously unknown attacks. Because intrusion detection cannot detect
unknown attacks, it provides the same level of security as an up-to-date system. However, when you
cannot patch a system due to patch conflicts, delays in testing the patch, or patch unavailability, an intrusion
detection system can serve as a stopgap. However, from a security standpoint, it is better to patch
vulnerabilities than to try to block their exploits. Several well-known intrusion detection projects exist
within the open source community. One such project is Snort, a signature-based intrusion detection system.
For more information, see the Snort Web site at:
http://www.snort.org
Advanced Access Control
This section includes the following topics:
• “Access Control Background”
• “Access Control Models”
• “Linux Security Modules”
• “SELinux”
• “AppArmor”
• “Comparing AppArmor with SELinux”
Advanced Security 23