From 41a6bf73b71fe902394e53e5ba3f4574f156240f Mon Sep 17 00:00:00 2001 From: Arno Kaimbacher Date: Fri, 30 Jun 2023 15:02:58 +0200 Subject: [PATCH] - complete rewriting for C16. Security --- C16-Security.md | 61 +++++++++++++++++++++++++++++++++++++------------ 1 file changed, 46 insertions(+), 15 deletions(-) diff --git a/C16-Security.md b/C16-Security.md index 7d6b6f6..74bf713 100644 --- a/C16-Security.md +++ b/C16-Security.md @@ -1,28 +1,59 @@ -# C16.1 The levels of security required for differnt data and metadata and environments, and how these are supportet +# C16.1. The levels of security required for different data and metadata and environments, and how these are supported + +For supporting the levels of the required security for data, metadata and environments, we have implemented a multi-layered approach to security, which includes physical, technical and administrative controls. + +**Physical controls** involve securing access points, restricting visitor access, and monitoring who enters the premises. + +By implementing the following **technical controls**, the Tethys system ensures the security and protection of data, metadata, and the overall environment: +- **Network Firewall**: The Tethys backend system is protected by a network firewall that effectively manages the VLAN segmented network, adding an additional layer of defense. +- **Local Firewalls**: Each Tethys backend server is equipped with its own local firewall, which provides individual protection and enhances the security of the system. +- **Malware Scanning**: All file uploads to the Tethys backend system undergo scanning by a malware scanner. This scanning process helps identify and mitigate any potential security threats posed by uploaded files. +- **DMZ**: The Tethys frontend systems, which include the website and REST services, have relatively more permissive access from external sources. However, they are still shielded by the network firewall situated in the DMZ. This firewall acts as a barrier, protecting the frontend systems from unauthorized access and potential security breaches. +- **Data Replicas (SOLR)**: Access to the Tethys frontend systems from public frontend sources, such as the website and REST API, is facilitated through data replicas hosted with SOLR. This approach ensures efficient access to data while maintaining security measures. +- **Read-Only Remote File System Access**: In addition to data replicas hosted with SOLR, public frontend sources can download files through read-only remote file system access. This method allows for secure file downloads while preventing unauthorized modifications or access to sensitive information. + + +**Administrative controls** involve developing security policies and procedures, training employees, and conducting regular security audits. -For supporting the levels of the required security for data, metadata and environments we have implemented a multi-layered approach to security, which includes physical, technical and administrative controls. Physical controls involve securing access points, restricting visitor access, and monitoring who enters the premises. Strong encryption, a firewall and an antivirus software are used for technical control to secure networks. Administrative controls involve developing security policies and procedures, training employees, and conducting regular security audits. # C16.2. The IT security system, employees with roles related to security and any risk analysis approach in use. -The IT security system has several different types of employees and roles which are involved to manage the IT security system and perform the risk analyses. This means that there are different roles involved in the IT of Geosphere Austria. +In order to ensure prompt restoration of the research data repository in case of errors, designated roles are defined. This notification is crucial for all systems involved. The process entails following specific instructions outlined in our [Disaster Management guidelines](https://gitea.geologie.ac.at/geolba/tethys.backend/wiki/DisasterManagement). These instructions encompass steps to recover from database failures, and from data file backups via "IBM Spectrum Protect". The workflow for restarting frontend services, including the website and the REST API, is prioritized and executed using Docker. This prioritization ensures the provision of basic services after incidents. + + +The Tethys Repository's technical infrastructure is equipped with robust security measures to safeguard its integrity. These measures include: + +- The professional **architecture and design of software, virtualized hardware and network systems** contribute to ensuring overall security. +- **Short-term security patches** are regularly applied on both Tethys software and hardware components. This includes keeping the operating systems up to date with the latest releases and patches. By promptly addressing known vulnerabilities, the repository remains resilient against potential security threats. +- **Monitoring tools** are employed to oversee various aspects of the infrastructure, including hardware, firewall, software, services, performance and potential attacks. This proactive approach allows for the timely detection and mitigation of security issues, ensuring prompt response to potential threats. +- **Continuous training programs** are conducted for the technical staff to stay updated on the latest security practices and protocols. This ensures that the team remains well-informed and equipped to handle emerging security challenges effectively. +- Additionally, **security programs** such as virus scanners, local and network firewalls, encryption programs, spam filters and network segmentation are professionally utilized to enhance the overall security of the system. -- The Information Security Analyst is responsible for identifying and managing security risks, as well as developing and implementing security policies and procedures. -- The Network Security Engineer is an expert in designing and implementing security measures to protect computer networks from cyber attacks. -- The Security Architect is responsible for designing