From ea3e92dc5f582164df14fd7810695b2495c01fe6 Mon Sep 17 00:00:00 2001
From: Brian Carrier <carrier@sleuthkit.org>
Date: Tue, 3 Nov 2015 18:15:46 -0500
Subject: [PATCH] Added page to docs about security

---
 docs/doxygen-user/main.dox               |  1 +
 docs/doxygen-user/multiuser-security.dox | 16 ++++++++++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 docs/doxygen-user/multiuser-security.dox

diff --git a/docs/doxygen-user/main.dox b/docs/doxygen-user/main.dox
index 0d9144240f..a95705d20e 100644
--- a/docs/doxygen-user/main.dox
+++ b/docs/doxygen-user/main.dox
@@ -52,6 +52,7 @@ The following topics are available here:
   - \subpage install_postgresql
   - \subpage install_solr
   - \subpage windows_authentication
+ - \subpage multiuser_sec_page
  - \subpage multiuser_page
 
 If the topic you need is not listed, refer to the <a href="http://wiki.sleuthkit.org/index.php?title=Autopsy_User%27s_Guide">Autopsy Wiki</a> or join the <a href="https://lists.sourceforge.net/lists/listinfo/sleuthkit-users">SleuthKit User List</a> at SourceForge.
diff --git a/docs/doxygen-user/multiuser-security.dox b/docs/doxygen-user/multiuser-security.dox
new file mode 100644
index 0000000000..f80a32356c
--- /dev/null
+++ b/docs/doxygen-user/multiuser-security.dox
@@ -0,0 +1,16 @@
+/*! \page multiuser_sec_page Multi-user Case Security
+
+\section mulit_sec_overview Overview
+This page outlines the security protections that exist in a multi-user case deployment so that you can protect sensitive data.  A multi-user deployment must be in a private network to ensure that only authorized users can access data.  Remote sites should connect to central services via a VPN. 
+
+- Central Storage: It is your responsibility to use folder-based permissions to restrict access to the case folder. A user must be able to read and write into the case folder to open a case via Autopsy.  It contains the Solr index, module output, logs, and reports. 
+- Central Database: PostgreSQL supports authentication via a login and password.  Each Autopsy client must be configured with a PostgreSQL username and password.  It is up to you to decide if there is a single username and password for the entire lab or if you will configure a new one for each client.  
+- Central Solr: Solr does not require a username or password to connect to it and query it.  There is an optional way to configure Solr to require them, but we have not tried that yet. 
+- Messaging Service: ActiveMQ can be configured to require a username and password.  Like the central database, it is up to you to decide on if there is a single username and password or one for each client. 
+
+Because the Solr server does not restrict access to the indexed content,
+you should depoly these services in a network that only authorized users
+have access to.  Future versions will allow for additional protection
+of sensitive data.
+
+*/