Inhaltsverzeichnis
Sigurnost
Ciljna skupina: Security-Admini, DevOps
Sadrzaj: TLS, Certifikati, Kontrola pristupa
Prioritet: Kriticno za produkciju
Sigurnosna konfiguracija za produktivni rad Data Gatewaya.
Tijek rada
flowchart LR
subgraph TLS["TLS"]
T1[Certifikat pribaviti]
T2[HTTPS aktivirati]
T3[Cipher Suites]
end
subgraph ACCESS["PRISTUP"]
A1[Firewall]
A2[API-Keys]
A3[IP-Whitelist]
end
subgraph CERTS["CERTIFIKATI"]
C1[Renewal]
C2[Monitoring]
end
T1 --> T2 --> T3
T2 --> A1
A1 --> C1 --> C2
style T1 fill:#e8f5e9
style A1 fill:#fff3e0
style C2 fill:#e3f2fd
Runbookovi
| Runbook | Opis | Trajanje |
|---|---|---|
| TLS postavljanje | HTTPS aktivirati, Certifikate konfigurirati | ~15 Min |
| Certifikat obnoviti | Renewal proces, Automatizacija | ~10 Min |
| Firewall pravila | Ogranicenje pristupa, IP-Whitelist | ~10 Min |
Sigurnosna kontrolna lista
| # | Provjera | Prioritet | Da/Ne |
| — | ———– | ———– | — |
| 1 | TLS/HTTPS aktiviran | Kriticno | - |
| 2 | Nema samopotpisanih certifikata u Produkciji | Kriticno | - |
| 3 | TLS 1.2+ forsiran | Visoko | - |
| 4 | Slabi Cipher deaktivirani | Visoko | - |
| 5 | Firewall konfiguriran | Kriticno | - |
| 6 | Istek certifikata nadziran | Visoko | - |
| 7 | Logovi ne sadrze lozinke | Kriticno | - |
Brze provjere
# HTTPS status provjeriti curl -I https://gateway.example.com/health # TLS verziju provjeriti openssl s_client -connect gateway.example.com:443 -tls1_2 openssl s_client -connect gateway.example.com:443 -tls1_3 # Istek certifikata provjeriti echo | openssl s_client -connect gateway.example.com:443 2>/dev/null | openssl x509 -noout -dates
Povezana dokumentacija
- Administrator: Sigurnost - Arhitektura
- Business: PQ-Sigurnost - Compliance
- PQ Crypto Operator - Post-Quantum
« <- Operatorski prirucnik | -> TLS postavljanje »
Wolfgang van der Stille @ EMSR DATA d.o.o. - Data Gateway Professional
Zuletzt geändert: 30.01.2026. u 08:49
