Difference between revisions of "EGI-CSIRT:TDG/best pract"
Line 3: | Line 3: | ||
= Best Practices = | = Best Practices = | ||
== Protecting Administrative Credentials == | |||
Credentials to access systems or Grid services should be well protected to prevent attackers from gaining access to the system or one of its services. | |||
For instance, for Grid services, the certificate private key (generally stored in userkey.pem or *.p12 files) is the secret part of the information representing the identity of its owner. This information is secret and must remain readable only by its owner. If the private key becomes known to an attacker, he/she will have the ability to impersonate the owner of the certificate on the Grid. While protecting private keys is under the responsibility of their owners, when allowed, site administrators are encouraged to periodically search for publicly readable private keys on their hosts. Unprotected and publicly readable private keys should be sent to the relevant CA for revocation. | |||
Also, SSH bruteforce attacks are very common and it is recommended to use SSH keys authentication instead of password authentication to authenticate against remote SSH servers. | |||
Indeed, once the SSH public key is stored on the remote server, it is possible to authenticate against it by using the relevant SSH private key, which is protected by a passphrase. | |||
Of course, again, this mechanism is efficient only if the private key is protected by a good passphrase! |
Revision as of 15:36, 15 March 2012
EGI-CSIRT Public wiki EGI-CSIRT Private wiki
EGI-CSIRT Contacts | Back to TDG Main
Best Practices
Protecting Administrative Credentials
Credentials to access systems or Grid services should be well protected to prevent attackers from gaining access to the system or one of its services.
For instance, for Grid services, the certificate private key (generally stored in userkey.pem or *.p12 files) is the secret part of the information representing the identity of its owner. This information is secret and must remain readable only by its owner. If the private key becomes known to an attacker, he/she will have the ability to impersonate the owner of the certificate on the Grid. While protecting private keys is under the responsibility of their owners, when allowed, site administrators are encouraged to periodically search for publicly readable private keys on their hosts. Unprotected and publicly readable private keys should be sent to the relevant CA for revocation.
Also, SSH bruteforce attacks are very common and it is recommended to use SSH keys authentication instead of password authentication to authenticate against remote SSH servers. Indeed, once the SSH public key is stored on the remote server, it is possible to authenticate against it by using the relevant SSH private key, which is protected by a passphrase.
Of course, again, this mechanism is efficient only if the private key is protected by a good passphrase!