Inhaltsverzeichnis

Security

Target audience: Security Admins, DevOps
Content: TLS, Certificates, Access control
Priority: Critical for production

Security configuration for production operation of the Data Gateway.

Workflow

flowchart LR subgraph TLS["TLS"] T1[Obtain certificate] T2[Enable HTTPS] T3[Cipher suites] end subgraph ACCESS["ACCESS"] A1[Firewall] A2[API Keys] A3[IP Whitelist] end subgraph CERTS["CERTIFICATES"] C1[Renewal] C2[Monitoring] end T1 --> T2 --> T3 T2 --> A1 A1 --> C1 --> C2 style T1 fill:#e8f5e9 style A1 fill:#fff3e0 style C2 fill:#e3f2fd

Runbooks

Runbook Description Duration
Set Up TLS Enable HTTPS, configure certificates ~15 min
Renew Certificate Renewal process, automation ~10 min
Firewall Rules Access restriction, IP whitelist ~10 min

Security Checklist

# Check Priority Done
——-———-——
1 TLS/HTTPS enabled Critical [ ]
2 No self-signed certificates in prod Critical [ ]
3 TLS 1.2+ enforced High [ ]
4 Weak ciphers disabled High [ ]
5 Firewall configured Critical [ ]
6 Certificate expiry monitored High [ ]
7 Logs contain no passwords Critical [ ]

Quick Wins

# Check HTTPS status
curl -I https://gateway.example.com/health
 
# Check TLS version
openssl s_client -connect gateway.example.com:443 -tls1_2
openssl s_client -connect gateway.example.com:443 -tls1_3
 
# Check certificate expiry
echo | openssl s_client -connect gateway.example.com:443 2>/dev/null | openssl x509 -noout -dates

« <- Operator Handbook | -> Set Up TLS »

Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional

, , ,