Security Overview
Security Layers
┌─────────────────────────────────────────────────────────────┐
│ Security Architecture │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ Auth │ │ RBAC │ │ Audit │ │
│ │ (Keycloak) │ │ (PostgreSQL)│ │ (OpenSearch)│ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
│ │
│ ┌──────────────┐ ┌──────────────┐ ┌──────────────┐ │
│ │ TLS │ │ Network │ │ Wazuh │ │
│ │ (HTTPS) │ │ (Docker) │ │ (SIEM) │ │
│ └──────────────┘ └──────────────┘ └──────────────┘ │
└─────────────────────────────────────────────────────────────┘
Components
| Component | Technology | Function |
|---|---|---|
| Authentication | Keycloak | SSO, JWT tokens |
| Authorization | PostgreSQL RBAC | Permission-based access |
| Audit Trail | OpenSearch | Immutable logging |
| Network Security | Docker Network | Isolation |
| TLS | Self-signed certs | Encryption in transit |
| SIEM | Wazuh | Security monitoring |
Security Features
Authentication
- JWT token-based authentication
- Keycloak SSO integration
- Token validation via JWKS
Authorization
- Role-Based Access Control (RBAC)
- Permission-based API access
- Multi-tenant data isolation
Audit Trail
- Immutable audit logging
- Hash chain verification
- 90-day retention
Network Security
- Docker network isolation
- TLS for OpenSearch
- CORS configuration
Security Monitoring
- Wazuh SIEM integration
- Real-time alerting
- Threat detection
Next Steps
- Keycloak - Authentication setup
- RBAC - Role-Based Access Control
- Audit Trail - Audit logging
- ISO Compliance - Compliance features