Actions
New Content #13401
closedBest practices doc for rotating credentials and keys
Start date:
Due date:
% Done:
100%
Estimated time:
Description
We need a document somewhere in the pfSense docs which describes methods for periodic rotation of security-related items, including:
- User passwords (user manager, perhaps other areas such as PPPoE/L2TP server?)
- Credentials for connecting to external authentication servers
- Certificate private keys (for GUI, for VPNs, other purposes)
- VPN pre-shared keys (IPsec, WireGuard, etc)
- Packages which carry their own credential information are not as critical, but may be worth mentioning (e.g. FreeRADIUS and NET-SNMP at least)
The timing of such changes may vary widely by organization so we probably shouldn't suggest time frames for these, only note methods and potential pitfalls (e.g. importance of coordinating changes with VPN peers)
Actions