Security of the infrastructure

ArchitectureBetter safe than sorry.Vest🔒 🦺 🔑

Accounts

  • Never give personnel more access than strictly necessary to do their work.
  • Whenever possible, use automatic termination of accounts after a specific date or period.

Installation site

  • One should install hardware such as Modbus Gateway behind at least a locked door.
  • One must report missing hardware and its certificates revoked ASAP.
  • Equipment must be password protected with a unique random password.
  • Equipment must connect over an encrypted channel.
  • Equipment must never expose itself on the public internet.
  • Equipment must continuously be updated with security patches.

Office

  • Employees at NODA are required to use Bitwarden for password management.
  • TOTP is enforced whenever possible. For the most important objects, U2F security keys (from Yubico) are used.
  • Employees' workstations/laptops are full-disk encrypted.
  • Employees' workstations/laptops must be updated with new security patches at a regular interval.
  • WiFi passwords to the office network are never shared with visitors or friends.

Servers

  • Software that exposes an interface to another system must always require authentication, even if the system exposes an interface in a "secure" environment.
  • Access to the server system is only allowed through an SSH bastion using certificate authentication. Only the DevOps team has access to this gateway.
  • One must never expose the Kubernetes API to the internet outside a maintenance window. During these windows, only a handful of selected IP addresses are allowed to communicate with the API endpoint.
  • Machines, Container and Software packages must be tracked for updated of security patches.

Code

  • Code in repositories is continuously scanned for new security vulnerabilities.
  • Whenever an issue is found, the code is patched, verified and deployed within the next available maintenance window.
  • Employees are only given access to a project they are working on.
  • Code is written with security in mind.
    • As few dependencies on external systems as possible.
    • Known libraries shall ONLY ever manage cryptography. Never implement a crypto-solution by yourself.
    • Having test cases for most of the code is key to having a stable code base.