Hardening

Hardening or system hardening in the context of S2C can be seen as the collection of tools, techniques, and best practices in place to reduce vulnerability related to S2C. The goal of systems hardening is to reduce security risk by eliminating potential attack vectors and condensing the system's attack surface.

The different modules of S2C are running on cloud infrastructure hosted via two hosting providers, Microsoft Azure and Amazon Web Services. This page describes the hardening measures in place for both providers. See page XXX for details on which modules are hosted through which provider.

Microsoft Azure

The following hardening measures are in place for the S2C modules hosted on Microsoft Azure:

• Resources in Microsoft Azure are segregated in different virtual networks and Network Security Groups.

• By default all incoming traffic is forbidden. Only necessary ports and network protocols are allowed through specific firewall rules.

• Only necessary components are installed on the servers.

• Only necessary services and network ports are enabled on the web servers.
  We perform 2 penetration tests per year and a monthly vulnerability scan.

Amazon Web Services

The following hardening measures are in place for the S2C modules hosted on Amazon Web Services:

• XX