For Security Server owner
Security Checklist
What is it about?
Various control questions are listed here, the answers to which will help you understand the important points of a secure X-tee implementation.
Control question | What is the danger here? |
|---|---|
| Is your security server on the latest X-Road software version? | Outdated software may contain security vulnerabilities through which an attacker can exploit your security server. Outdated software may have software errors that prevent data exchange. In the case of a very old version, RIA user support may not be able to solve your problems. |
Have you configured the communication between the information system and the security server over HTTPS with mTLS? | The security server does not validate that the incoming request was sent by a valid application and not by a malicious attacker. The application does not validate that the response sent to it was delivered by your security server and not by a malicious attacker. |
| Is there limited access to security server ports 80 and 443 in your external network? | Any application from the external network can try to make X-tee requests through your security server and on behalf of your organization. |
| Is there limited access to security server ports 80 and 443 in your intranet? | Any application on the intranet can make X-tee requests through your security server. If any application on your intranet has been hacked, the bad actor can use it to make X-tee requests through your security server. |
| Is access to port 4000 limited on a network basis in your security server? | Through port 4000 of the security server software, any visitor can log in to the admin interface of your security server. Access to port 4000 must be granted only to those persons whose task is to manage the security server. The number of login attempts is not limited by the X-Road software. |
| Is the sign certificate stored on the HSM device in your security server? | Not using an HSM device means that if a bad actor manages to break into your security server, they also has immediate access to the private key of your organizations sign certificate. NB! The production environment e-stamp (sign) certificates issued by SK ID Solutions must be stored on the HSM device. |
| Is only the security server software installed on your security server machine? | Extraneous and unnecessary software for the security server can negatively affect the operation of the security server and add new attack vectors through which a bad actor can break in. |
| Is the operation of your security server monitored? | In the absence of automatic monitoring, you can only find out about the failure of the security server when real damage has already occurred. |
| Are your security server message logs stored? | If message logs are not stored, it may not be possible to determine which messages (requests/responses) were exchanged. Storing message logs long-term makes it possible to record which requests were made and what their responses were. This adds an important evidence element to the X-tee data exchange, because the message logs are time-stamped and signed with the institution's e-stamp certificate. |
| Is the computer clock on your security server correct? | The security server logs may have a time difference with the actual time. |
| Is your security server recovery plan regularly tested? | Due to the lack of an up-to-date recovery plan for the security server, the interruption of data exchange may last significantly longer than the need to restore the existing security server. |
| Is your security server accessible for RIA monitoring? | If RIA central monitoring security servers cannot collect data, you will not see the usage reports of your subsystems, and in the event of technical failures of the security server, the RIA user support will have to request more data from you. |
Important reading