Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Securing Ridgeback

Within your organization, understanding Ridgeback's architecture and security zones is critical. Ridgeback security encompasses the database, Ridgeback services, and Rcores.

Database

Ridgeback requires a MySQL-compatible database server (e.g., MariaDB, Azure Database for MySQL, Amazon RDS for MySQL, or MySQL). Ridgeback's databases are designed for strict data isolation, with sensitive audit information kept in separate databases. In multi-tenant setups, each organization’s data resides in separate databases, ensuring no data leakage across organizations.

Best Practices for Database Security:

  • Enable TLS: Ensure encrypted communications between Ridgeback services and the database.
  • IP Whitelisting: Limit database access to only necessary IP addresses.
  • Database Hardening: Regularly update the database software, restrict privileges, and disable unnecessary features.
  • Backups: Implement a robust backup strategy, especially for critical Ridgeback databases.

Ridgeback Containerized Services

Ridgeback services (e.g., Server, Policy, and Manager) are deployed within a containerized environment. Containers, as lightweight virtualized environments, allow Ridgeback to package only the essential components without needing a full operating system. These services run in a container host, such as Docker, Azure Container Instances, or Amazon Elastic Container Service. Securing the container host is essential because if the host is compromised, so are the containers.

Best Practices for Ridgeback Services Security:

  • Host Hardening: Disable non-essential services on the container host to reduce the attack surface.
  • Access Control: Restrict container host access to essential IT administrators only.
  • IP Whitelisting: Control access to the container host with IP whitelisting.
  • Patching: Regularly update the container host to address security vulnerabilities.

Rcores

The Ridgeback Manager service communicates securely with Rcores through encrypted channels. Rcores are lightweight agents installed on endpoints, monitoring and responding to security events.

Best Practices for Rcore Security:

  • Endpoint Security: Deploy Rcores on endpoints that are regularly updated and monitored for security.
  • Access Restrictions: Limit Rcore installations to trusted endpoints and maintain an inventory of Rcore deployments.
  • Logging and Monitoring: Track Rcore activity to ensure compliance with Ridgeback policies.

Security Best Practices for Windows and Linux Systems

Ensuring Ridgeback’s effectiveness relies on a secure underlying infrastructure, particularly in your Windows and Linux environments.

Windows Best Practices

  • Update Regularly: Keep Windows systems updated with the latest security patches.
  • Use Windows Defender or Endpoint Protection: Ensure active endpoint security software to detect and prevent threats.
  • Enable Firewall: Configure and enable the Windows Firewall to control incoming and outgoing traffic.
  • Access Control: Enforce least privilege access and ensure administrators use separate accounts for administrative tasks.
  • Audit Policies: Enable audit logging to track security events and review logs regularly.

Linux Best Practices

  • Regular Patching: Keep Linux systems updated, especially with security patches.
  • Enable SELinux or AppArmor: Use mandatory access controls to limit the impact of potential breaches.
  • IPTables/FirewallD Configuration: Use a firewall to manage network traffic effectively.
  • Disable Root Login: Use sudo for privileged operations and disable direct root access.
  • System Auditing: Implement tools like auditd to log and monitor system events.