Skip to content
Snippets Groups Projects

removed the footer plugin to test if it crashes the build.

Merged removed the footer plugin to test if it crashes the build.
quickstart-update into master
Merged Adam Měrka requested to merge quickstart-update into master
Compare
and
4 files
+ 96
4
Compare changes
  • Side-by-side
  • Inline
Files
4
1-security/README.md
+ 63
0
@@ -4,3 +4,66 @@
>**TODO** user is admin of virtual machines... etc.
## SSH keys
## Pre-runtime measures
### Endorsed images
endorsements for virtual machine images implemented directly, as cryptographically signed hashes, indirectly, based on verbal agreements only virtual machine instances based on endorsed images are allowed to have public IP addresses modified and subsequently saved images are no longer considered to be endorsed by the original endorser
##Trusted users
trusted users defined as users with high-level identity verification or explicit endorsement from other trusted users or site managers. Only trusted users have access to pools of public IP addresses
##Restricted remote access to running virtual machines
only the following combinations of access methods and authentication methods are allowed
SSH with public key authentication
SSH with GSS API authentication
##Encrypted RDP/VNC
password-based remote authentication methods are not allowed (e.g. SSH with a plain password)
Automated pre-runtime compliance testing
all virtual machine images and virtual machine instances based on said images must be tested for explicit compliance with the defined security profile (Cloud_Security_Policy#Security_Profile)
only compliant images and virtual machine instances based on said images can
be published (made available to other users)
be assigned public IP addresses
be launched outside isolated private networks
##Runtime measures
* Networking isolation for L2
* running virtual machine instance will be isolated in a VLAN if the image of the instance is based on is not endorsed by a trusted user
it does not belong to a trusted user
it is running OS Windows
its owner chooses to isolate it
##Networking isolation for L3
running virtual machine instance will be isolated using firewall if
it has a public IP address
its owner chooses to isolate it in a private network
##IP logging
* every IP address given to a virtual machine instance will be tied to its owner for the duration of its lifetime (i.e. until shutdown)
owner of the virtual machine instance is responsible for any illegal activity during its lifetime
* Anti-spoofing rules for networking
network addresses assigned to a virtual machine instance by the cloud platform are mandatory and cannot be changed by the owner at runtime. Anti-spoofing rules are enforced by the hypervisor or local network infrastructure
an attempt to change the assigned network addresses will immediately cut off the virtual machine instance from any subsequent network communication
##Automated runtime compliance testing
All running virtual machine instances are periodically tested for compliance with the defined security profile (Cloud_Security_Policy#Security_Profile)
repeated or long-running non-compliance will result in an immediate forced shutdown of the given instance
##Automated configuration changes in virtual machines
all virtual machine images must support contextualization to the following extent
* boot-time injection of a public key for the root user (where applicable)
* boot-time change of the RDP/VNC credentials (where applicable)
* Post-runtime measures
##Extraction of virtual machine logs
At the end of its lifetime (i.e. after shutdown), the contents of /var/log from the root file system of every virtual machine instance will be archived
##Extraction of timestamps
At the end of its lifetime (i.e. after shutdown), timestamps from the root file system of every virtual machine instance will be archived
##Security Profile
TBD
##Incident Response
whenever possible follow general procedures stipulated by CESNET and EGI
close cooperation with CSIRT security teams