search

melicertes / csp

The Cyber Security Platform MeliCERTes is part of the European Strategy for Cyber Security. MeliCERTes is a network for establishing confidence and trust among the national Computer Security Incident Response Teams (CSIRTs) of the Member States and for promoting swift and effective operational cooperation.
Other
30 stars 7 forks source link

MISP external sync #48

Closed iglocska closed 5 years ago

iglocska commented 5 years ago

Thanks a lot for looking into making the MELiCERTES MISP installation usable via MISP-to-MISP synchronisation setups. However, I have some questions:

https://github.com/melicertes/csp/blob/c9012c559ff89790b92750b43083510938c9e4ff/deployment/docker/applications/misp/misp-proxy/proxy.js#L24

What is that secret key? Is this a built in backdoor or some funky way of authenticating all sync requests with a built in user as opposed to the normal paradigm?

Could you also point us to the various issues we've raised during the training that don't have to do with having actual connectivity but rather potential information leakage when missing MISP sharing groups and MELiCERTES trust circles?

Thank you in advance.

thanosa75 commented 5 years ago

Hi,

the authkey is generated when MiSP is initialised. See here:

https://github.com/melicertes/csp/blame/develop/deployment/docker/base-images/misp-image/run.sh#L259

The /run/secrets construct is a standard docker mechanism for secure sharing of keys (https://docs.docker.com/engine/swarm/secrets/).

Also, re/second item, please do use one issue per question. Consortium is going through open questions and issues raised and will respond.

Thanks