AniNIX/Wiki
AniNIX
/
Wiki
2
0
Fork 0
Code Issues 9 Pull Requests 2 Releases Activity
Wiki/Layouts/Security_Layout.md

2.3 KiB
Raw Blame History

This offers a detail of the security hierarchy of the AniNIX, which is layered in the following sections.

Physical security

Physical security includes storing the Forge2 in a locked second-floor building. Cerberus offers reporting on events in this location. Admins co-locate with this location and are trained in combat and close quarters defense. Physical intrusions will be rebuffed to the fullest extent of the law.

Network/Software protection

{{Organizer|Firewall| {{Organizer|Shadowfeed| {{Organizer|Trusted DMZ| {{Reference|DarkNet}} {{Organizer|Core| {{Organizer|Cerberus| {{Organizer|Firewall| Most of the services in the AniNIX are monitored by network-level intrusion detection

Open-access Services

{{Reference|WebServer}}{{Reference|TheRaven}}{{Reference|Foundation}}{{Reference|Heartbeat}}

Password-Restricted Services

{{Reference|IRC}}{{Reference|Wiki}}{{Reference|Yggdrasil}}

Remote Access

{{Organizer|Cerberus| The SSH service supports password and key authentication. {{Reference|SSH}} |Cerberus}} }} |Cerberus}} |Core}} {{Organizer|Windows| {{Organizer|Firewall| {{Reference|Games}} }} |Windows}} }} {{Organizer|Guest DMZ| Any visitors to the AniNIX premises are given access to the outside Internet via the Shadowfeed, but this access is isolated away from AniNIX systems. }} |Shadowfeed}} }}

Filesystem security

{{Organizer|Forge2| {{Organizer|Cerberus| {{Organizer|VirusScan| The Hypervisor content lives here. |VirusScan}} |Cerberus}} {{Organizer|Core| {{Organizer|LUKS-on-LVM Volume| {{Organizer|Cerberus| {{Organizer|VirusScan| Most of the data lives inside these layers. |VirusScan}} |Cerberus}} }} |Core}} {{Organizer|Windows| {{Organizer|VirusScan| The Windows data lives here. |VirusScan}} |Windows}} |Forge2}}

Backups

Windows and Core are backed up locally on mirrored, non-RAID disks. They are also backed up to a 4TB hard drive from the Forge2 to an off site safety deposit box in a bank, making it very difficult to destroy all copies of these hosts.

Should all backups be lost, the Aether project also backs up Core's critical configuration files and a list of files in Yggdrasil to an anonymous list of servers. Grimoire's databases are independently archived to a password-based tarball and stored in cloud storage.

Category:Security Category:Layout