6ec8d3236d
- Replace TLAS with License Authority throughout documentation - Add Government of Goa emblem/logo (Ashoka Chakra style) - Update frontend branding to match documentation - Add configurable Swagger API link via VITE_API_BASE_URL env var - Fix Docker build for VitePress (git dependency, .dockerignore) - Fix helmet security headers for HTTP deployments - Add CORS support for VM deployment Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
1.7 KiB
1.7 KiB
Security Hardening
Pre-Deployment Checklist
Network Security
- Firewall rules configured
- Unnecessary ports closed
- Internal services not exposed
- SSL/TLS certificates installed
- HTTP redirected to HTTPS
Application Security
- Debug mode disabled
- Error messages sanitized
- Rate limiting enabled
- CORS properly configured
- Security headers set
Database Security
- Default passwords changed
- Network access restricted
- SSL connections enforced
- Audit logging enabled
- Backups encrypted
Authentication
- JWT secret rotated
- Password policy enforced
- Session timeout configured
- Failed login lockout enabled
- MFA available for admins
Security Headers
# Required headers
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
add_header X-XSS-Protection "1; mode=block";
add_header Strict-Transport-Security "max-age=31536000";
add_header Content-Security-Policy "default-src 'self'";
Vulnerability Management
Dependency Scanning
# Run weekly
npm audit
docker scan license-api:latest
Security Updates
- OS patches: Monthly
- Framework updates: Quarterly
- Critical CVEs: Within 48 hours
Incident Response
- Detect: Monitoring alerts, user reports
- Contain: Isolate affected systems
- Investigate: Identify scope and cause
- Remediate: Fix vulnerability
- Recover: Restore normal operations
- Document: Post-incident report
Access Reviews
| Review Type | Frequency |
|---|---|
| User access | Quarterly |
| Admin access | Monthly |
| API keys | Quarterly |
| Service accounts | Quarterly |