Inhaltsverzeichnis
Security
Target audience: Security Admins, DevOps
Content: TLS, Certificates, Access control
Priority: Critical for production
Security configuration for production operation of the Data Gateway.
Workflow
flowchart LR
subgraph TLS["TLS"]
T1[Obtain certificate]
T2[Enable HTTPS]
T3[Cipher suites]
end
subgraph ACCESS["ACCESS"]
A1[Firewall]
A2[API Keys]
A3[IP Whitelist]
end
subgraph CERTS["CERTIFICATES"]
C1[Renewal]
C2[Monitoring]
end
T1 --> T2 --> T3
T2 --> A1
A1 --> C1 --> C2
style T1 fill:#e8f5e9
style A1 fill:#fff3e0
style C2 fill:#e3f2fd
Runbooks
| Runbook | Description | Duration |
|---|---|---|
| Set Up TLS | Enable HTTPS, configure certificates | ~15 min |
| Renew Certificate | Renewal process, automation | ~10 min |
| Firewall Rules | Access restriction, IP whitelist | ~10 min |
Security Checklist
| # | Check | Priority | Done |
| — | ——- | ———- | —— |
| 1 | TLS/HTTPS enabled | Critical | [ ] |
| 2 | No self-signed certificates in prod | Critical | [ ] |
| 3 | TLS 1.2+ enforced | High | [ ] |
| 4 | Weak ciphers disabled | High | [ ] |
| 5 | Firewall configured | Critical | [ ] |
| 6 | Certificate expiry monitored | High | [ ] |
| 7 | Logs contain no passwords | Critical | [ ] |
Quick Wins
# Check HTTPS status curl -I https://gateway.example.com/health # Check TLS version openssl s_client -connect gateway.example.com:443 -tls1_2 openssl s_client -connect gateway.example.com:443 -tls1_3 # Check certificate expiry echo | openssl s_client -connect gateway.example.com:443 2>/dev/null | openssl x509 -noout -dates
Related Documentation
- Administrator: Security - Architecture
- Business: PQ Security - Compliance
- PQ Crypto Operator - Post-Quantum
« <- Operator Handbook | -> Set Up TLS »
Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional
Zuletzt geändert: on 2026/01/30 at 08:47 AM
