Security Considerations When Using JMX ports

The main security considerations when using JMX ports are as follows:

The JMX port should be loopback only. If it must be open to external interfaces, think again a few times. And again.

If you really insist on opening JMX port for external interfaces, enable SSL for JMX port and make sure client validates SSL cert when connecting.

A custom security policy should be defined to create roles that allow performing only the specific actions needed.

At least a predefined role should be used e.g. monitorRole for monitoring purposes.

Strong authentication mechanisms should be used such as LDAP/password based authentication.

If using passwords, use strong randomly generated passwords for authentication, don’t pass them on command line, the password file should not be readable by other users on the system (use 600 ACL protected file).

Please take a moment to share this post: Twitter, LinkedIn. . Thank you!