Sentry administrators may want to review their existing deployment for any potential holes and "tighten up" their Sentry policies and infrastructure. This article outlines the main areas of the Sentry deployment to review.
Components to a Sentry Deployment Security Review
There are 3 main components to a thorough Sentry deployment review, outlined below. Not all items will be applicable to all use cases and deployments, these are meant as general guidelines to reviewing an existing Sentry footprint.
1. Sentry Deployment / Instance Security - This includes the overall security of the Sentry deployment including the following topics:
- Hardware - HSM Security World admin card security/storage, network topology options, utilize out-of-band management
- Software - Check the security of the host system running Sentry
- Sentry Logging Strategies - What log levels are in use, are syslog policies in use, is confidential data logged, is confidential data sent to syslog in clear text, is the syslog server secure, log sanitation
- Sentry Admin User Credentials - Check admin user passwords, are admin LDAP policies using SSL, admin user access levels, domains/roles, set WebAdmin IP ACL, set WebAdmin SSL cert, set WebAdmin Domain
- Sentry Policy Propagation / Storage - How are policies propagated from one instance to another, are they stored in a secure database or local folder or secure network location
2. Sentry Policy Tightening - This includes the security of the Sentry runtime policies, that are handling production traffic. Topics include:
- PKI - Check key sizes, algorithms, etc.
- TLS / SSL- Disable weak ciphers, disable SSLv3, enable mutual auth, enable CRL checking.
- Security Policies - Check digital signatures tasks and encryption policies/tasks for keys, algorithms, options, etc.
- Access Control and Identity Management - Check runtime User ACLs and Access Control policies (LDAP, local, SiteMinder, etc..), HTTP cookie settings, credential caching values, do any tasks log out passwords in the logs, etc.
- Intrusion Detection and Prevention (IDP) Rules - Check detection rules against existing content policy flows to ensure prevention and enforcement actions are set properly.
- Schema Validation - Enable schema tightening with WSDL policies, use XML validation with XSD files, JSON validation, task lists to filter URIs, HTTP headers, query parameters, etc.
- Response Processing - Sanitizing error responses, prevent data leakage, etc.
3. Security Testing of Device and Policies - This includes testing the Sentry policies and the security parameters in place. Topics include:
- Device Penetration testing - Scan admin interfaces as well as runtime interfaces.
- Sentry Policy Testing - Positive and negative tests to review the responses out of Sentry and the Sentry Logging written out with each type of service.
- SOAPSonar Vulnerability Mode - Great for testing SOAP services, ensure that the error messages are sanitized, etc.
For recommendations on maximizing the security of your Sentry policies, including a top 10 list of recommendations, see: