Red Hat Identity Management for Linux systems in Demilitarized Zone (DMZ)

A Demilitarized Zone (DMZ) is a network that forms a perimeter or separation between the internal network of an organization, such as LANs, and the external network of the organization, such as the Internet. Providing identity management to systems in the Demilitarized Zone without compromising the security of the DMZ itself is a significant challenge.

Red Hat offers a solution to this challenge through their IdM Server that serves as the domain controller for this process. Red Hat Identity Management (IdM) is responsible for managing the authentication and authorization of clients by a server through Linux tools. It is based on the FreeIPA project.

The connection to the IdM server in the DMZ for the systems would be through ipa-client-install or realmd. The System Security Services Daemon (SSSD) provides a set of tools (daemons) that monitors access to remote directories. This SSSD component in the architecture will have to be configured on the clients. An IdM client is one that can retrieve credentials from the IdM server.

To ensure proxying Kerberos traffic does not pose a problem, the kdc proxy component in the IdM server needs to be enabled. After all the client configurations, the clients would have to be reconfigured to use kdcproxy rather than a standard Kerberos protocol.

Essentially, the server serves two purposes. One responsibility of the server is to be a trusting controller. The other purpose is to serve as kdcproxy server. The job of the trusting controller is to establish trust operations with the Active Directory (AD). In this case, the IdM server must be set as a trust agent instead of being set as a trust controller. A trust controller is used for managing trust. A trust agent is a master that has a reliance on SSSD to carry out the resolution of IDs.

The trust agent uses Connectionless Lightweight Directory Access Protocol (CLDAP) and Lightweight Directory Access Protocol (LDAP). These protocols are used to access and maintain distributed directory information services over a network. The trust agent will connect to the Active Directory Domain Controller (AD DC) through these protocols.

Types of traffic and potential threats to the servers

The system will have two types of traffic flowing through. The first form of traffic is the HTTPS traffic. The second form is the LDAP/CLDAP traffic from the IdM servers in DMZ to the AD DC in the firewall.

Since the IdM server is not read-only, there are a lot of concerns that arise. An attacker who gains root access to the IdM server can then potentially log into any of the Linux clients present within the DMZ. However, ideally, the systems within the firewall environment should remain safe from the attack. In order to achieve this, hosts and services should be forbidden from the IdM realm. If it is absolutely necessary to connect these hosts to the IdM realm, the hosts should then be connected to a different IdM server that does not serve DMZ hosts. The architecture allows for multiple IdM servers.

Prevention of IdM server hijacking

• It is essential to prevent the hijacking of the IdM server in DMZ. The following methods can be adopted to do so.
• Ensure that impertinent and unnecessary services are not added on to the IdM server. Installing additional IdM components must be refrained from, in order to ensure extra security.
• Hardening processes must be incorporated into the IdM server. These processes are for reducing the surface of vulnerability of the IdM server. Changing default passwords and using strong passwords on the IdM server would ensure the required security.
• The hackers could infiltrate the system through open ports. Conduct IdM system scans regularly to detect these susceptible ports. Ensure all the unnecessary ports that are open, are closed.
• Carry out regular updating of the system. Newer versions of outdated systems are released generally because the previous versions are susceptible to attacks. Therefore, constant updating is crucial.
• Use Secure Shell (SSH) configurations to restrict the number of servers that have access to this IdM realm. All unnecessary servers must be denied access.
• The system should be regularly monitored and scanned for other vulnerabilities. The sooner vulnerability is detected, the faster it can be rectified.
• Carry out attack simulations by mounting attacks that allow traversing of the network. This would expose the vulnerabilities in the network.
• Carry out patch simulation to identify the patches that have the maximum impact on the security. These could be crucial in assuring the safety of IdM servers in DMZ.
• You could also set limits to the outbound traffic from services within the IdM host. This would prevent contact with malicious agents.
• The activity logs and suspicious activities should be monitored. This monitoring would allow the prevention of potential attacks.
• Eliminating the trust controller would also reduce the chance of attacks. A trust agent requires a lesser number of open ports when compared to the controller, making the server less prone to attacks.
• Of course, all these risks can be avoided by simply having a read-only IdM server. But, that would introduce high amounts of complexity in the system.