This repository was archived by the owner on Jan 11, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 2
Initial Architecture Specification Notes and Guidelines
Sena Heydari edited this page Jan 12, 2016
·
6 revisions
- CentOS 7 - OS
- KVM - Virtualization Stack
- OPN Sense - Internet Facing Firewall and VPN Service
- Ansible - Configuration Management and Automation
- Jenkins - Continuous Integration
- Nginx - Load-Balancer and Web-Server
- PostgreSQL - Databases
- IP Tables - Server Level Firewall
- SE Linux - Server Level service auditing
- Monitoring - Icinga 2
- Centralized Logging - ELK Stack
- KVM GUI Management Tool - Virtual Machine Manager
- IDS & IPS - Snort or Suricata
- User Authentication and Access Control - OpenLDAP
- 2 Factor Authentication - Wikid Systems?
- SE Linux always enabled
- Re-Use Existing Well-Defined Code - e.g. use Ansible Galaxy roles or existing guides
- SSH Passthrough Auth - Research Viability
- Package install list per role/file
- IP Tables enabled per server
- IP Tables Reporting/Logging
- Encrypt at rest, in transit, wherever possible
- LTS and Latest Stable Release for all tools whenever possible
- Block all Ingress/Egress traffic by default
- Map Existing Attack Vectors
- Notify if Updates occur to config/software/updates
- IDS & IPS
- Use Same Platform Ideally for Both
- Extensibility is important for future growth
- Monitoring and Alerting Capabilities