This offers a detail of the security hierarchy of the AniNIX, which is layered in the following sections.

# Physical security
Physical security includes storing the [[Forge2]] in a locked second-floor building. [[Cerberus]] offers reporting on events in this location. Admins co-locate with this location and are trained in combat and close quarters defense. Physical intrusions will be rebuffed to the fullest extent of the law.

# Network/Software protection
{{Organizer|Firewall|
{{Organizer|Shadowfeed|
{{Organizer|Trusted DMZ|
{{Reference|DarkNet}}
{{Organizer|Core|
{{Organizer|Cerberus|
{{Organizer|Firewall|
Most of the services in the AniNIX are monitored by network-level intrusion detection
## Open-access Services
{{Reference|WebServer}}{{Reference|TheRaven}}{{Reference|Foundation}}{{Reference|Heartbeat}}
## Password-Restricted Services
{{Reference|IRC}}{{Reference|Wiki}}{{Reference|Yggdrasil}}
## Remote Access
{{Organizer|Cerberus|
The SSH service supports password and key authentication.
{{Reference|SSH}}
|Cerberus}}
}}
|Cerberus}}
|Core}}
{{Organizer|Windows|
{{Organizer|Firewall|
{{Reference|Games}}
}}
|Windows}}
}}
{{Organizer|Guest DMZ|
Any visitors to the AniNIX premises are given access to the outside Internet via the Shadowfeed, but this access is isolated away from AniNIX systems.
}}
|Shadowfeed}}
}}

# Filesystem security
{{Organizer|Forge2|
{{Organizer|Cerberus|
{{Organizer|VirusScan|
The Hypervisor content lives here.
|VirusScan}}
|Cerberus}}
{{Organizer|Core|
{{Organizer|LUKS-on-LVM Volume|
{{Organizer|Cerberus|
{{Organizer|VirusScan|
Most of the data lives inside these layers.
|VirusScan}}
|Cerberus}}
}}
|Core}}
{{Organizer|Windows|
{{Organizer|VirusScan|
The Windows data lives here.
|VirusScan}}
|Windows}}
|Forge2}}

# Backups
[[Windows]] and [[Core]] are backed up locally on mirrored, non-RAID disks. They are also backed up to a 4TB hard drive from the [[Forge2]] to an off site safety deposit box in a bank, making it very difficult to destroy all copies of these hosts.

Should all backups be lost, the [[Aether]] project also backs up Core's critical configuration files and a list of files in [[Yggdrasil]] to an anonymous list of servers. [[Grimoire]]'s databases are independently archived to a password-based tarball and stored in cloud storage.

[[Category:Security]]
[[Category:Layout]]