Security importance in odoo
The prime goal of cyber security is to decrease the risk of cyber assaults and to defend against unauthorized use of networks, systems and technology.
When we talk about cyber security , its big field and many things are possible , attackers do a lot of tricks to exploit system and vulnerability present should be identified and fixed, there are some steps we use so make our server and odoo secure.
Ensuring the principle of least privilege is followed. This includes both physical access (to data centers, server rooms, etc.) and electronic access to systems and data. suppose there is role in system sales man, so he can do what he is expected to do like quotation and sale order print etc, but he should not do purchase work or extra configuration.
- use port other 22 for ssh
- use protocol ssh2
- disable direct root login
- use public key instead of password
- enable two factor authentication on web application
- use strong password for authentication of login web app
- disable empty password
- restrict ssh to specific ip/device
- set ssh idle timout
Idle Timeout: The idle timeout specifies the maximum time a client can remain idle (without sending any data) within an established SSH session. If there is no activity within this time-frame, the server will close the connection.
These timeout configurations help prevent idle connections from unnecessarily occupying server resources and protect against potential security risks, such as unauthorized access to an idle session. However, it's essential to strike a balance between enforcing appropriate timeouts and accommodating legitimate use cases, as overly aggressive timeout settings may disrupt legitimate user sessions
Key Pair SSH authentication
SSH key pair authentication is critically important for secure and efficient access to remote servers. It offers several key benefits that significantly enhance security compared to traditional password-based authentication, like Reduced Risk of Credential Theft, resistance to Brute-Force Attacks,Prevention of Credential Reuse.
Protect your private key with a strong passphrase
Avoid sharing private keys or passphrase.
Keep your private key secure and back it up in a safe location.
Disable password-based authentication on the server for enhanced security.
Note: if you want give someone access to your server, then don't share your key instead take their public key and put it into your server, they will connect by their private key.
SSL :
SSL stands for Secure Sockets Layer, and it's a cryptographic protocol used to establish a secure and encrypted connection between a client (such as a web browser) and a server (such as a website). The primary purpose of SSL is to ensure that data transmitted between the client and the server remains private, secure, and protected from eavesdropping, tampering, or unauthorized access.
use certbox for free installation guide, follow the steps
https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
Cloudflare
its important, with cloudflare you can't only apply ssl, but also you can make it as a proxy so your actual IP will be hide.
Bastion server/jumping server
its also important to only allow bastion server to communicate to your actual server so its make better security.
DNS security :
First layer security is dns security... It is critical as many hackers use vulnerabilities in the dns system to help them gain unauthorized access
DNS security components include firewalls and access control lists and keep your data safe from unauthorized access and hackers by controlling who can get in and what they can do when they are inside.
Firewall:
Ensure a properly configured firewall is in place to block unauthorized access and only allow necessary traffic to your servers.
Linux operating systems, including popular distributions like Ubuntu, CentOS, and Debian, often come with built-in firewall management tools. One such tool is iptables, which is a powerful and flexible firewall management utility that is available on many Linux distributions. With iptables, you can configure rules to control incoming and outgoing network traffic, thereby enhancing the security of your Linux server.
Open Ports 80,443, custom ssh port, close all other ports.
Ransomware attack
Ransomware is a malware designed to deny a user or organization access to files on their computer. By encrypting these files and demanding a ransom payment for the decryption key, cyber attackers place organizations in a position where paying the ransom is the easiest and cheapest way to regain access to their files.
Note: Backup and Recovery: Regularly back up your data and ensure that you can restore these backups in case of data loss or a ransomware attack.
Honeypot
is a specially designed piece of software that mimics another system, normally with vulnerable services that aren’t really vulnerable, in order to attract the attention of an attacker as they’re sneaking through your network.
The honeypot looks like a real computer system, with applications and data, fooling cyber criminals into thinking it's a legitimate target. For example, a honeypot could mimic a company's customer billing system - a frequent target of attack for criminals who want to find credit card numbers. Once the hackers are in, they can be tracked, and their behavior assessed for clues on how to make the real network more secure.
A honeypot is a cyber security mechanism designed to detect, deflect, or study attempts at unauthorized use of information systems. It's a trap set to detect or counteract attempts at unauthorized use of information systems. Essentially, it is a decoy set up as a potential target for cyber attacks.
Honeypots are deceptive systems or services that mimic real systems. Like decoy accounts, they have no legitimate function, and they are intended to attract and divert attackers.
Purpose of Honeypots:
Detection: Honeypots detect unauthorized access to the network by presenting seemingly valuable targets.
Diversion: By engaging attackers with the honeypot, the real systems are kept safer.
Research: Honeypots can be used to study attack patterns and gather intelligence about new threats and vulnerabilities.
Purpose: Honeypots are decoy systems designed to mimic real systems to attract and trap attackers. They can be used to study attack techniques and help detect malicious activities.
Security Role: Honeypots add a layer of security by diverting and observing potential attackers, allowing organizations to understand threats and develop countermeasures.
Honeypot server security is low level because in that we showed the ip, we want an attacker to come on it and we learn the attacking pattern.
Here are a few ways honeypots are used in server security:
Detection and Deflection: Honeypots can detect malicious activity early by attracting attackers to decoy systems rather than actual production systems. They can also serve to distract attackers from more valuable parts of the network.
Data Collection: Honeypots are great tools for understanding the tactics, techniques, and procedures used by attackers. By monitoring attacker activity on the honeypot, defenders can gain insights into attack vectors, payloads, and post-exploitation activities.
Research: Honeypots are often used by security researchers to study the behavior of attackers. They can provide valuable information about new and emerging threats, helping to improve overall security.
Mitigation of Zero-day Exploits: Zero-day attacks exploit unknown vulnerabilities, so traditional security tools may not detect them. But because honeypots identify malicious activity based on behavior rather than known signatures, they can help detect zero-day attacks.
There are two main types of honeypots:
Low-interaction honeypots: These are relatively simple and create services that mimic the services provided on a network. They don't contain much data, are less risky, but also provide less detailed information. They are easier to deploy and ideal for detecting common attacks.
High-interaction honeypots: These are complex and involve real operating systems and applications. While they can provide more insight into the attacker's actions, they are more risky to use because they are fully functional and, if not properly isolated, can be used to launch attacks on other systems.
you can create a server that contains fake db suppose in our case its odoo so we will create it , dns domain similar to your actual domain suppose data.xyz.com, and create some fake users entries and module data entery. then monitor the behavior.
More important thing is to make this server less secure so hackers trend we can watch and analyse.
Decoy accounts
decoy accounts are created in order to check if someone is attempting to log into them. When an attempt is made security experts can then investigate the attackers’ techniques and strategies, without being detected or any data being compromised.
Feel free to book a consulting session on how you could start implementing such a solution for your own Odoo instance. We can train your staff to do it or we can do it for you as a one-time task.
fail2ban
sudo apt-get install fail2ban
Fail2Ban is an open-source intrusion prevention software that helps
protect servers from unauthorized access attempts by blocking potentially
malicious IP addresses. It is particularly useful for securing services
that are exposed to the internet, such as SSH, web servers,
and email servers.
Fail2Ban works by monitoring log files for specific patterns of failed
login attempts or other suspicious activities. When a defined threshold
of failed attempts is reached, Fail2Ban takes action, such as blocking
the offending IP address using firewall rules. This temporary block,
also known as a "ban," helps prevent further unauthorized access from
that IP address.
Choose Services to Protect: Decide which services you want to protect with Fail2Ban. Common
choices include SSH, Apache, Nginx, and more. Each service will have
its own configuration section within the jail configuration file.
Contact: support@alhaditech.com