Content management error: Header Banners should not be placed in the Navigation placeholder!
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
This system is a web-based application providing a broad range of services for jurors navigating their way through the Victorian justice system. This is a fully managed Software-as-a-Service (SaaS) platform that the state and the public interact via.
Modis was asked to undertake a review of the application and its infrastructure and identified a number of areas that could be refreshed and strengthened in order to meet the challenges of growing the product into other jurisdictions.
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
As part of an overall monitoring strategy, logging was enabled for CloudFront. This allowed the team to analyse the traffic coming into JMS to see if the encryption protocols and ciphers could be strengthened. It was found that less than 1% of clients were using TLSv1.1 and below, protocols known to have been compromised in the past. This allowed JMS to move to the more secure TLSv1.2 as a minimum, mitigating the range of possible attack vectors.
Security group rules for all managed services and EC2 instances were reviewed and unnecessary ports and protocols were removed. Again, this removed vectors that possible attackers might be able to exploit.
Continuing the strategy of defence in depth, all aspects of S3 usage were reviewed. Versioning and encryption were enabled on all S3 Buckets, and Block Public Access was made the enforced. This configuration was built into the associated CloudFormation templates. VPC Endpoints were created for S3 so that this traffic did not have to traverse the public Internet.
JMS uses the Amazon web Services managed services CodeCommit, CodeBuild, and CodeDeploy to create a Blue/Green deployment pipeline to promote build artefacts from the development environment, through staging, and into production. Over time, a number of expedient, emergency changes had created a bottleneck in this pipeline so that deployments had to be performed manually; the Modis team analysed the pipeline and discovered a subtle misconfiguration within CodeDeploy. This misconfiguration was corrected via CloudFormation, ensuring the change was captured correctly and so that any future drift could be seen readily. The end-to-end deployment pipeline was again optimal.
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
With these changes in place, the JMS application is now more secure and the infrastructure more robust, making it better able to meet the challenges of moving into other jurisdictions. This ongoing maintenance and modernisation brings continuous improvement, helping ensure that Jurors make it on time to the correct courts, and helping the Justice system operates for citizens.
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!
Content management error: Generic Content Banners should not be placed in the Navigation placeholder!