{"id":151306,"date":"2024-02-15T17:00:26","date_gmt":"2024-02-15T17:00:26","guid":{"rendered":"https:\/\/bas-ip.com\/security-policy\/"},"modified":"2025-11-28T11:37:04","modified_gmt":"2025-11-28T11:37:04","slug":"security-policy","status":"publish","type":"page","link":"https:\/\/bas-ip.com\/lv\/security-policy\/","title":{"rendered":"Dro\u0161\u012bbas politika"},"content":{"rendered":"<h1 class=\"wp-block-heading\">Ievainojam\u012bbu atkl\u0101\u0161anas politika<\/h1>\n\n\n\n<h1 class=\"wp-block-heading\">Visp\u0101r\u012bga inform\u0101cija<\/h1>\n\n\n\n<p>BAS-IP iev\u0113ro nozares vado\u0161\u0101s prakses, p\u0101rvaldot un rea\u0123\u0113jot uz m\u016bsu produktos atkl\u0101taj\u0101m dro\u0161\u012bbas ievainojam\u012bb\u0101m. Nav iesp\u0113jams garant\u0113t, ka m\u016bsu uz\u0146\u0113muma nodro\u0161in\u0101tie produkti un pakalpojumi ir piln\u012bb\u0101 br\u012bvi no ievainojam\u012bb\u0101m. T\u0101 nav unik\u0101la iez\u012bme, bet gan kop\u012bgs nosac\u012bjums vis\u0101m programmat\u016br\u0101m un pakalpojumiem, ta\u010du m\u0113s varam garant\u0113t, ka visos izstr\u0101des posmos m\u0113s cent\u012bsimies identific\u0113t un nov\u0113rst potenci\u0101l\u0101s ievainojam\u012bbas, t\u0101d\u0113j\u0101di samazinot risku, kas saist\u012bts ar BAS-IP produktu un pakalpojumu ievie\u0161anu klientu vid\u0113s.<\/p>\n\n\n\n<p>BAS-IP atz\u012bst, ka da\u017eiem standarta t\u012bkla protokoliem un pakalpojumiem var b\u016bt iedzimti tr\u016bkumi, kurus var izmantot. Lai gan BAS-IP nav atbild\u012bgs par \u0161iem protokoliem un pakalpojumiem, m\u0113s sniedzam ieteikumus risku mazin\u0101\u0161anai, kas saist\u012bti ar BAS-IP produktiem, programmat\u016bru un pakalpojumiem, <a href=\"https:\/\/basip.atlassian.net\/wiki\/spaces\/HP\/pages\/5046705\/The+practice+of+building+IP+intercom+systems\" target=\"_blank\" rel=\"noopener\">da\u017e\u0101du vadl\u012bniju veid\u0101<\/a>.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Ko Sedz Politika<\/h1>\n\n\n\n<p>\u0160aj\u0101 dokument\u0101 aprakst\u012bt\u0101 ievainojam\u012bbu p\u0101rvald\u012bbas politika attiecas uz visiem BAS-IP z\u012bmola produktiem, programmat\u016bru un pakalpojumiem.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Ko Politika Nesedz<\/h1>\n\n\n\n<p>Da\u017eas ievainojam\u012bbas nesedz BAS-IP ievainojam\u012bbu p\u0101rvald\u012bbas politika. L\u016bdzu, nes\u016btiet uz <a href=\"mailto:security@bas-ip.com\">security@bas-ip.com<\/a> ievainojam\u012bbu zi\u0146ojumus, kurus nesedz ievainojam\u012bbu p\u0101rvald\u012bbas politika:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Ievainojam\u012bbas, kas prasa <strong>augstas privil\u0113\u0123ijas<\/strong> un\/vai <strong>soci\u0101lo in\u017eenieriju<\/strong>, kuras tiek iedarbin\u0101tas\/izpild\u012btas ar <em>root<\/em>\/administratora piek\u013cuvi un\/vai prasa <strong>kompleksu<\/strong> lietot\u0101ja mijiedarb\u012bbu<\/li>\n\n\n\n<li><strong>Apak\u0161dom\u0113na p\u0101r\u0146em\u0161ana<\/strong> (<em>Subdomain takeover<\/em>), piem\u0113ram, kontroles ieg\u016b\u0161ana p\u0101r mezglu, kas nor\u0101da uz pa\u0161laik neizmantotu pakalpojumu<\/li>\n\n\n\n<li><strong>Nepareizas lietot\u0101ja konfigur\u0101cijas<\/strong>, kuras var nov\u0113rst, iev\u0113rojot BAS-IP vadl\u012bnijas<\/li>\n\n\n\n<li>Ievainojam\u012bbas satur\u0101 