Skip to content

Commit 4361f31

Browse files
authored
Merge pull request #38 from Engineering-Research-and-Development/cert_doc_upadate_part_10
Cert doc upadate part 10
2 parents 4771540 + 78d209d commit 4361f31

File tree

3 files changed

+19
-17
lines changed

3 files changed

+19
-17
lines changed

README.md

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,6 @@
11
![](doc/TRUE_Connector_Logo.png?raw=true)
22
<div align="right" style="color: black; font-size: 25px;">
3-
<strong> Version 1.0.7 </strong>
3+
<strong> Version 1.0.8 </strong>
44
</div>
55

66
</br></br>

doc/TRUEConnector/prerequisite.md

Lines changed: 10 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -64,8 +64,7 @@ AllowUsers sshUser1 sshUser2...
6464

6565
### Create SSH public and private keys for user accessing host machine
6666

67-
As a first step, a key-pair needs to be created. This is usually done on the server.
68-
With the following command a new key-pair is created.
67+
As the first step, a key pair needs to be created. Following best security practices, each ***user*** generates their asymmetric key pair and securely shares the public key with the OS administrator for implementation at the OS level. The following command is used to create a new key pair.
6968

7069
```
7170
ssh-keygen -t rsa -b 4096 -f ~/.ssh/desktop_key-rsa
@@ -76,8 +75,10 @@ ssh-keygen -t rsa -b 4096 -f ~/.ssh/desktop_key-rsa
7675
* `-b 4096` - specifies the key length, 4096 offers a good balance between security and performance, providing strong protection against brute-force attacks without being overly taxing on system resources.
7776
* `-f ~/.ssh/desktop_key-rsa` - specifies the filename for the key file
7877

79-
In order to create the key, you will be asked for a password. This is the password for your key. It is recommended and considered as best practice (and also security related) to enter passphrase. It will be used as security step, avoiding the usage of a stolen or lost private key. The result of this command should be two files. The file "\~/.ssh/desktop_key-rsa" which is the private-key file, and the file "~/.ssh/desktop_key-rsa.pub" which contains your public-key file.
80-
This public-key and private-key will be securely transferred to the client. This means that keys are transferred to the client machine without exposing the content of the file, following best practices for delivering files containing sensitive data, such are password protected zip archive, uploading to some storage, and providing link to the responsible user, admin approaching to the client and copying key file from USB stick, or whatever is applicable and most suitable for the company.
78+
Using `-t rsa -b 4096` with `ssh-keygen` is essential for creating RSA keys of 4096 bits, improving security. The algorithm employed in the SSH communication protocol is the 4096-bit RSA asymmetric encryption algorithm. This method of key generation guarantees that the SSH keys for authentication are robust and secure against unauthorized access
79+
80+
In order to create the key, you will be asked for a password. This is the password for your key. It is recommended and considered as best practice (and also security related) to enter passphrase. It will be used as security step, avoiding the usage of a stolen or lost private key. The result of this command should be two files. The file "\~/.ssh/desktop_key-rsa" which is the private-key file, and the file "~/.ssh/desktop_key-rsa.pub" which contains your public-key file.
81+
After the process is completed, the ***user*** must securely transfer the public-key to the OS administrator. This entails transferring the public-key without exposing the file's contents, following best practices for delivering files containing sensitive data. These practices may include using a password-protected zip archive, uploading to secure storage and providing a link to the responsible OS administrator, physically approaching the OS administrator and copying the key file from a USB stick, or employing any other applicable and suitable method for the company.
8182

8283
public-key needs to be added to the authorized keys. To make sure we do not override any already configured authorized key,
8384
we add the public-key to the authorized_keys file. If the file does not yet exist, it will create it automatically:
@@ -116,13 +117,13 @@ AllowUsers sshUser1 sshUser2...
116117

117118
### Periodic SSH Key Update Procedure
118119

119-
For maintaining security administrators should perform a periodic refresh of SSH keys. This process should be conducted every three months (minimal, or even on lesser time frame if security policy requires). During each update cycle, the administrator is responsible for generating new SSH keys for all end users and ensuring the invalidation of previous keys. This practice ensures that any potential security risks associated with compromised or outdated keys are mitigated.
120+
