published

MISP-and-Cloud-Security.md

@@ -0,0 +1,30 @@
+# Cloud Security
+
+When utilizing [MISP-Cloud](https://github.com/misp/misp-cloud) one of the general concerns is related to security. The purpose of this document is to explain what goes into the build process of the images and how you can be safe when utilizing the image on your cloud provider.
+
+## Image build
+
+The image for MISP-Cloud is created the same way the _local_ images are created. Nothing specific to cloud-providers happens during the bootstrap or during the image creation.
+
+## Username, Database and Salt
+
+The only action that requires special attention when using the image over the Internet is regarding the username, database and salt configuration. Since these are all known _(we have to give you these details in order for your to use the image)_ it's mandatory to change these before production usage. At a bare-minimum, you have to change the username password _(and you're forced to do this after the first login)_, while we still recommend changing the database password and salt. 
+
+## It's all about rules
+
+As explained in the documentation _(for example [AWS Installation Guide](https://github.com/misp/misp-cloud/wiki/AWS-Installation-Guide))_, the most important aspect of the security of your instance is related to firewall rules. 
+
+Some quick tips:
+
+- If you require SSH, make sure only your IP can connect to SSH of the instance _(even though SSH password less authentication is the standard)_
+- HTTP and HTTPS are the requirements for usage of the instance. As per the documentation, you can chose to have those ports open to the public or limited to a single IP or range
+
+Example configuration in AWS:
+
+![](https://github.com/misp/misp-cloud/blob/master/docs/images/aws3.png)
+
+This example will open HTTP/HTTPS to the internet and limited SSH to a single IP. 
+
+## Support
+
+Feel free to chat with us on [MISP-Cloud Gitter](https://gitter.im/MISP/misp-cloud) if you have any questions related to cloud usage.