Create
cancel
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Deleted user
0 / 0 points
Next:
badges earned

Your Points Tracker
Challenges
Leaderboard
  • Global
  • Feed

Badge for your thoughts?

You're enrolled in our new beta rewards program. Join our group to get the inside scoop and share your feedback.

Join group
Recognition
Give the gift of kudos
You have 0 kudos available to give
Who do you want to recognize?
Why do you want to recognize them?
Kudos
Great job appreciating your peers!
Check back soon to give more kudos.

Past Kudos Given
No kudos given
You haven't given any kudos yet. Share the love above and you'll see it here.

It's not the same without you

Join the community to find out what other Atlassian users are discussing, debating and creating.

Atlassian Community Hero Image Collage

How do you investigate of your security of instance proactively?

hi! 

 

How do you investigate of your security of instance proactively?

I see in many companies use the different security scanners for analysis (https://owasp.org/www-community/Vulnerability_Scanning_Tools) e.g. Jira. 

Just curious how often do you do ? What kind methods do you use ?

is this for compliance and checklist? 

 

Cheers,

Gonchik Tsymzhitov

2 answers

1 vote
Daniel Ebers Community Leader Apr 25, 2021

From previous experience this is a lengthy topic (beg my pardon I touched some more aspects than just the security scanners) where many details can be unfold - but in general, I suppose, overall they just repeat best practises for IT which are documented for many, many years.

I'd like just to name a few - all of them, like I said, supposedly are repetitions:

  • keeping the systems on a reasonable current patch level is key
    • keep an eye on outdated packages, where possible use unattended upgrades of some kind
  • do backups
    • rather than just relying on RAID (already seen this) have a proper backup strategy in place, for the system itself as well as for the database
  • have all involved system configured properly
    • do the usual considerations as for patch strategy, backup strategy, user management, alongside with restore tests, failover tests (where applicable) and conduct simulated incident scenarios
  • document everything, where possible
    • documentation is key, especially if you are ill or on vacation
    • check documentation with team members if they understand what is written down, if they can act using your documentation in an emergency case
  • spread knowledge
    • while you maybe are the go-to-expert for Atlassian related stuff try to spread knowledge in a way some more colleagues are able to get things running (whereas they probably not need to know the very last detail in workflow specialities and how to deal with them)
  • security scanners can add to the overall security level, no questions
    • you can scan on whatever interval sounds reasonable for your team
      • weekly
      • bi-weekly
      • monthly
    • you surely already scan for known exploits regarding
      • the OS itself
      • any needed packages but not necessarily bound to Jira operations like the database (PostgreSQL, MySQL, ...), local packages having vulnerabilities, other system services (ntp, mta, ...)
      • finally Jira - in case of any Security Advisory the security scanner should alarm you additionally to the mail you surely receive in parallel from Atlassian (therefore I have a strong recommendation for, at least, weekly scans - this however might depend if your Jira instances are behind the firewall and/or internet-facing)

One topic that I have seen in discussions lately is the preservation of logs (catalina.out/atlassian-jira.log and probably atlassian-jira-security.log) in a separated logging-system to detect irregularities or if the server was already compromised and the original system cannot be trusted anymore.

The list can be continued (I heard of implementations that scan the attachment directory for viruses and other malicious contents) and is by no means complete (one could start with discussing the presence of a correctly configured firewall and end up with the statement that only trusted admins should be act on basic system levels and so on). So please consider all of the said above as some basic idea that came to my mind and what seems to be common with Jira-admins I recently spoke with.

Thank you ,

I am also interested to the tooling. 

0 votes
Dave Liao Community Leader Apr 18, 2021

Regarding how often you scan a system, depends on several factors:

  • If you're scanning in an automated fashion, you're always watching. 😉 If manual work is needed, you scan as often as practical (have a security team? how big is the security team, etc.).
  • If you care about information security, protect and monitor systems you care about the most, depending on the knowledge stored in those systems.

I also suggest cross-posting this in Trust & Security. 💪

Suggest an answer

Log in or Sign up to answer
DEPLOYMENT TYPE
SERVER
VERSION
8.13.3
TAGS
Community showcase
Published in Marketplace Apps & Integrations

Why everyone using Jira must be GDPR-compliant

Did you know that penalties up to 4 % of the yearly company turnover are possible in case of GDPR violations? GDPR regulations are currently mainly relevant for companies in the EU, but countries lik...

64 views 1 2
Read article

Community Events

Connect with like-minded Atlassian users at free events near you!

Find an event

Connect with like-minded Atlassian users at free events near you!

Unfortunately there are no Community Events near you at the moment.

Host an event

You're one step closer to meeting fellow Atlassian users at your local event. Learn more about Community Events

Events near you