vai lietojumprogramm\u0101s, ko rad\u012bju\u0161i <strong>tre\u0161o pu\u0161u lietot\u0101ji vai partneri<\/strong>, piem\u0113ram, lietojumprogramm\u0101s, kuras var lejupiel\u0101d\u0113t un palaist BAS-IP ier\u012bc\u0113s<\/li>\n\n\n\n<li><strong>Cross-Site Request Forgery (CSRF)<\/strong> vai <strong>Cross-Site Scripting (XSS)<\/strong> ievainojam\u012bbas, kas apm\u0101na lietot\u0101ju, lai tas apmekl\u0113tu \u013caunpr\u0101t\u012bgu vietni vai noklik\u0161\u0137in\u0101tu uz mask\u0113tas saites, piek\u013c\u016bstot BAS-IP ier\u012b\u010du t\u012bmek\u013ca saskarnei<\/li>\n\n\n\n<li><strong>Tre\u0161o pu\u0161u atv\u0113rt\u0101 koda ievainojam\u012bbas<\/strong>, kas re\u0123istr\u0113tas ar CVE identifikatoru un atrodas BAS-IP produktos, programmat\u016br\u0101 vai pakalpojumos izmantotaj\u0101s programmat\u016bras komponent\u0113s vai pakotn\u0113s. \u0160\u0101du programmat\u016bras komponentu bie\u017ei sastopami piem\u0113ri ir Linux kodols, OpenSSL, AOSP un citi<\/li>\n\n\n\n<li><strong>HTTP(S) dro\u0161\u012bbas virsrakstu tr\u016bkums<\/strong>, piem\u0113ram, X-Frame-Options<\/li>\n\n\n\n<li>Ievainojam\u012bbu zi\u0146ojumi, ko \u0123ener\u0113ju\u0161i <strong>tre\u0161o pu\u0161u t\u012bkla dro\u0161\u012bbas skeneri<\/strong><\/li>\n\n\n\n<li><strong>Neatbalst\u012bti<\/strong> produkti\/programmat\u016bra\/pakalpojumi<\/li>\n\n\n\n<li><strong>T\u012bkla pakalpojumu atteikuma (DoS vai DDoS)<\/strong> testi vai citi testi, kas trauc\u0113 piek\u013cuvi sist\u0113mai vai datiem vai rada tiem kait\u0113jumu<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">Saist\u012bbas<\/h1>\n\n\n\n<p>BAS-IP augstu v\u0113rt\u0113 un atbalsta p\u0113tnieku centienus identific\u0113t un zi\u0146ot par ievainojam\u012bb\u0101m BAS-IP produktos, programmat\u016br\u0101 un pakalpojumos. Iev\u0113rojot atbild\u012bgas atkl\u0101\u0161anas procesu, BAS-IP produktu dro\u0161\u012bbas komanda, cik vien iesp\u0113jams, iev\u0113ros p\u0113tnieku intereses, izmantojot savstarp\u0113ju sadarb\u012bbu un p\u0101rredzam\u012bbu vis\u0101 atkl\u0101\u0161anas proces\u0101.<\/p>\n\n\n\n<p>BAS-IP Uz\u0146\u0113mums sagaida, ka p\u0113tnieki <strong>neizpaud\u012bs ievainojam\u012bbas l\u012bdz 90 dienu perioda beig\u0101m vai abpus\u0113ji saska\u0146otam datumam<\/strong> un veiks ievainojam\u012bbu izp\u0113ti <strong>likumu robe\u017e\u0101s<\/strong>, neradot kait\u0113jumu, neizpau\u017eot konfidencialit\u0101ti vai neapdraudot BAS-IP Uz\u0146\u0113muma, t\u0101 partneru un klientu dro\u0161\u012bbu.<\/p>\n\n\n\n<h1 class=\"wp-block-heading\">Ievainojam\u012bbu p\u0101rvald\u012bba<\/h1>\n\n\n\n<p>BAS-IP Uz\u0146\u0113mums nov\u0113rt\u0113 ievainojam\u012bbas, izmantojot labi zin\u0101mo <a href=\"https:\/\/www.first.org\/cvss\/calculator\/3-1\" target=\"_blank\" rel=\"noopener\"><strong>CVSS<\/strong> v\u0113rt\u0113\u0161anas sist\u0113mu<\/a>.<\/p>\n\n\n\n<p>Attiec\u012bb\u0101 uz atv\u0113rt\u0101 koda komponentu ievainojam\u012bb\u0101m, BAS-IP var nov\u0113rt\u0113t ievainojam\u012bbu atkar\u012bb\u0101 no t\u0101s noz\u012bm\u012bguma kontekst\u0101, k\u0101 BAS-IP iesaka ieviest savus produktus, programmat\u016bru un pakalpojumus. Dro\u0161\u012bbas konsult\u0101cijas parasti tiek sniegtas tikai BAS-IP specifisk\u0101m ievainojam\u012bb\u0101m.