« Who Runs an Agile Assessment? | Main | Securing MySQL in 10 minutes »

August 07, 2010

TrackBack

TrackBack URL for this entry:
http://www.typepad.com/services/trackback/6a01156fc2ebf9970c0133f2e9a23b970b

Listed below are links to weblogs that reference Securing Memcache in 2 Minutes:

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

Mbuckbee

I think this is excellent advice, but I'd suggest that it is secondary security to firewalling off ANY ports on your server that should not be accessed from outside.

619Cloud

Good article, but generally servers have iptables in place, and only open ports necessary like 80, 443, etc. Memcache should almost always be accessible ONLY to the local network.

David Bock

I agree with both of you, but only as part of a 'defense in depth' approach. Firewalling an open port can solve the problem, but never opening it to listen in the first place avoids having a problem to solve.

It is important to secure memcache itself first, then have a firewall secure the whole machine. I use an iptables-based firewall called APF. That would be worth another entry, or perhaps two- one on APF, and one on 'defense in depth'.

By the way, mysql has the same 'flaw' as memcache... It listens on port 3306, and should be configured to just bind to a specific Ethernet device (127.0.0.1 if used as in the example above).

Sajal Basu

3 options to protect your valuable memcash

1. Use non standard ports

2. Use IP addresses to listen (on amazon this works wonderfully)

3. Run Memcached as non standard user.

The comments to this entry are closed.