Gateway Security

Introduction

This gives an overview of gateway security measures.

Hardened hosts

The gateway appliance is packaged as a VMware Open Virtual Appliance (OVA). The appliance runs a hardened version of Ubuntu 20.04.

The latest version of the gateway runs containerized services. Containers run on MicroK8s, which is a secure Kubernetes distribution from Canonical.

The operating system and Kubernetes are hardened to meet several industry standard security requirements, including:

• Center for Internet Security (CIS) security benchmarks.

• Open Web Application Security Project® (OWASP) best practices for containers.

• Community-sourced hardening checks, such as:

  • Conduro
  • Konstruktoid

Secure container images

All container images are hosted securely in Google Artifact Registry. A set of rigorous vulnerability scans are applied to container images, including:

• Google Container Analysis
• Tenable Nessus scanner

What to do next

See the Security Reference for more information.