Securing Serviceguard Security analysis for HP Serviceguard clusters - Technical white paper

ManualsBrandsHP ManualsSoftwareHP Serviceguard for Linux ProLiant Cluster

Technical white paper

Securing Serviceguard

Security analysis for HP Serviceguard clusters

Table of contents

Abstract 2

Introduction 2

Threat analysis 2

Security threats 2

Usual threats that HP Serviceguard installations face 3

External threats 3

Internal threats 4

Inside the firewall protected security perimeter: the trusted network 5

Summary of threats that must be environmentally defended: 5

A future-hardened Serviceguard 5

The HP Serviceguard security patch of 2004 5

Serviceguard authentication 5

Authentication using identd 5

Weaknesses with “auth” 6

Is identd a security threat? 6

Stronger alternatives to identd 6

Weaker alternatives to identd 6

Considerations for Serviceguard Manager 7

Firewall configuration 7

Cluster Object Manager 7

Sniffing concerns 7

Spoofing concerns 7

Considerations for Quorum Server 7

Quorum server is not a threat, but is inside the security domain 7

Considerations for Continentalclusters 8

Appendix: Requirements of a trusted network 8

Conclusion 8

Glossary 8

Authentication 8

Authorization 8

Denial of service 8

Root exploit 8

Root user 8

To Learn More 9

Summary of content (9 pages)

PAGE 1
Technical white paper Securing Serviceguard Security analysis for HP Serviceguard clusters Table of contents Abstract Introduction Threat analysis Security threats Usual threats that HP Serviceguard installations face External threats Internal threats Inside the firewall protected security perimeter: the trusted network Summary of threats that must be environmentally defended: A future-hardened Serviceguard The HP Serviceguard security patch of 2004 Serviceguard authentication Authentication using identd
PAGE 2
Abstract Securing Serviceguard document talks about how a threat analysis can be carried out, and it elaborates about the nature of external and internal threats that most HP Serviceguard clusters are usually exposed to. It provides recommendations in order to protect the cluster nodes from external threats. This document also talks about the HP Serviceguard security patch of 2004, which toughens the Serviceguard authentication mechanism.
PAGE 3
Usual threats that HP Serviceguard installations face Most Serviceguard clusters lead a sheltered life. They are owned by commercial enterprises and benefit from the good perimeter defenses that the rest of the IT infrastructure also requires. The people who are allowed to access them are employees only, who reliably conform to written and unwritten constraints against anti-social behavior.
PAGE 4
Ports used by HP Serviceguard Manager on HP-UX and Linux: • compaq-https 2381/tcp • compaq-https 2381/udp • cpq-wbem 2301/tcp • cpq-wbem 2301/udp Additionally, the port 1118 is used for Apache-Tomcat communication within the local host, and this port should be opened. Rules should be established for Serviceguard and Serviceguard Manager for both IPv4 and IPv6 network addressing. Serviceguard uses ports in the dynamically allocated range.
PAGE 5
Inside the firewall protected security perimeter: the trusted network One or more hardware firewalls should be used to create a security perimeter surrounding more than a single cluster. The inside of such a security perimeter is referred to as a “security domain”. Within a security domain, security among clusters (more literally, among root users on clusters) could be compromised. Hence, generally, it is required that any computer that is not isolated by an external defense must have a trusted root user.
PAGE 6
Weaknesses with “auth” Identd and the auth protocol it implements are no more reliable than the computer they are running on. If that computer has been compromised, the computer can report any name it chooses. Thus, trusting the information reported by identd is dependent upon trusting the root user on that computer. It can and should also be observed that the information provided by identd is no less reliable than the computer supplying the information.
PAGE 7
Considerations for Serviceguard Manager Firewall configuration Serviceguard Manager, the Serviceguard GUI, is sometimes needed to run outside the firewall and outside the security domain. The Serviceguard Manager functionality uses ports 2301/http and 2381/https. Additionally, the port 1118 is used for Apache-Tomcat communication within the local host. To enable the use of Serviceguard GUI outside the firewall, the firewall must be configured to unblock the required ports: 1118, 2301/http and 2381/https.
PAGE 8
Considerations for Continentalclusters Continentalclusters is our disaster tolerant solution. It uses multiple Serviceguard clusters, separated from one another by as far as thousands of kilometers. Continentalclusters releases prior to Release A.08.00 require that all participating clusters must share a security domain, and thus clusters must share the same firewall-protected network perimeter.
PAGE 9
To Learn More For configuring firewall rules for Serviceguard on SUSE SLES and Red Hat, visit hp.com/go/linux-serviceguard-docs. For configuring firewall rules on HP-UX, refer to the latest HP-UX IPFilter Administrator Guide, which you can find at hp.com/go/hpux-security-docs —> HP-UX IPFilter Software Get connected hp.com/go/getconnected Current HP driver, support, and security alerts delivered directly to your desktop © Copyright 2012 Hewlett-Packard Development Company, L.P.