On 7 Jan 2006, at 07:34, <oc.rynning.no_at_securityfocus.com> wrote:
> Four (obvious) points:
> * Run as a non-privileged user (You might want to use a pre-emptive
> kernel to ensure performance).
> * Limit access to manager and administrator to localhost, admin-ip/-
> net. (and choose a proper password).
> * Change error messages (if the service is down, don't advertise
> the stacktrace, give a generic apology). (This is security by
> obscurity but nonetheless it hides specifics that may give an
> attacker information about possible injections or DoS).
> * Use a web-tier:
> Firewall <-> (load balancer if its for a web cluster) <-> Web
> frontend (Apache) <-> Firewall <-> Tomcat Application Server (cluster)
>
You could also consider:
- Running with the security manager enabled. The default policy file
provided with Tomcat should suit most needs. Then if more privileges
are required, they should be added by applying the principle of least
privilege and being as specific as possible when defining the
classes, e.g.:
permission java.util.PropertyPermission
"java.vm.specification.version", "read";
instead of:
permission java.util.PropertyPermission "java.vm.*", "read";
- Disabling support for compiling JSP's on the fly. Should there be
an application vulnerability that allows attackers to upload content,
they will not be able to upload JSPs.
--
Stephen de Vries
Corsaire Ltd
E-mail: stephen_at_corsaire.com
Fax: +44 1483 226068
Web: http://www.corsaire.com
-------------------------------------------------------------------------------
Watchfire's AppScan is the industry's first and leading web application
security testing suite, and the only solution to provide comprehensive
remediation tasks at every level of the application. See for yourself.
Download AppScan 6.0 today.
https://www.watchfire.com/securearea/appscansix.aspx?id=701300000003Ssh
-------------------------------------------------------------------------------
Received on Jan 09 2006
Intro
