A security system is only as good as its weakest link. This chapter describes some genral principles to think about with an eye toward hardening your entire environment for security, and contains the following sections:
When your data and business requirements warrant it, design and implement password protections. These protections can range from providing guidelines to your users to implementing programmatic checking to enforce password complexity and management.
Complexity verification verifies that each password is complex enough to provide reasonable protection against intruders who try to break into the system by guessing passwords. This encourages users to create strong passwords.
To enforce password complexity programmatically, use the password plugins. For more information about the plugin framework and to view a sample password plugin, see System Plugin Framework and Password Plugin Sample in the Application Developer's Guide.]
Grant necessary privileges only. Do not provide users or roles more privileges than are necessary. If possible, grant privileges to roles, not individual users. The principle of least privilege is that users are given only those privileges that are actually required to efficiently perform their jobs.
Most computer platforms offer network security features to limit outside access to the system. The purpose of infrastructure hardening is to eliminate as many security risks as possible. It can involve both hardware and software, as well as physical restrictions. The following are some infrastructure hardening topics:
The United States National Security Agency develops and distributes security configuration guidance for a wide variety of software, including the most common operating system platforms. You can view this guidance on their website at: http://www.nsa.gov/ia/mitigation_guidance/security_configuration_guides/operating_systems.shtml.
Encrypt network traffic between the browser and MarkLogic Server by enabling SSL. You can also enable SSL for intra-cluster communication. For high security needs, make sure MarkLogic Server runs in FIPS mode (which is the default mode). This option restricts your SSL ciphers to those that have met the FIPS 140-2 Level 1 validation requirements. For information on how to configure SSL and FIPS mode, see Clusters in the Administrator's Guide.
Protect access to MarkLogic's Admin Interface and development tool ports:8000, 8001, 8002 behind a corporate firewall. While your MarkLogic application may run on a publicly available port, such as port 80, it is good practice to secure the MarkLogic Admin Interface and other development application ports behind a firewall.
Ensure that machines running MarkLogic Server are in a physically secure location. Physical access to a server is a high security risk. Physical access to a server by an unauthorized user could result in unauthorized access or modification, as well as installation of hardware or software designed to circumvent security. To maintain a secure environment, you should restrict physical access to your MarkLogic Server host computers.
MarkLogic includes an auditing capability. Designing and implementing an auditing policy can be an important part of your overall security planning. For more details, see Auditing in this guide. For procedures related to enabling auditng, see Auditing Events in the Administrator's Guide.
An important step in creating a MarkLogic application is to ensure that it is properly secure. Network security mostly ignores the contents of HTTP traffic, therefore you can't use network layer protection (firewall, SSL, IDS, hardening) to stop or detect application layer attacks. The Open Web Application Security Project is an open group focused on understanding and improving the security of web applications and web services. You can visit their site at: http://www.owasp.org/. The OWASP Top Ten Project is one starting point for understanding how you can build good security into your application.
Let collections and document permissions restrict the data access for the user. Do not write your own access restriction code. Write code so that it uses the MarkLogic Server security model and operates on the correct data based on the user's permissions and the current documents in use.
Many excellent resources exist on the Internet. These sources contain valuable security-related information for everyone in the enterprise software development and deployment chain from software developers and system administrators to managers. For example, the Defense Information Systems Agency (DISA) sponsors the Information Assurance Support Environment website found at http://iase.disa.mil/index2.html. This site contains Security Technical Implementation Guides (STIGs). The STIGs contain technical guidance to 'lock down' information systems and software that might otherwise be vulnerable to a malicious computer attack.
Another example is the CERT Program, a part of the Software Engineering Institute, a federally funded research and development center operated by Carnegie Mellon University. This organization is devoted to ensuring that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks, accidents, or failures. For more detailed information about CERT visit their website: http://www.cert.org/.