Skip to content

Control Access to the Server
Author: Muneeb Ali
Version: 1.0
Date: 20.02.2024

Security

Role-based access control (RBAC) to the frontend and backend servers running the Tukko application. Access control is a fundamental security concept that regulates who or what can view or use resources in a computing environment. By ensuring that only authorized users have access to the development environment and the files contained therein, we can help prevent security breaches or accidental modifications to critical files.

Server is up and running.

Attacker A attempts to use a default root account to login. The server denies this request because root login is disabled, and creates an audit log of the security event. This is displayed to the admins on login.

Attacker B has discovered one of the account usernames. They attempt to use brute-force attacks to crack the password. The server detects this attempt, and automatically bans their IP address as well as generates a security log. Additionally the strong password policies ensure that the passwords are very difficult to crack.

Use Case Diagram

uml diagram Security –-> server –-> limit rights given to users --> root account is disabled --> user login attempts logging.

Description of use case

  1. Access the server.
  2. Give only necessary rights to users.
  3. Access to root is not allowed. Users, also admin users are given neccesary rights.
  4. Monitor users and keep logs.

Exceptions

  • Basic error handling e.g. 403 Forbidden

Result

  • Secure server and hard to hack/compromise.

Use frequency

  • Running at all times.

Additional information

  • No additional info

Sources

Content from this is partly based on the The public administration recommendations