<\/p>\n\n\n\n<p><strong>Priorit\u0101tes sadal\u012bjums<\/strong>, ja ievainojam\u012bba ir nov\u0113rt\u0113ta un tai j\u0101veic nov\u0113r\u0161ana:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>CVSS 3.1 high\/critical (7.0 &#8211; 10.0)<\/strong><br>BAS-IP cen\u0161as nov\u0113rst ievainojam\u012bbu pirms \u0101r\u0113j\u0101s atkl\u0101\u0161anas vai <strong>4 ned\u0113\u013cu laik\u0101<\/strong> p\u0113c t\u0101s. Atv\u0113rt\u0101 koda komponent\u0113m termi\u0146\u0161 parasti ir ilg\u0101ks, jo BAS-IP ir atkar\u012bgs no \u0101r\u0113j\u0101m pus\u0113m inform\u0101cijas, labojumu un\/vai p\u0101rbaudes zi\u0146\u0101<\/li>\n\n\n\n<li><strong>CVSS 3.1 medium (4.0 &#8211; 6.9)<\/strong><br>BAS-IP m\u0113r\u0137is ir nov\u0113rst ievainojam\u012bbu, parasti <strong>2-3 m\u0113ne\u0161u laik\u0101<\/strong><\/li>\n\n\n\n<li><strong>CVSS 3.1 low (0.1 &#8211; 3.9)<\/strong><br>BAS-IP pl\u0101no nov\u0113rst ievainojam\u012bbu <strong>n\u0101kamaj\u0101 pl\u0101notaj\u0101 laidien\u0101<\/strong><\/li>\n\n\n\n<li>Atbalst\u012bt\u0101 programmat\u016bra\/pakalpojumi<br>BAS-IP programmat\u016bras\/pakalpojumu atbalsta posms tiek noteikts visp\u0101r\u0113j\u0101 programmat\u016bras dz\u012bves cikla proces\u0101. BAS-IP programmat\u016bra\/pakalpojumi parasti tiek atbalst\u012bti <strong>1 gadu p\u0113c <em>end-of-life<\/em><\/strong> (dz\u012bves cikla beigu) pazi\u0146ojuma.<\/li>\n<\/ul>\n\n\n\n<h1 class=\"wp-block-heading\">Zi\u0146o\u0161ana par ievainojam\u012bbu<\/h1>\n\n\n\n<p>BAS-IP past\u0101v\u012bgi str\u0101d\u0101, lai identific\u0113tu un mazin\u0101tu riskus, kas saist\u012bti ar ievainojam\u012bb\u0101m m\u016bsu produktos. Tom\u0113r, ja esat atkl\u0101jis dro\u0161\u012bbas sist\u0113mas ievainojam\u012bbu, kas saist\u012bta ar BAS-IP produktu, programmat\u016bru vai pakalpojumu, m\u0113s stingri iesak\u0101m <strong>nekav\u0113joties<\/strong> zi\u0146ot par probl\u0113mu. Savlaic\u012bga zi\u0146o\u0161ana par dro\u0161\u012bbas sist\u0113mas ievainojam\u012bb\u0101m ir \u013coti svar\u012bga, lai samazin\u0101tu to praktiskas izmanto\u0161anas iesp\u0113jam\u012bbu. Par dro\u0161\u012bbas ievainojam\u012bb\u0101m, kas saist\u012btas ar atv\u0113rt\u0101 koda programmat\u016bras komponent\u0113m, j\u0101zi\u0146o tie\u0161i atbild\u012bgajai organiz\u0101cijai.<\/p>\n\n\n\n<p>Gala lietot\u0101ji, partneri, pieg\u0101d\u0101t\u0101ji, nozares grupas un neatkar\u012bgi p\u0113tnieki, kuri ir atkl\u0101ju\u0161i potenci\u0101lu ievainojam\u012bbu, tiek aicin\u0101ti zi\u0146ot par saviem atkl\u0101jumiem uz <strong><a href=\"mailto:security@bas-ip.com\">security@bas-ip.com<\/a><\/strong> vai aizpildot <strong><a href=\"https:\/\/docs.google.com\/forms\/d\/e\/1FAIpQLSdetHDUfdt0Fxk9ctY1-XWJARmQA_2-wBeXVbX2fnweQasVAA\/viewform\" target=\"_blank\" rel=\"noopener\">anon\u012bmu veidlapu<\/a><\/strong>.<\/p>\n\n\n\n<p>Iesniegtaj\u0101 zi\u0146ojum\u0101 j\u0101iek\u013cauj:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Tehnisk\u0101 inform\u0101cija par potenci\u0101lo ievainojam\u012bbu<\/li>\n\n\n\n<li>Reproduc\u0113\u0161anas so\u013ci<\/li>\n\n\n\n<li>Aptuven\u0101 ietekme un nopietn\u012bba izmanto\u0161anas gad\u012bjum\u0101 saska\u0146\u0101 ar CVSS 3.1<\/li>\n\n\n\n<li>Pa\u0161a p\u0113tnieka ievainojam\u012bbu atkl\u0101\u0161anas politika, ja t\u0101da ir<\/li>\n<\/ul>\n\n\n\n<p>J\u016bs varat sagaid\u012bt