After relaunching our website using a more up-to-date layout, the new wordpress privacy module asked me to setup a privacy disclosure.
Having recapitulated my professional life while updating my CV just days earlier, I thought it might be a good idea to start maintaining a security checklist, as follows
- Access via asymmetric cryptography key-pairs only
- Only store asymmetric public keys, used to access sensitive services from our secured environment only.
- Not allowing service access from 3rd parties via weak ‘cookies’ or ‘tokens’.
- Web-applications may manage their own user-login database with credentials and
- won’t send passwords via emails
- store encrypted/hashed passwords only, not clear text
- Database and certain other vulnerable resources are directly accessed by web-applications via intranet only
- Web-applications are not executed with the web-server credentials, but within dedicated user space (separation, encapsulation)
- A firewall explicitly opts-in network services as intended
- Using a self-healing redundant filesystem and encrypted distributed replication backup strategy
- Follows regular update procedures
- Utilizing Warrant Canaries in our transparency report.
The list only contains the very obvious standard procedure, but even the very same seems to be too much to bother for some big industrial players, sometimes
- 2019-05-03 Looting of private git repositories: Wrong file permissions & stored access tokens
- 2019-05-02 Cisco stores private SSH keys matching stored public authorized login pair on same device
- 2018-01-08 AMD’s Vulnerable Platform Security Processor (PSP) Hardware Add-On (similar w/ Intel’s ME 2017-05-08)
- 2017-05-08 Intel’s Vulnerable Management Engine Hardware Add-On (similar w/ AMD’s PSP 2018-01-08)
Then there are vulnerabilities induced by the mere complexity of the system and not by sheer incompetence or even bad intend
- 2018-01-16 Meltdown & Spectre CPU Vulnerabilities. Meltdown affecting Intel x86, IBM Power and some ARM CPUs, while Spectre affecting branch-predictions of probably all CPUs pre-2019.
Whatever may compromise our systems, one has to assume no component can be ultimately trusted. The latter wisdom can be utilized in systems design, allowing to safe guard against the worst outcomes.