FEA407 - Control access to the server
Feature ID | FEA407 |
Subsystem the feature is part of | EP04 - Security and Authentication |
Responsible person | Team Cven |
Status | Done |
Description
This feature aims to set up restrictions on who can access the server and what kind of traffic is allowed on the server.
Restrictions, requirements and use cases related to this feature
ID | Description |
---|---|
FUNC-REQ-C0013 | Adjust security settings for the server |
Preliminary user stories
- US057 As a security specialist I want to have controls over who can access the server, SSH / MFA / don't allow root login / etc. #76
User interface mock-up
Implementation
Limiting traffic was done by setting security groups in the CSC settings for the server. Security Groups are effectively a collection of firewall rules. Severak rules were created to allow SSH, ping and web traffic to the VMs:
SSH connection to the VMs is possible by connecting to their public IP/DNS name. A private SSH key must be used for authentication as password authentication is not possible:
Different keys were created for development and production environments. In addition, root login is not allowed:
Testing / possible acceptance criteria
Testcase | Test source | Responsible |
---|---|---|
Testcase 1 | FUNC-REQ-C0013 | |