Public VPS
Description
The Public VPS represents the externally hosted infrastructure component of the Scheol Lab.
It provides public-facing services and may host:
- web applications
- reverse proxies
- external backup services
- testing environments
The VPS is deployed in a cloud provider environment and therefore operates outside the on-premise infrastructure perimeter.
Asset Identification
| Attribute | Value |
|---|---|
| Asset ID | INF-VPS-01 |
| CI Type | Infrastructure |
| Asset Name | Public VPS |
| Asset Category | External Hosting |
| Owner | Operations Role (Ops) |
| Status | In Progress |
| Location | External Hosting Provider |
| Primary Function | Hosting public-facing services |
Asset Dependencies
| Dependency Type | Asset | Status |
|---|---|---|
| Hosting Provider | Web Hosting Infrastructure | Active |
| Secure Access | Bastion / Teleport | Planned |
| Monitoring | Logging Platform | Planned |
Relationships
| Relationship | Target CI |
|---|---|
| Hosted on | External Hosting Provider |
| Hosts | Documentation Platform |
| Supports capability | Governance & Documentation |
Asset Classification
| Criteria | Level |
|---|---|
| Confidentiality | 🟥 High |
| Integrity | 🟥 High |
| Availability | 🟥 High |
Criticality score: 🟥 High
Rationale:
- The VPS is exposed to external networks and therefore faces higher threat exposure.
- Compromise may impact public services and external access.
Responsibilities
| Role | Responsibility |
|---|---|
| Operations Role (Ops) | System deployment, patch management |
| Security Role (Sec) | Hardening, monitoring, risk management |
Security Controls (High-Level)
The following security controls are typically applied to this asset:
- Host Hardening - secure baseline configuration of the operating system
- Patch Management - regular installation of security updates
- Access Control - restricted administrative access and authentication mechanisms
- Network Security Controls - firewall rules limiting exposed services
- Monitoring and Logging - centralized log collection and anomaly detection
Security Considerations
Common threats affecting this asset include:
- external intrusion attempts
- exploitation of exposed services
- credential compromise
- misconfigured public interfaces
Security controls may include:
- firewall restrictions
- secure remote access
- vulnerability management
- log collection and monitoring
Methodological References:
- ISO 27001 - Control 5.1 Policies for information security ; Control 8.2 Information asset management ; Control 8.16 Monitoring activities.
- NIST CSF - ID.AM Asset Management, PR.IP Information Protection Processes and Procedures, DE.CM Continuous Monitoring.
- EBIOS RM - Identification and protection of Internet-facing servers and hosted services.