Skip to content
This repository has been archived by the owner on Apr 17, 2019. It is now read-only.

Commit

Permalink
Merge pull request #2129 from hyperledger/feature/docs-sec-guide
Browse files Browse the repository at this point in the history
Documentation for Iroha installation security tips
  • Loading branch information
baydarich authored Mar 11, 2019
2 parents 4a76e8c + dd879db commit 75caf88
Show file tree
Hide file tree
Showing 2 changed files with 62 additions and 0 deletions.
1 change: 1 addition & 0 deletions docs/source/guides/index.rst
Original file line number Diff line number Diff line change
Expand Up @@ -11,3 +11,4 @@ Guides and how-tos
libraries.rst
dependencies.rst
k8s-deployment.rst
sec-install.rst
61 changes: 61 additions & 0 deletions docs/source/guides/sec-install.rst
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
Iroha installation security tips
================================
This guide is intended to secure Iroha installation. Most of the steps from this guide may seem obvious but it helps to avoid possible security problems in the future.

Physical security
^^^^^^^^^^^^^^^^^
In case the servers are located locally (physically accessible), a number of security measures have to be applied. Skip these steps if cloud hosting is used.

Establish organisational policy and/or access control system such that only authorized personnel has access to the server room.
Next, set BIOS/firmware password and configure boot order to prevent unauthorized booting from alternate media.
Make sure the bootloader is password protected if there is such a functionality. Also, it is good to have a CCTV monitoring in place.

Deployment
^^^^^^^^^^
First, verify that official repository is used for downloading `source code <https://github.com/hyperledger/iroha>`__ and `Docker images <https://hub.docker.com/r/hyperledger/iroha>`__.
Change any default passwords that are used during installation, e.g., password for connecting to postgres.
Iroha repository contains examples of private and public keys - never use it in production.
Moreover, verify that new keypairs are generated in a safe environment and only administrator has access to those keypairs (or at least minimise the number of people).
After deploying keys to Iroha peers delete private keys from the host that was used to perform deployment, i.e. private keys should reside only inside Iroha peers.
Create an encrypted backup of private keys before deleting them and limit the access to it.

Network configuration
^^^^^^^^^^^^^^^^^^^^^
Iroha listens on ports 50051 and 10001.
Firewall settings must allow incoming/outgoing connections to/from these ports.
If possible, disable or remove any other network services with listening ports (FTP, DNS, LDAP, SMB, DHCP, NFS, SNMP, etc).
Ideally, Iroha should be as much isolated as possible in terms of networking.

Currently, there is no traffic encryption in Iroha, we strongly recommend using VPN or Calico for setting up Docker overlay network, i.e. any mechanism that allows encrypting communication between peers.
Docker swarm encrypts communications by default, but remember to open necessary ports in the firewall configuration.
In case VPN is used, verify that VPN key is unavailable to other users.

If SSH is used, disable root login.
Apart from that, disable password authentication and use only keys.
It might be helpful to set up SSH log level to INFO as well.

If IPv6 is not used, it might be a good idea to disable it.

Updates
^^^^^^^
Install the latest operating system security patches and update it regularly.
If Iroha is running in Docker containers, update Docker regularly.
While being optional, it is considered a good practice to test updates on a separate server before installing to production.

Logging and monitoring
^^^^^^^^^^^^^^^^^^^^^^
- Collect and ship logs to a dedicated machine using an agent (e.g., Filebeat).
- Collect logs from all Iroha peers in a central point (e.g., Logstash).
- Transfer logging and monitoring information via an encrypted channel (e.g., https).
- Set up an authentication mechanism to prevent third parties from accessing logs.
- Set up an authentication mechanism to prevent third parties from submitting logs.
- Log all administrator access.

OS hardening
^^^^^^^^^^^^
The following steps assume Docker is used for running Iroha.

- Enable and configure Docker Content Trust.
- Allow only trusted users to control Docker daemon.
- Set up a limit for Docker container resources.

0 comments on commit 75caf88

Please sign in to comment.