and implementing security systems, as well as ensuring that all security policies and procedures are being followed. -- The Administration Team is there to analyze and monitor security data to identify treads and vulnerabilities, and respond to security incidents as needed. They help the organization to develop security strategies and plans. They are also responsible for overseeing all aspects of an organization's security program, including risk management, compliance, and incident response. # C16.3 Measures in place to protect the facility. How the premises where digital objects are held area secured. -To premise where digital objects are held there is a multi-layered security system implemented that includes physical, electronic, and procedural controls. +To protect the facility where digital objects are held, GeoSphere Austria has implemented various security measures: -- The Physical security measures include surveillance cameras, access control systems, and perimeter security to prevent unauthorized entry. -- The Electronic security measures include the firewall, intrusion detection system, and encryption to protect digital data from cyber threats. -- The Procedural controls include security policies and procedures, employee training, and background checks to ensure that everyone who has access to the digital objects follows the appropriate security protocols. +1. **Entrance Control**: The server rooms at GeoSphere Austria are secured with an electronic physical access control system for the relevant entrances. This system ensures that only authorized personnel can access the server rooms, adding an extra layer of protection. +2. **Key Distribution**: Key distribution to employees is meticulously documented, enabling effective control and accountability over access to the premises. This documentation ensures that access to sensitive areas like the server room is only granted to authorize individuals. +3. **Guest Policies**: Policies have been established to govern the presence of guests within the building. These policies outline guidelines for accompanying and designating guests, ensuring that their activities are appropriately supervised and monitored. By implementing these policies, GeoSphere Austria ensures that guests do not compromise the security of the facility. +4. **Backup Power Supply**: The computer center at GeoSphere Austria is equipped with several Uninterruptible Power Supply (UPS) units. These backup power sources allow the TETHYS-relevant hardware to continue operating for extended periods, even in the event of a power outage. This ensures the availability and integrity of digital objects even during unforeseen power disruptions. +5. **Surveillance Cameras**: The facility utilizes surveillance cameras strategically placed throughout the premises. +6. **Fire**: Fire suppression systems are installed, there are fire and smoke detectors on all floors +7. **Flood**: All critical equipment is located on 2nd floor. -# C16.4 Any security-specific standards the repository references or compiles with. -We have one of the most well-known standards at the moment: ISO/IEC 27001. This is a standard that provides a framework for establishing, implementing, maintaining, and continually improving information security management systems. +# C16.4 any security-specific standards the repository references or compiles with. -# C16.5 Any authentification and authorization protectures employed to securely manage access to system use. +Our supervisory organization follows the ISO/IEC 27001 standard, showing our dedication to strong information security practices. Also for Tethys, we have implemented a comprehensive strategy to protect the privacy, accuracy, and accessibility of our research data, user data, and other information resources. This structured approach ensures that sensitive data is kept confidential, information remains reliable and precise, and authorized users can conveniently access the resources they need. + +# C16.5 Any authentication and authorization protectures employed to securely manage access to system use. + +**User Authentication**: Tethys typically supports multiple authentication methods, such as DB authentication with email/password and LDAP (Lightweight Directory Access Protocol). In the future, there are plans to integrate Single Sign-On (SSO) solutions into the Tethys repository. All of these methods verify the identity of users before granting access to the repository system. + +**Role-based Access Control (RBAC)**: The Tethys Repository utilizes roles (stored in the database) to manage authorization. RBAC assigns specific roles to users based on their responsibilities and grants corresponding permissions accordingly. This ensures that users have appropriate access rights based on their roles within the Tethys research repository system. + +**Access Control Lists (ACLs)**: ACLs are employed in Tethys to provide fine-grained access control at the dataset or collection level. They allow administrators to define specific permissions for individual users or groups, granting or restricting access to certain resources within the repository system. + +**Audit Logs and Monitoring**: Tethys repository has audit logging and monitoring capabilities to track user activities, access attempts, and changes made to the repository system. This helps in identifying and investigating any suspicious or unauthorized actions and provides a means for maintaining accountability and detecting potential security breaches. -For authentification and authorization protectures employed to securely manage access to Tethys, we are using LDAP, SAML, and Keycloak to ensure access to system usage. LDAP is used for user authentication and authorization, while SAML provides a secure way to exchange authentication and authorization data between different systems. Keycloak as an identity and access management solution is integrated with both LDAP and SAML, allowing for easy management of user identities and credentials. Overall, this combination of technologies provides a secure and reliable way to authenticate users and ensure that only authorized individuals have access to Tethys.