Redesign and consolidate the Security section #7772
Labels
C-doc-improvement
O-eng
P-1
High priority; must be done this release
T-enhancement
T-incorrect-or-unclear-info
T-missing-info
T-more-examples-needed
Raphael 'kena' Poss (knz) commented:
This issue consolidates seemingly unrelated SIAM projects into a single action plan.
Table of contents:
Linked issues
The existing issues in the repo can be grouped in broad themes, as follows. Note that these do not necessarily aim to translate to specific sections in the docs. See the next sections for that.
Security architecture
Public relations wrt security
Non-repudiation
Tamper protection
Authentication
Rule-based configuration
TLS client certs
cert list
command cli: add --cert-principal-map tocert list
command #7650Kerberos / GSSAPI
Admin UI authn
auth-session {login,logout,list}
cli: new commandauth-session {login,logout,list}
#6631Authorization
ROLE
andUSER
Establish equivalency between the keywordsROLE
andUSER
#7063ROLE
as an alias forUSER
. Adjust SQL diagram to showROLE
as an alias forUSER
. #7022Current doc structure and problems
The current security docs are currently structured as follows:
Overview
Action item: this page should be entirely rewritten. Suggestions below.
Authentication
Action item: page should be discarded and replaced by two different pages. Suggestions below.
Encryption
The page should explain the purpose of encryption (not just what it does) by explaining the attack vectors and the scope of vulnerability that CockroahcDB aims to protect against. It does not currently.
The page should start by distinguishing the purpose of network encryption and encryption-at rest, and how they solve different problems: they help reduce different attack vectors. It does not currently.
The page groups backup encryption and data encryption-at-rest with the suggestion that they are related. In fact they are covering different attack models and either can be deployed independently from the other.
Action items: introduce a proper overview section, then split the encryption features in different sub-pages.
Authorization
The page should explain the purpose of authorization (not just what it does) by explaining the attack vectors and the scope of vulnerability that CockroahcDB aims to protect against. It does not currently. (That said, the first paragraph is a good introduction of what authz currently provides)
The page only explains SQL authorization. It should explain authorization of all the various services offered by CockroachDb including CLI admin commands, HTTP APIs, admin UI etc. It currently does not.
Regarding SQL authorization:
root
too much, as we are aiming to remove access to that user account from end-users. Currentlyroot
is prominently featured at the beginning the page.Action items: the intro of the page should be extended. The SQL authz explanations moved to a sub-page. Authz for the other services should be added side-by-side with SQL authz.
SQL audit logging
Action items: Introduce a new page on Logging and Non-repudiation. Explain the security objectives and how the DBA should work together with CockroachDB to achieve non-repudiation objectives. Provide a list of all the audit logs and how they are configured. Move the current SQL audit logging page into a sub-page of that.
GSSAPI Authentication
Action items: Move this doc as sub-page of Authentication. Explain Kerberos concepts at the start.
Proposed structure
Let's aim for something like that:
cockroach demo
start-single-node
--insecure
--insecure
--insecure
Jira Issue: DOC-595
The text was updated successfully, but these errors were encountered: