From f51a02d613973b5351b32eee28fe8627302d7069 Mon Sep 17 00:00:00 2001 From: alexfornuto Date: Wed, 29 Sep 2021 12:30:20 -0500 Subject: [PATCH] init security section --- docs/.vuepress/config.js | 12 ++++++++++ docs/docs/security/readme.md | 35 ++++++++++++++++++++++++++++++ docs/docs/security/sidecar.md | 5 +++++ docs/docs/security/upstream-jwt.md | 9 ++++++++ docs/docs/security/upstream-tls.md | 5 +++++ 5 files changed, 66 insertions(+) create mode 100644 docs/docs/security/readme.md create mode 100644 docs/docs/security/sidecar.md create mode 100644 docs/docs/security/upstream-jwt.md create mode 100644 docs/docs/security/upstream-tls.md diff --git a/docs/.vuepress/config.js b/docs/.vuepress/config.js index 77c7dd1c4..c4bf20360 100644 --- a/docs/.vuepress/config.js +++ b/docs/.vuepress/config.js @@ -131,6 +131,18 @@ module.exports = { ], }, "client", + { + title: "Security", + collapsable: true, + path: "/docs/security/", + sidebarDepth: 1, + children: [ + "security/readme", + "security/upstream-tls", + "security/sidecar", + "security/upstream-jwt", + ], + }, { title: "Topics", collapsable: true, diff --git a/docs/docs/security/readme.md b/docs/docs/security/readme.md new file mode 100644 index 000000000..435739da6 --- /dev/null +++ b/docs/docs/security/readme.md @@ -0,0 +1,35 @@ +--- +title: Securing Pomerium +lang: en-US +description: Increase your infrastructure security at multiple levels. +--- + +# Securing Pomerium + +Discuss how security is important, sounds daunting, and can be achieved at multiple levels. Assure readers that steps can be implemented individually and added one at a time as needed or feasible. + +Describe how Pomerium secures traffic from the proxy to the client out of the box with enforced TLS. + +## Concepts + +Begin by explaining the difference between securing client connections to Pomerium and Upstream connections between Pomerium and services. + +### Layers + +Discuss Protocol vs Application layer security + +### Sidecar + +Explain the concept of a sidecar versus in-application verification. + +### JWT Verification + +explain JWT and how to mutually verify + +### TLS and mTLS + +Explain the two levels of TLS security + +## Next Steps + +Bulleted list of next steps to take, ordered by common order of implementation. \ No newline at end of file diff --git a/docs/docs/security/sidecar.md b/docs/docs/security/sidecar.md new file mode 100644 index 000000000..25372846f --- /dev/null +++ b/docs/docs/security/sidecar.md @@ -0,0 +1,5 @@ +--- +title: Sidecar +lang: en-US +description: Create an Envoy Sidecar +--- \ No newline at end of file diff --git a/docs/docs/security/upstream-jwt.md b/docs/docs/security/upstream-jwt.md new file mode 100644 index 000000000..c44ef7b0b --- /dev/null +++ b/docs/docs/security/upstream-jwt.md @@ -0,0 +1,9 @@ +--- +title: Upstream JWT Verification +lang: en-US +description: Secure connections between Pomerium and Upstream Services with JWT Verification +--- + +## Via Application + +## Via Sidecard \ No newline at end of file diff --git a/docs/docs/security/upstream-tls.md b/docs/docs/security/upstream-tls.md new file mode 100644 index 000000000..05eb84a36 --- /dev/null +++ b/docs/docs/security/upstream-tls.md @@ -0,0 +1,5 @@ +--- +title: Upstream TLS +lang: en-US +description: Secure connections between Pomerium and Upstream Services with TLS +--- \ No newline at end of file