Measures to Promote Security


  1. No external access to the system via SSH.

  2. Aggressive networking stance. All connectivity is restricted to known peers/ports and maintained via infrastructure as code (IAC).

  3. All egress traffic is filtered to known domains only. Deny by default.

  4. Minimal public-facing infrastructure. Shielded by AWS-managed services where possible.

  5. Production access is severely limited only to automatic processes and trusted operators.

  6. CI/CD systems used to deploy infrastructure/applications. Peer review/approval for any new code entering production

Last updated