68 lines
2.3 KiB
Markdown
68 lines
2.3 KiB
Markdown
This offers a detail of the security hierarchy of the AniNIX, which is layered in the following sections.
|
|
|
|
# Physical security
|
|
Physical security includes storing the [[Forge2]] in a locked second-floor building. [[Cerberus]] offers reporting on events in this location. Admins co-locate with this location and are trained in combat and close quarters defense. Physical intrusions will be rebuffed to the fullest extent of the law.
|
|
|
|
# Network/Software protection
|
|
{{Organizer|Firewall|
|
|
{{Organizer|Shadowfeed|
|
|
{{Organizer|Trusted DMZ|
|
|
{{Reference|DarkNet}}
|
|
{{Organizer|Core|
|
|
{{Organizer|Cerberus|
|
|
{{Organizer|Firewall|
|
|
Most of the services in the AniNIX are monitored by network-level intrusion detection
|
|
## Open-access Services
|
|
{{Reference|WebServer}}{{Reference|TheRaven}}{{Reference|Foundation}}{{Reference|Heartbeat}}
|
|
## Password-Restricted Services
|
|
{{Reference|IRC}}{{Reference|Wiki}}{{Reference|Yggdrasil}}
|
|
## Remote Access
|
|
{{Organizer|Cerberus|
|
|
The SSH service supports password and key authentication.
|
|
{{Reference|SSH}}
|
|
|Cerberus}}
|
|
}}
|
|
|Cerberus}}
|
|
|Core}}
|
|
{{Organizer|Windows|
|
|
{{Organizer|Firewall|
|
|
{{Reference|Games}}
|
|
}}
|
|
|Windows}}
|
|
}}
|
|
{{Organizer|Guest DMZ|
|
|
Any visitors to the AniNIX premises are given access to the outside Internet via the Shadowfeed, but this access is isolated away from AniNIX systems.
|
|
}}
|
|
|Shadowfeed}}
|
|
}}
|
|
|
|
# Filesystem security
|
|
{{Organizer|Forge2|
|
|
{{Organizer|Cerberus|
|
|
{{Organizer|VirusScan|
|
|
The Hypervisor content lives here.
|
|
|VirusScan}}
|
|
|Cerberus}}
|
|
{{Organizer|Core|
|
|
{{Organizer|LUKS-on-LVM Volume|
|
|
{{Organizer|Cerberus|
|
|
{{Organizer|VirusScan|
|
|
Most of the data lives inside these layers.
|
|
|VirusScan}}
|
|
|Cerberus}}
|
|
}}
|
|
|Core}}
|
|
{{Organizer|Windows|
|
|
{{Organizer|VirusScan|
|
|
The Windows data lives here.
|
|
|VirusScan}}
|
|
|Windows}}
|
|
|Forge2}}
|
|
|
|
# Backups
|
|
[[Windows]] and [[Core]] are backed up locally on mirrored, non-RAID disks. They are also backed up to a 4TB hard drive from the [[Forge2]] to an off site safety deposit box in a bank, making it very difficult to destroy all copies of these hosts.
|
|
|
|
Should all backups be lost, the [[Aether]] project also backs up Core's critical configuration files and a list of files in [[Yggdrasil]] to an anonymous list of servers. [[Grimoire]]'s databases are independently archived to a password-based tarball and stored in cloud storage.
|
|
|
|
[[Category:Security]]
|
|
[[Category:Layout]] |