Security best practices

Security best practices
prev	Chapter 7 Security practices	next

Observing these rules can help to prevent unauthorized access to the controller:

Do not enable shell history on your controller.
Do not allow other users besides sdn and sdnadmin to have access to your controller system.
Do not store your authentication token in plain text, such as a non-encrypted cookie.
Do not use self-signed certificates in a production environment.
Do not alter contents under /opt/sdn/Cassandra and /opt/sdn/Hazelcast.
Do not delete any of the following iptables rules as shown below:
iptables –L Chain INPUT (policy ACCEPT)

IP tables Rules

Target	prot opt source	Destination
REJECT	tcp --anywhere	anywhere tcp dpt:5700 reject-with icmp-port-unreachable
ACCEPT	tcp – 127.0.0.0/8	anywhere tcp dpt:9160
REJECT	tcp --anywhere	anywhere tcp dpt:9160 reject-with icmp-port-unreachable
ACCEPT	tcp – 127.0.0.0/8	anywhere tcp dpt:7199
REJECT	tcp --anywhere	anywhere tcp dpt:7199 reject-with icmp-port-unreachable

prev	up	next
Security procedure	home	Chapter 8 Hybrid mode for controlling packet-forwarding