It is important that configuration management functionality is accessible only by authorized operators and administrators. A key part is to enforce strong authentication over your administration interfaces, for example, by using certificates.

What to Do

Examine how the administration interfaces are secured.

Why

The consequences of a security breach to an administration interface can be severe, because the attacker frequently ends up running with administrator privileges and has direct access to the entire site.

When

If your design specifies remote administration, then you must secure the administration interfaces  because of the sensitive nature of the operations and the data that is accessible over the administration interface.

How

It is important that configuration management functionality is accessible only by authorized operators and administrators. A key part is to enforce strong authentication over your administration interfaces, for example, by using certificates.

If possible, limit or avoid the use of remote administration and require administrators to log on locally. If you need to support remote administration, use encrypted channels, for example, with SSL or VPN technology, because of the sensitive nature of the data passed over administrative interfaces. Also consider limiting remote administration to computers on the internal network by using IPSec policies, to further reduce risk.

Review the following aspects of your remote administration design:

  • Do you use strong authentication?

    All administration interface users should be required to authenticate. Use strong authentication, such as Windows or client-certificate authentication.

  • Do you encrypt the network traffic?

    Use encrypted communication channels, such as those provided by IPSec or virtual private network (VPN) connections. Do not support remote administration over insecure channels. IPSec allows you to limit the identity and number of client machines that can be used to administer the server.

Additional Resources