Skip to content

Security Hardening Guide #1023

New issue
New issue
Open
Open
Security Hardening Guide#1023
Labels
priority: medium
@ravindk89

Description

@ravindk89
ravindk89
opened on Oct 5, 2023

We have an increasing number of requests around deploying "hardened" MinIO clusters.

We do have a security checklist, but the requests are for more specific steps and guidance during deployment. They also include steps around disabling or curtailing root access after deployment.

To that end, we can craft a MNMD deployment guide that is focused on security hardening, that includes specific steps for:

  • Creating and configuring TLS (Network hardening)
  • Configuring firewalls (Network hardening)
  • Deploying and configuring admin users (Software Hardening)
  • Disabling Root API Access (Software Hardening)
  • Deploying SSE (At-Rest security)
  • Connecting via STS (avoid hardcoding credentials in apps)

Some substeps, like SSE, are easiest to do once other projects complete first to reduce dependency on external products. We can do most of the others first and then come back around to fill in further from there.

Metadata

Metadata

Assignees

No one assigned

    Labels

    priority: medium

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions