This article discusses the procedures and techniques used in key management system hardening for servers and devices. Hardening activities for servers and devices should be performed in order to maintain security of the system.
Hardening is the process to eliminate a means of attack by patching vulnerabilities, turning off non-essential services and configuring system with security controls such as password management, file permissions and disabling unused network ports.
The hardening activities for key management systems involve several steps to form layers of protection.
Key management system design and implementation should specify the secure configuration requirements and guidelines that the hardening is based upon. The system should list the hardening activities required to be performed in order to maintain its security.
Every program is a potential entry point for a hacker. Cleaning out unnecessary programs and utilities from the computer can reduce the attack surface area. Programs such as FTP, telnet, and Rlogin should not be used. If the program is classified as non-essential for the company, it shouldn’t be allowed because hackers might take advantage by backdoors and security holes. This also involves disabling network ports and services that are no longer required for the operation of the system. Disabling removable media, or disabling automatic run features on removable media and enabling automatic malware checks upon media introduction can also help in reducing the attack surface area of the system.
In the digital age, it is important to realize that there is no perfect security. Vulnerabilities are often discovered in systems and appropriate security patches are released to fix the issue. Patch management is essential for maintaining and improving key management systems security posture. The security policy and standards for the organization should specify the process for obtaining, testing and deploying patches. Testing must be carried out on a confined system before deployment to ensure no functional problems are introduced by the patch
Using the principle of least privilege to control access to sensitive system features, application, files and data. This also includes limiting user accounts to those needed for legitimate operations and disabling or removing accounts that are no longer required. The concept of least privilege is an important factor in designing a hardening checklist for servers.
In a hardening checklist, password management includes the use of complex password, password expiry, password re-use period, password maximum days, password minimum length, and password change period. One should note that the hardening checklist should comply with the password policy of the organization. Replacing all default passwords and keys with strong passwords and randomly generated keys (or implement strong authentication, such as smart cards) should be part of the hardening checklist for key management system.
System, application and security logs should be enabled in the server. For example, in a linux server, by default syslog stores data in /var/log/ directory. It is useful to analyze unauthorized access or hacking attempts. Tamper-evident logs are recommended for proof of compliance to internal and/or external requirements.
Additional security features such as Mandatory Access Control (MAC) provided by SELinux can help in enforcing limitation on network and other programs. The hardening checklist for key management system should specify how these features can be enabled and the configuration settings for the process. It is also mandatory to configure and harden services such as SSH or RDP. The SSH hardening should detail how the SSH settings should be configured. The NIST publication on ‘A framework for Designing Cryptographic Key Management System’ recommends enabling optional security features as appropriate and selecting other configuration options that are secure.
Hardening the key management system and devices is essential for maintaining the security of the system. The hardening activity should also include a secure configuration audit by security engineers to double check the hardening process of the devices and system.
This is part of the periodic review of the system configuration against the hardening guide-lines.
Image: Courtesy of James Saunders, Flickr (CC BY 2.0)