MISP and Cloud Security
When utilizing MISP-Cloud we want to make sure you're following best pratices for security. The purpose of this document is to explain what goes into the build process of the images and how you can be safe when utilizing the image on your cloud provider.
The image of MISP-Cloud is created the same way the local images are created. Nothing specific to cloud-providers happens during the bootstrap or during the image creation.
The only action that requires special attention when using the image on a cloud provider is the username, database and salt configuration. Since these are all known (we have to give you these details in order for you to use the image) it's mandatory to change these before production usage. At a bare-minimum, you have to change the username password (and you're forced to do this after the first login), while we still recommend changing the database password and salt.
As explained in the documentation (for example AWS Installation Guide), the most important aspect in the security of your instance is related to firewall rules.
Some quick tips:
- If you require SSH access, make sure only your IP can to the instance (even though SSH password-less authentication is the standard)
- HTTPS is the only requirement for usage of MISP-Cloud. As per the documentation, you can chose to have that port open to the public or limited to a single IP or range.
Example configuration in AWS:
This example will open HTTPS to the internet and limit SSH to a single IP.
Feel free to chat with us on MISP-Cloud Gitter if you have any questions related to cloud usage.