Control Access to the Server (FEA407)
Document Type | Feature Description |
Feature | FEA407 |
Author | Noora Kuikka |
Version | 1.0 |
Date | 19.02.2024 |
Description
The feature involves implementing mechanisms to control and manage access to the server hosting the Tukko Traffic Visualizer project. This includes setting up authentication, authorization, and access control measures to restrict access to authorized personnel only. By controlling access to the server, the project aims to enhance its security posture and minimize the risk of unauthorized access or intrusions.
Feature-related restrictions, requirements, and use cases
Linked Use Cases | Use Case |
Linked Requirements | ReqID list |
User Stories related to the feature
User Story ID | Description | Affected Feature |
---|---|---|
US057 | As a security specialist, I want to have controls over who can access the server. | FEA407 |
Links to issues:
Implementation
We hardened the server and ssh configurations. We also set up role-based access control for user accounts and configured the firewall settings. Additionally we implemented fail2ban in order to prevent brute-force attacks on the ssh login.
The detailed implementation guide can be found here!
Testing / possible approval criteria
Test Case | Description |
---|---|
Acceptance Test Case | Acceptance Test |
Functional System Test Case | Test Case |
Security Test Case | Test Case |