Hardening or system hardening in the context of MSTC can be seen as the collection of tools, techniques, and best practices in place to reduce vulnerability related to MSTC. The goal of systems hardening is to reduce security risk by eliminating potential attack vectors and condensing the system's attack surface.
The different modules of MSTC are running on cloud infrastructure hosted via two hosting providers, Microsoft Azure and Amazon Web Services. This page describes the hardening measures in place for both providers. See page XXX for details on which modules are hosted through which provider.
Microsoft Azure
The following hardening measures are in place for the MSTC modules hosted on Microsoft Azure:
Resources in Microsoft Azure are segregated in different virtual networks and Network Security Groups.
By default all incoming traffic is forbidden. Only necessary ports and network protocols are allowed through specific firewall rules.
Only necessary components are installed on the servers.
Only necessary services and network ports are enabled on the web servers.
We perform 2 penetration tests per year and a monthly vulnerability scan.
Amazon Web Services
The following hardening measures are in place for the MSTC modules hosted on Amazon Web Services:
XX