Security and Privacy
is built with a strong focus on security and has a password policy that conforms to NIST 800-63B. It provides the following security features:
- Token based authentication.
- Role base access control.
- OIDC Identity Provider.
- Encryption at rest – using tools to encrypt the data before writing it to storage.
- Encryption at transit – Using TLS encryption (note – a few agents/protocols still do not provide TLS. If encryption at transit is needed for such features, it must be enabled in the networking layer).
- Immutable images, scanned with image scanners for CVEs.
- Automated certificate management, using the cert-manager tool to integrate with CA.
Token Based Authentication
Our web UIs and the following agents and profiles uses token based authentication:
Role Based Access Control
See /wiki/spaces/UEPED2/pages/2225339 for more information.
OIDC Identity Provider
Access control to OIDC authenticated applications is integrated in role model, see /wiki/spaces/UEPED2/pages/2223728 for more information.
Encryption at Rest
See/wiki/spaces/UEPED2/pages/2224129 for more information.
Encryption at Transit
The following agents and profiles use TLS:
- /wiki/spaces/UEPED2/pages/2224148
- /wiki/spaces/UEPED2/pages/2177103
- /wiki/spaces/UEPED2/pages/2224789
- /wiki/spaces/UEPED2/pages/2224054
- /wiki/spaces/UEPED2/pages/2224125
- /wiki/spaces/UEPED2/pages/2224551
- /wiki/spaces/UEPED2/pages/2220523
- /wiki/spaces/UEPED2/pages/2218689
- /wiki/spaces/UEPED2/pages/2218891
and the system interfaces use HTTPS and TLS.
Immutable images
is delivered as docker images that are being scanned for any potential CVEs before being made available for download.
Automated certificate management
Use of cert-manager is recommended for deployment in private cloud or AWS, but can be disabled if needed.
See /wiki/spaces/UEPED2/pages/2224373 and /wiki/spaces/UEPED2/pages/2223281 for more information.