-
Notifications
You must be signed in to change notification settings - Fork 592
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Document secure deployment #13082
Comments
Topic brainstorming:
|
Docusaurus on deployment and configuration (https://docs.magmacore.org/docs/lte/configure_agw_ha) could be used to create a checklist. Logging is relevant to deployment security. https://docs.magmacore.org/docs/orc8r/debug_logs |
When I was testing a deployment of Orc8r on AWS, I discovered few sets of ports that we have to open in security group for the deployment. Maybe we can use this info in our security docs. |
Two important developments in the life of this ticket:
If/when I come back to this ticket it will be to declare victory. |
Work on this task is now in https://github.com/magma/security/issues/104. |
Secure Deployment Documentation
Problem
Secure software is secure by default. At deployment time there are a number of configuration choices that influence risk. Deployers lack guidance in what these are.
Solution
There should be documentation for deployers on steps they should take to ensure security.
For example, deployers should ensure that there is a verified boot and the AGW is locked down, and it is wise to have a managed OS.
Security guidance should appear where it is relevant and useful. There can be a centralized document, but the same tips may be available in context relevant to particular features.
Non-goals
It is out of scope to change the underlying software.
The text was updated successfully, but these errors were encountered: