If you have read Google’s product literature, you know that the Google Search Appliance is a very secure device.  The bright yellow appliance runs a hardened version of CentOS, and the inner-workings are safely hidden behind root login.

So, assuming we are dealing with an appliance with Fort Knox-level protection, what risks remain?  Below are several potential vulnerabilities that could jeopardize the security of your GSA platform.  Some of these risks can be mitigated easily, while others (particularly those involving human beings) may never be 100% avoidable.  I am not trying to cause panic.  I only hope to better educate the community so that simple risks can be avoided, and more complex risks can be appropriately understood and mitigated.

Administrator access

The GSA admin console offers two levels of accounts, Administrator and Manager.  In a perfect world, we would issue most accounts at the Manager-level.  But in practice, Manager-level accounts are not typically powerful enough to satisfy the needs of most users.  Manager accounts cannot adjust crawl URL patterns, manage query expansion files, or even set up dynamic navigation facets.  Because of this, I find that a most accounts in the GSA admin console are created at the Administrator level.