Secure Application Configuration Basics
In June of 2016 it was revealed that a database maintained by a large data brokerage company was hacked exposing 154 million US voter records and personal details like gun ownership, positions on gay marriage, and email addresses were retrieved. Database misconfiguration was the cause, the CouchDB database which stored the information was not configured to require authentication in order to access the voter records it held. Secure configuration practices could have ensured the database could only be accessed by authenticated users preventing the breach.
Secure configuration is a reflexive application and environment hardening process whose objective is to minimize an application’s attack surface. Numerous paths can be taken to reach this end including removing or disabling unnecessary application functions, modifying configuration defaults, customizing error messages, and ensuring deployed builds removing deployment files and credentials. Although these secure configuration practices represent only a few of those available they share a basic motivation, to simplify and minimize an application’s operational footprint while taking into consideration how the application interfaces with its environment.
Before you Start
Before developing secure configuration practices an operational baseline should be established for the applications, plugins, scripts, and other software components your organization employs. Practically, this means taking an inventory of applications and software components that coexist with your own and tracking information like version numbers and upgrade paths. The more you know about your application and its environment the better positioned you are to ensure that the configurations being used are, and continue to be secure. Established best practices like those published by OWASP should be used to evaluate to your baseline and contrast your progress ensuring your secure configuration practices continue to improve.
Secure Configuration Strategies
There exist broad secure configuration strategies that organizations can implement to improve their security posture.
Minimize Attack Surface
The process behind minimizing the attack surface available to an attacker can be summarized with the idea that “simpler is better”. In practice this means simplifying functionality and limiting user access to only what is absolutely necessary for the task at hand. More concretely, an application with a single purpose will not have supplementary features, reflective of a larger code base, which increases the probability of coding errors with security implications being exploited. Promoting applications and functions that have a single purpose when possible will contribute to the development of more secure applications and environments.
Low Hanging Fruit
In many cases, practices that can enhance the security posture of an application are simple and inexpensive to implement. For example, forgetting to disable PHP’s “display_errors” in a build destined for a production could eventually reveal clues about how the application is structured giving attackers additional information they could use to break into your application.
Ensuring consistency in the processes your organization uses to transition between development and production environments will minimize changes that must be made when deploying a new build and reduce the possibility of misconfiguration. Although some elements like passwords will need to change, simplicity will promote security while also reducing time.
Deployment orchestration provides organizations with the opportunity to create and manage a set of secure configuration files for all applications and their environments in a central location. These tools facilitate quickly pushing updates to software, plugins, libraries, and their wider environments as they are approved using a timeline and process carefully controlled by administrators. Additionally, orchestration ensures through the use of an interval defined by administrators, an application, its environment, and any additional components remain configured in the manner originally defined by administrators by proactively reverting changes that don’t match the default specified by administrators.
Reducing an application’s attack surface, taking advantage of low hanging fruit, and employing automation afforded by orchestration are effective strategies which will reduce the possibility of human error contributing to a security bug. Ultimately, these secure configuration practices attempt to balance usability and security and care must be taken to ensure that the personal information users trust organizations with is managed carefully, where mistakes like forgetting to assign a username and password to a database holding the records of 154 million people aren’t disclosed carelessly.