====== Security Checklist (KRITIS/NIS2) ====== **Version:** 2.0\\ **Scope:** Crypto, Memory Safety, Availability, Information Disclosure, Secure Error Handling. Umfassende Sicherheits-Checklist basierend auf CWE-Schwachstellen und Angriffsmustern. ===== Cryptographic Security ===== ^ Check ^ CWE ^ Description ^ | [ ] Nonce Uniqueness | CWE-323 | AES-GCM Nonce pro Verschlüsselung einzigartig (KRITISCH!) | | [ ] Nonce Tracking | CWE-323 | Verwendete Nonces tracken, MAX_NONCES_PER_KEY erzwingen | | [ ] Key Rotation | CWE-323 | Key nach Nonce-Limit rotieren | | [ ] Cryptographic RNG | CWE-330 | OpenSSL/OS CSPRNG für Keys/Nonces | | [ ] Random IDs | CWE-330 | Keine sequentiellen Key/Session IDs | | [ ] Constant-time Comparison | CWE-208 | Für Secrets, MACs, Tokens, API Keys | | [ ] Replay Protection | CWE-294 | Nonce/Timestamp/Sequence Tracking | | [ ] Channel Encryption | CWE-300 | mTLS für externe Kommunikation | ===== Memory Security ===== ^ Check ^ CWE ^ Description ^ | [ ] Memory Zeroization | CWE-316 | Secrets nach Verwendung löschen | | [ ] No Secrets in Logs | CWE-532 | Niemals Keys, Passwords, Tokens loggen | | [ ] Secure String Handling | CWE-316 | SecureString (C#), secrecy (Rust) | | [ ] Key Material Cleared | CWE-316 | try-finally sichert Cleanup bei Exception | ===== Input Validation ===== ^ Check ^ CWE ^ Description ^ | [ ] Size Limits | CWE-400 | MAX_PAYLOAD_SIZE erzwungen (Default: 64KB) | | [ ] Integer Overflow | CWE-190 | SafeAdd(), checked_add(), checked arithmetic | | [ ] Null Checks | CWE-476 | An allen API-Grenzen | | [ ] No Unwrap on Input | CWE-248 | Korrektes Error Handling, kein Panic bei malformed Data | | [ ] Parameterized Queries | CWE-89 | Niemals String-Konkatenation für SQL | | [ ] Character Validation | - | Whitelist für Identifiers wo passend | ===== Error Handling ===== ^ Check ^ CWE ^ Description ^ | [ ] Sanitized Messages | CWE-209 | Keine Pfade/Versionen/Stack Traces an Client | | [ ] Full Error Logging | - | Kompletten Fehler intern loggen vor Sanitizing | | [ ] No Panic in Service | CWE-248 | Graceful Error Recovery, Service bleibt up | | [ ] Stack Trace Preserved | - | Re-throw ohne Wrapping | ===== Availability (DoS Protection) ===== ^ Check ^ CWE ^ Description ^ | [ ] Rate Limiting | CWE-400 | Token Bucket pro Client/Endpoint | | [ ] Request Size Limits | CWE-400 | Oversized Payloads früh ablehnen | | [ ] Lock Safety | CWE-667 | Lock Recovery Mechanismus | | [ ] Resource Cleanup | CWE-772 | try-finally, using, defer, RAII - immer | | [ ] Timeout Handling | CWE-400 | Timeouts auf alle externen Operationen | ===== Thread Safety ===== ^ Check ^ CWE ^ Description ^ | [ ] Lock Poisoning Handled | CWE-667 | Recovery von poisoned Locks | | [ ] No Race Conditions | CWE-362 | Thread-safe Datenstrukturen | | [ ] Atomic Operations | CWE-362 | Für Counters, Flags, Shared State | | [ ] Deadlock Prevention | CWE-833 | Lock Ordering, Timeouts | ===== Audit & Compliance ===== ^ Check ^ Standard ^ Description ^ | [ ] All Modifications Logged | ISO 27001 A.12.4 | Datenänderungen mit User, Timestamp, Old/New Value | | [ ] Security Events Logged | NIS2 Art. 21 | Failed Auth, Rate Limiting, Suspicious Input | | [ ] Log File Rotation | - | Inkrementelles Format | | [ ] No Sensitive Data in Logs | CWE-532 | Audit für accidental Exposure | ===== Quick Reference - By Attack Type ===== **Cryptographic Attacks:** * [ ] Nonce Reuse verhindert * [ ] Timing Attacks mitigiert (constant-time compare) * [ ] Replay Attacks blockiert * [ ] Key Enumeration verhindert (random IDs) **Input Attacks:** * [ ] Buffer Overflow verhindert (size limits) * [ ] Integer Overflow verhindert * [ ] Malformed Input behandelt * [ ] SQL Injection verhindert **Availability Attacks:** * [ ] Resource Exhaustion verhindert (rate limiting) * [ ] Lock Poisoning behandelt * [ ] Memory Exhaustion verhindert **Information Disclosure:** * [ ] Error Messages sanitized * [ ] Secrets nach Verwendung zeroized * [ ] Keine sensitiven Daten in Logs ---- Keine exec/shell_exec/system Aufrufe Keine eval() Aufrufe Output Escaping SQL Injection Prevention CSRF Protection ---- //Version: 2.0 (Split)//\\ //Autor: Wolfgang van der Stille// Zurück zu [[.:start|Sicherheit Checklists]] | [[..:start|Review Checklists]] ~~DISCUSSION:off~~