Security Expert Recommendations v7

RuleCheck SSL for improved performance
RecommendationConsider disabling SSL for improved performance.
Triggerssl = on and listen_addresses in ('localhost', '127.0.0.1', '::1')
SeverityLow

Description: SSL authentication is invaluable for protecting against connection-spoofing and eavesdropping attacks, but it is not always necessary for adequate security. When PostgreSQL accepts only local connections, or when it accepts only connections from a trusted network where malicious network traffic is not a concern, SSL encryption may not be necessary. Consider changing this setting if the current value is not appropriate for your environment.

Note: Even when SSL encryption is enabled, PostgreSQL servers should be further protected using an appropriate firewall configuration.

RuleCheck SSL for improved connection security
RecommendationConsider using SSL for improved connection security.
Triggerssl = off and listen_addresses not in ('localhost', '127.0.0.1','::1')
SeverityMedium

Description: The configuration variable listen_addresses indicates that your system may accept non-local connection requests, but SSL is not enabled. If PostgreSQL is exposed only to a secure, trusted internal network, this configuration is appropriate for maximum performance. Otherwise, you should consider enabling SSL. SSL offers two main advantages. First, it provides a more secure mechanism for authorizing connections to the database, helping to prevent unauthorized access. Second, SSL prevents eavesdropping attacks, where data sent from the database to clients, or from clients to the database, is viewed by an attacker while in transit. Consider changing this setting if the current value is not appropriate for your environment.

Note: Even when SSL encryption is enabled, PostgreSQL servers should be further protected using an appropriate firewall configuration.

RuleCheck TRUST authentication is disabled
RecommendationAvoid trust and ident authentication on unsecured networks.
Triggertrust or ident authentication allowed to any host other than 127.0.0.1 or ::1
SeverityHigh

Description: An attacker with access to your network can easily use the trust and ident authentication methods to subvert your network. If PostgreSQL is not running on a secure network, with firewalls in place to prevent malicious traffic, the use of these authentication methods should be avoided.

RuleCheck Password authentication on unsecured networks
RecommendationAvoid password authentication on unsecured networks.
Trigger(connection_type = 'host' or connection_type = 'hostnossl') and method = 'password'
SeverityHigh

Description: Passwords should not be transmitted in plaintext over unsecured networks. The use of md5 authentication provides slightly better security, but can still allow accounts to be compromised by a determined attacker. SSL encryption is a superior alternative. To require the use of SSL, set the connection type to hostssl in the pg_hba.conf file.

RuleCheck SSL for increased security
RecommendationConsider requiring SSL.
Triggerssl = on in postgresql.conf, but no hostssl lines in pg_hba.conf
SeverityMedium

Description: SSL encrypts passwords and all data transmitted over the connection, providing increased security. To require the use of SSL, set the connection type to hostssl in the pg_hba.conf file.