To maintain security, OS administrators must periodically refresh SSH keys. This process must occur every three months (minimal, or even on lesser time frame if security policy requires). During each update cycle, administrators are responsible for informing users that they need to generate a new key pair and securely transfer the new public key. Failure to do so will make previous authorized keys invalid. This practice ensures that potential security risks associated with compromised or outdated keys are mitigated.
120121

121-
To facilitate this process, the following steps should be diligently followed:
122+
To facilitate this process, the following steps must be diligently followed:
122123

123-
* Generate New SSH Keys: Admins should create new SSH key pairs for each user.
124+
* Generate New SSH Keys: Users must create new SSH key pairs.
124125

125-
* Distribute New Keys Securely: Once new keys are generated, they should be securely transferred to the end users.
126+
* Distribute New Keys Securely: Once new keys are generated, the public-key must be securely transferred to OS administrator.
126127

127128
* Update the authorized_keys File: The new public keys must be added to the authorized_keys file on the server, replacing the old keys.
128129

@@ -135,7 +136,7 @@ To facilitate this process, the following steps should be diligently followed:
135136
* Review and Test: After updating, conduct a thorough review and testing to ensure that only the new keys are operational and that server access is functioning as expected with the updated keys.
136137

137138

138-
By regularly updating SSH keys every three months, administrators will enhance the security of server access, making sure these keys effectively protect against unauthorized entry.
139+
By regularly updating SSH keys every three months, OS administrators will enhance the security of server access, making sure these keys effectively protect against unauthorized entry.
139140

140141
## Secure DB
141142

doc/configuration-list-evaluation.md

Lines changed: 8 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -4,13 +4,14 @@ This document contains an iterative table providing details on the certification
44

55
| TRUE Connector version | Release Date | Submodules version | Source code | Evaluation evidence|
66
|:-----------------------:|:--------------:|:-----------------------------------------------------------------------:|:----------:|:-------------------|
7-
| v1.0.7 | 2023-02-27 | ECC (v1.14.8), DataApp (v0.3.8), UCApp (v1.7.9), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.7) |Teams meetings, Email conversations |
8-
| v1.0.6 | 2023-01-26 | ECC (v1.14.7), DataApp (v0.3.8), UCApp (v1.7.8), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.6) |TRUE Connector evaluation clarification points TC/v1/v2/v3/v4/v5/v6, Email conversations |
9-
| v1.0.5 | 2022-12-13 | ECC (v1.14.6), DataApp (v0.3.7), UCApp (v1.7.8), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.5) | JIRA issues, Email conversations |
10-
| v1.0.4 | 2022-11-17 | ECC (v1.14.6), DataApp (v0.3.7), UCApp (v1.7.8), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.4) |JIRA issues, Email conversations |
11-
| v1.0.3 | 2022-10-13 | ECC (v1.14.4), DataApp (v0.3.4), UCApp (v1.7.5), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.3) | JIRA issues, Email conversations |
12-
| v1.0.2 | 2022-10-04 | ECC (v1.14.3), DataApp (v0.3.2), UCApp (v1.7.5), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.2) | JIRA issues, Email conversations |
13-
| v1.0.1 | 2021-08-22 | ECC (v1.14.2), DataApp (v0.3.1), UCApp (v1.7.4), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.1) | JIRA Issues, Email conversations |
7+
| v1.0.8 | 2024-03-20 | ECC (v1.14.8), DataApp (v0.3.8), UCApp (v1.7.9), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.8) | Email conversations |
8+
| v1.0.7 | 2024-02-27 | ECC (v1.14.8), DataApp (v0.3.8), UCApp (v1.7.9), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.7) |Teams meetings, Email conversations |
9+
| v1.0.6 | 2024-01-25 | ECC (v1.14.7), DataApp (v0.3.8), UCApp (v1.7.8), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.6) |TRUE Connector evaluation clarification points TC/v1/v2/v3/v4/v5/v6, Email conversations |
10+
| v1.0.5 | 2023-12-13 | ECC (v1.14.6), DataApp (v0.3.7), UCApp (v1.7.8), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.5) | JIRA issues, Email conversations |
11+
| v1.0.4 | 2023-11-17 | ECC (v1.14.6), DataApp (v0.3.7), UCApp (v1.7.8), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.4) |JIRA issues, Email conversations |
12+
| v1.0.3 | 2023-10-13 | ECC (v1.14.4), DataApp (v0.3.4), UCApp (v1.7.5), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.3) | JIRA issues, Email conversations |
13+
| v1.0.2 | 2023-10-04 | ECC (v1.14.3), DataApp (v0.3.2), UCApp (v1.7.5), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.2) | JIRA issues, Email conversations |
14+
| v1.0.1 | 2023-08-22 | ECC (v1.14.2), DataApp (v0.3.1), UCApp (v1.7.4), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.1) | JIRA Issues, Email conversations |
1415
| v1.0.0 | 2023-07-19 | ECC (v1.14.1), DataApp (v0.3.0), UCApp (v1.7.2), PIP (v1.0.0) |[Link](https://github.com/Engineering-Research-and-Development/true-connector/releases/tag/v1.0.0) | Feedback_Questionnaire_Connector_TRUE_Connector_14_07_2023.xlsx, JIRA issues, email conversations |
1516

1617

0 commit comments

Comments
 (0)