====== Sigurnost ======

<WRAP round info>
**Ciljna skupina:** Security-Admini, DevOps \\
**Sadrzaj:** TLS, Certifikati, Kontrola pristupa \\
**Prioritet:** Kriticno za produkciju
</WRAP>

Sigurnosna konfiguracija za produktivni rad Data Gatewaya.

----

===== Tijek rada =====

<mermaid>
flowchart LR
    subgraph TLS["TLS"]
        T1[Certifikat pribaviti]
        T2[HTTPS aktivirati]
        T3[Cipher Suites]
    end

    subgraph ACCESS["PRISTUP"]
        A1[Firewall]
        A2[API-Keys]
        A3[IP-Whitelist]
    end

    subgraph CERTS["CERTIFIKATI"]
        C1[Renewal]
        C2[Monitoring]
    end

    T1 --> T2 --> T3
    T2 --> A1
    A1 --> C1 --> C2

    style T1 fill:#e8f5e9
    style A1 fill:#fff3e0
    style C2 fill:#e3f2fd
</mermaid>

----

===== Runbookovi =====

^  Runbook  ^  Opis  ^  Trajanje  ^
| [[.:tls-einrichten|TLS postavljanje]] | HTTPS aktivirati, Certifikate konfigurirati | ~15 Min |
| [[.:zertifikat-erneuern|Certifikat obnoviti]] | Renewal proces, Automatizacija | ~10 Min |
| [[.:firewall-regeln|Firewall pravila]] | Ogranicenje pristupa, IP-Whitelist | ~10 Min |

----

===== Sigurnosna kontrolna lista =====

| # | Provjera | Prioritet | Da/Ne |
|---|-----------|-----------|---|
| 1 | TLS/HTTPS aktiviran | Kriticno | - |
| 2 | Nema samopotpisanih certifikata u Produkciji | Kriticno | - |
| 3 | TLS 1.2+ forsiran | Visoko | - |
| 4 | Slabi Cipher deaktivirani | Visoko | - |
| 5 | Firewall konfiguriran | Kriticno | - |
| 6 | Istek certifikata nadziran | Visoko | - |
| 7 | Logovi ne sadrze lozinke | Kriticno | - |

----

===== Brze provjere =====

<code bash>
# HTTPS status provjeriti
curl -I https://gateway.example.com/health

# TLS verziju provjeriti
openssl s_client -connect gateway.example.com:443 -tls1_2
openssl s_client -connect gateway.example.com:443 -tls1_3

# Istek certifikata provjeriti
echo | openssl s_client -connect gateway.example.com:443 2>/dev/null | openssl x509 -noout -dates
</code>

----

===== Povezana dokumentacija =====

  * [[..:administrator:sicherheit:start|Administrator: Sigurnost]] - Arhitektura
  * [[..:business:sicherheit:start|Business: PQ-Sigurnost]] - Compliance
  * [[..:..:..:pqcrypt:szenarien:operator:start|PQ Crypto Operator]] - Post-Quantum

----

<< [[..:start|<- Operatorski prirucnik]] | [[.:tls-einrichten|-> TLS postavljanje]] >>

----
//Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional//

{{tag>operator sicherheit tls zertifikate}}