docs/security/network-security-considerations.md

1 # Network Security Considerations
7 This is only intended to be a guide; security is ultimately the responsibility
9 a security vulnerability, please consider [how to report a security
12 [how to report a security vulnerability]:
13   https://github.com/openbmc/docs/blob/master/security/how-to-report-a-security-vulnerability.md
32 - The BMC is presumed to have a network adapter. The security considerations of
33   the NIC are important to the BMC security, but are outside the scope of this
48 driver have security considerations which are important to BMC security, but are
83 Transport layer security (TLS) protocols are configured for each service at
126 Laws may require products built on OpenBMC to have reasonable security built
146 - Transport layer security (TLS) protocols offered.
166 General security considerations for HTTP servers apply such as given by [OWASP
167 Application Security][].
169 BMCWeb controls which HTTPS transport layer security (TLS) ciphers it offers via
179 [owasp application security]:
203 General security considerations for REST APIs apply:
206 Redfish provides security considerations in the "Security Detail" section of the
213 Application Security Guidance][] apply to OpenBMC. The webui-vue uses username
216 [owasp web application security guidance]:
237 General security considerations for service discovery apply. For example,
242 General security considerations for service discovery apply.
252 General security considerations for IPMI apply. For example, described here: