Guarding MarkLogic Applications against attack | MarkLogic Support

Knowledgebase

108Administration 8App Services 42Errors 144MarkLogic Server 52Performance Tuning

Knowledgebase: Administration

Guarding MarkLogic Applications against attack 03 November 2016 12:15 PM
Introduction OK, so you have written an amazing "killer App" using XQuery on MarkLogic Server and you are ready to make it available to the world. Before pressing the deploy button, you may want to verify that your application is not susceptible to hackers and other malicious users. There are many reliable scanners available to help find vulnerabilities in your MarkLogic installation. MarkLogic does not recommend any particular scanner. This article presents recommendation to handle some of the issues that might be flagged by a vulnerability scan over your MarkLogic Server Application. Recommendations Put ports 7998 - 8002 behind a firewall. For vulnerabilities related to OpenSSH, TCP/IP attack, and other OS related known weaknesses, these can easily be warded off by taking the following steps: Use a strong name/password. Upgrade to the latest version of MarkLogic Server to get the most recently included OpenSSH* library; or don’t use SSH and close port 22.* Place production behind a firewall and only expose ports required by public application. It is important to guard against Denial Of Service attacks. Here are some ways you can harden against that: Don’t open any MarkLogic administrative ports to the outside (7998 – 8002). The following utilities can be used to configure ports: inetd, xinetd. This article shows you how to use rc.d to control ports on Linux. Once configured you can then use netstat to check status. Place your production server behind a firewall and harden that layer against flood attacks. Some firewalls, such as HAProxy are able to limit traffic on a per-IP basis and still allow for high performance. This article is a good resource for preventing DOS attacks. Read the “Securing Your Production Deployment” section of the MarkLogic Server's Understanding and Using Security Guide. It walks you through a set of guidelines for securing your MarkLogic Server: Add Password Protections Adhere to the Principle of Least Privilege Infrastructure Hardening Implement Auditing Develop and Enforce Application Security Use MarkLogic Security Features Read About Security Issues Reporting A Suspected Vulnerability in MarkLogic ?
(2 vote(s)) Helpful Not helpful

Comments (0)