no BAS-IP Uz\u0146\u0113muma:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Laiks l\u012bdz pirmajai atbildei \u2014 <strong>3 darba dienu<\/strong> laik\u0101 p\u0113c s\u0101kotn\u0113j\u0101 zi\u0146ojuma sa\u0146em\u0161anas<\/li>\n\n\n\n<li>Apstr\u0101des laiks (no pirm\u0101s atbildes sa\u0146em\u0161anas br\u012b\u017ea) \u2014 <strong>10 darba dienu<\/strong> laik\u0101<\/li>\n\n\n\n<li>M\u0113s b\u016bsim p\u0113c iesp\u0113jas p\u0101rredzam\u0101ki par so\u013ciem, ko veicam nov\u0113r\u0161anas proces\u0101, ieskaitot jaut\u0101jumus un probl\u0113mas, kas var aizkav\u0113t risin\u0101jumu<\/li>\n\n\n\n<li>M\u0113s uztur\u0113sim atkl\u0101tu dialogu, lai apspriestu jaut\u0101jumus<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">levainojam\u012bbas atkl\u0101\u0161ana<\/h2>\n\n\n\n<p>Kad zi\u0146ojums par atkl\u0101to ievainojam\u012bbu ir p\u0101rbaud\u012bts un apstiprin\u0101ts k\u0101 patiess, BAS-IP uzs\u0101k <strong>atbild\u012bgas atkl\u0101\u0161anas<\/strong> procesu. BAS-IP cen\u0161as sadarboties ar p\u0113tnieku par turpm\u0101k\u0101m deta\u013c\u0101m, piem\u0113ram, CVSS 3.1 nov\u0113rt\u0113jumu, dro\u0161\u012bbas ieteikumu saturu un\/vai preses rel\u012bz\u0113m (ja attiecin\u0101ms), un \u0101r\u0113j\u0101s atkl\u0101\u0161anas datumu.<\/p>\n\n\n\n<p>P\u0113c vieno\u0161an\u0101s starp BAS-IP Uz\u0146\u0113mumu un p\u0113tnieku, ievainojam\u012bba tiks atkl\u0101ta \u0101r\u0113jiem m\u0113r\u0137iem, BAS-IP Uz\u0146\u0113mumam public\u0113jot dro\u0161\u012bbas ieteikumus un\/vai preses rel\u012bzi.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Dokumenta izmai\u0146u v\u0113sture<\/h2>\n\n\n\n<figure class=\"wp-block-table\"><table><tbody><tr><th>Versija<\/th><th>Datums<\/th><th>Apraksts<\/th><\/tr><tr><td>1.0<\/td><td>15.02.2024<\/td><td>Pirm\u0101 versija<\/td><\/tr><\/tbody><\/table><\/figure>","protected":false},"excerpt":{"rendered":"<p>Ievainojam\u012bbu atkl\u0101\u0161anas politika Visp\u0101r\u012bga inform\u0101cija BAS-IP iev\u0113ro nozares vado\u0161\u0101s prakses, p\u0101rvaldot un rea\u0123\u0113jot uz m\u016bsu produktos atkl\u0101taj\u0101m dro\u0161\u012bbas ievainojam\u012bb\u0101m. Nav iesp\u0113jams garant\u0113t, ka m\u016bsu uz\u0146\u0113muma nodro\u0161in\u0101tie produkti un pakalpojumi ir piln\u012bb\u0101 br\u012bvi no ievainojam\u012bb\u0101m. T\u0101 nav unik\u0101la iez\u012bme, bet gan kop\u012bgs nosac\u012bjums vis\u0101m programmat\u016br\u0101m un pakalpojumiem, ta\u010du m\u0113s varam garant\u0113t, ka visos izstr\u0101des posmos m\u0113s [&hellip;]<\/p>","protected":false},"author":1,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"inline_featured_image":false,"footnotes":""},"class_list":["post-151306","page","type-page","status-publish","hentry"],"acf":[],"_links":{"self":[{"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/pages\/151306","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/comments?post=151306"}],"version-history":[{"count":5,"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/pages\/151306\/revisions"}],"predecessor-version":[{"id":151391,"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/pages\/151306\/revisions\/151391"}],"wp:attachment":[{"href":"https:\/\/bas-ip.com\/lv\/wp-json\/wp\/v2\/media?parent=151306"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}