Security/FirefoxOperations: Difference between revisions

Jump to navigation Jump to search

Security/FirefoxOperations (view source)

Revision as of 22:52, 7 June 2016

915 bytes removed ,  7 June 2016
no edit summary
No edit summary
Line 13: Line 13:
The table below summarizes the open issues assigned to the CloudSec team, sorted by area of focus.
The table below summarizes the open issues assigned to the CloudSec team, sorted by area of focus.


=== Operational Security ===
{| class="wikitable"
{| class="wikitable"
|- style="vertical-align:bottom;"
|- style="vertical-align:top;"
! style="height:100px; width:300px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Continuous Testing (TDS)
Continous Testing
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Fraud Detection
Fraud Detection
Line 24: Line 24:
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Infra Hardening
Infra Hardening
! style="height:100px; width:200px; text-align:center;" |
Threat monitoring
|-
|-
| style="background-color: red;"|
! Operational security
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;1.1+TDS&quot; '''3 HIGH'''<br />'''2 MEDIUM'''<br />'''3 LOW'''<br />]
| style="background-color: yellow;"|
| style="background-color: red;"|
2 HIGH<br />2 MEDIUM<br />2 LOW<br />
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;1.2+fraud+detection&quot; '''3 HIGH'''<br />'''1 MEDIUM'''<br />]
| style="background-color: yellow;"|
2 HIGH<br />1 MEDIUM<br />
| style="background-color: green;"|
| style="background-color: green;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;1.3+identity+management&quot; '''1 MEDIUM'''<br />'''1 LOW'''<br />]
1 MEDIUM<br />1 LOW<br />
| style="background-color: yellow;"|
| style="background-color: yellow;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;1.4+infra+hardening&quot; '''4 MEDIUM'''<br />'''3 LOW'''<br />]
3 MEDIUM<br />3 LOW<br />  
| style="background-color: green;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;3.2+monitor+external+threats&quot; '''2 LOW'''<br />]
|}
|}


=== Application Security ===
{| class="wikitable"
{| class="wikitable"
|- style="vertical-align:bottom;"
|- style="vertical-align:top;"
! style="height:100px; width:300px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Risk & Security reviews
Risk & Security reviews
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Test & Implement Baseline Security
Test & Implement Baseline Security
! style="height:100px; width:200px; text-align:center;" |
Data & Code Signing
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Training & Communication
Training & Communication
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Bug Bounty
Bug Bounty
|-
! Application Security
| style="background-color: yellow;"|
2 HIGH<br />1 LOW<br />
| style="background-color: yellow;"|
1 HIGH<br />1 MEDIUM<br />
| style="background-color: green;"|
1 HIGH<br />2 LOW<br />
| no pending task
|}
{| class="wikitable"
|- style="vertical-align:top;"
! style="height:100px; width:300px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
Data & Code Signing
! style="height:100px; width:200px; text-align:center;" |
Threat monitoring
! style="height:100px; width:200px; text-align:center;" |
! style="height:100px; width:200px; text-align:center;" |
External audits
External audits
|-
|-
! Core security services
| style="background-color: yellow;"|
| style="background-color: yellow;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;2.1+risk+assessment&quot; '''2 HIGH'''<br />'''1 LOW'''<br />]
1 HIGH<br />1 MEDIUM<br />1 LOW<br />
| style="background-color: yellow;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;2.2+appsec+baseline&quot; '''1 HIGH'''<br />'''1 MEDIUM'''<br />]
| style="background-color: yellow;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;3.1+signature&quot; '''1 HIGH'''<br />'''1 MEDIUM'''<br />'''1 LOW'''<br />]
| style="background-color: green;"|
| style="background-color: green;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;2.3+security+communication&quot; '''1 HIGH'''<br />'''2 LOW'''<br />]
2 LOW<br />
| no pending task
| style="background-color: green;"|
| style="background-color: green;"|
[https://github.com/mozilla-services/cloudsec/issues?q=is%3Aopen+is%3Aissue+label%3A&quot;3.3+external+audits&quot; '''2 LOW'''<br />]
1 LOW<br />
|}
|}


Line 129: Line 138:
* Set HSTS to 2592000 (30 days) ('''INFRA-HSTS''')
* Set HSTS to 2592000 (30 days) ('''INFRA-HSTS''')
* Set HPKP to 2592000 (30 days) ('''INFRA-HPKP''')
* Set HPKP to 2592000 (30 days) ('''INFRA-HPKP''')
* Admin panels must only be available behind VPN and require LDAP auth ('''INFRA-ADMIN''')
* Admin panels must:
** only be available behind Mozilla VPN (which provides MFA) ('''INFRA-ADMINVPN''')
** require LDAP authentication ('''INFRA-ADMINLDAP''')
** enforce a two-man rule on sensitive changes ('''INFRA-2MANRULE''')


=== Coding rules ===
=== Coding rules ===
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1136320"

Navigation menu