Security
Jan 1 2022 at 12:00 AM
The V-Raptor™ contains various security components. The purpose of this document is to highlight important security components and to act as an entry point for a security discussion at a later stage. The figure below illustrates important components utilised by the V-Raptor™ deployments from a security perspective. The components will be discussed in more detail in the following subsections.
 |
| This article applies to deployments managed by IoT.nxt®. Self-hosted solutions may differ. |
V-Raptor™ login
The V-Raptor™ loging makes use of the Commander™ as an authentication provider. For an overview of this component, please visit the Commander™ Authentication article.
Cloud deployments
The IoT.nxt® cloud solution is hosted in AWS. AWS user accounts are protected using multi-factor authentication. All cloud infrastructure enjoys protection from denial-of-service protection supplied by Cloudflare. Ingress controllers accept and forward public traffic to internal network infrastructure. Assets deployed in the Amazon Virtual Private Cloud (VPC) enjoy the network protection provided by restrictive network security groups.
Security visibility is provided in AWS by CloudTrail and CloudWatch. Log events are ingested by CloudTrail and forwarded to CloudWatch for security processing. Log files are processed in CloudWatch to identify security events. Identified security events are delivered to the IoT.nxt® security team via email.
V-Raptor™ security
The V-Raptor™ application is a collection of microservices. The V-Raptor™ solution is deployed in Kubernetes. Each microservice runs in its own sandbox. A security advantage of containerisation is that in the unlikely event of exploitation, the exploitation of a microservice will at most give an attacker access to a sandbox of the exploited service, and not to the entire system or sandboxes of other services.