Advanced Setup: Installing the Forensic OSINT Backend in a Secure Organization

This guide provides advanced instructions for setting up the Forensic OSINT backend in environments with strict security policies. It is designed for organizations that need to install the backend within their internal network while ensuring secure communication between the backend and frontend (Chrome Extension).

Prerequisites

• Internal Network: The backend should be installed on an internal network server that is not exposed to the public internet.
• Firewall Access: You will need to configure your firewall to allow communication between the Chrome Extension (frontend) and the backend.
• Static IP or Internal Domain: It’s recommended to assign a static IP address or internal domain name to the backend server for consistent access within the organization.

Configuring the Backend for Secure Access

For organizations with strict security policies, the backend must be installed on a server that is part of your internal network. This ensures that sensitive data and captures are stored securely and only accessible within the organization's trusted network.

The Chrome Extension, which operates on computers with internet access, will need to communicate with the backend. Here’s how to ensure secure communication:

1. Firewall Configuration

To allow the Chrome Extension to communicate with the backend server, you must configure your firewall to allow traffic between the frontend (Chrome Extension) and the backend server. Ensure the following:

• Open the required port for the backend (default is 65200) on the server where the backend is installed.
• Restrict traffic to only allow requests from trusted internal IP addresses or the specific devices where the Chrome Extension is installed.
• Use SSL/TLS encryption to secure communication between the frontend and backend (this is highly recommended to prevent man-in-the-middle attacks). Refer to the SSL Setup Guide for more details on enabling HTTPS for the backend.

2. Assign a Static IP or Internal Domain

To simplify access to the backend within your network, assign a static IP address or configure an internal domain name for the backend server. This ensures that all users accessing the backend via the Chrome Extension have a reliable connection without needing to update the IP address frequently.

• Static IP Address: Ensure the backend server is assigned a static IP within your internal network. This IP should be configured in your Chrome Extension settings.
• Internal Domain Name: If your organization uses internal DNS, set up an internal domain (e.g., backend.organization.local) that maps to the backend server’s IP address. This can simplify the connection for multiple users.

3. Updating the Chrome Extension Settings

Once the backend server is set up and secured, you will need to update the Chrome Extension settings on each user's machine to point to the correct backend URL. Follow these steps:

• Open the Chrome Extension.
• Go to Settings.
• Update the Backend URL to point to the static IP or internal domain name of the backend server. For example:

  http://backend.organization.local:65200

• Ensure SSL is enabled if HTTPS is used:

  https://backend.organization.local:65200

Security Best Practices

To ensure the security of the backend and frontend communication, follow these best practices:

• Enable SSL/TLS: Use SSL/TLS to encrypt communication between the Chrome Extension and the backend server. This protects data in transit and prevents eavesdropping.
• Limit Access to Trusted IPs: Restrict access to the backend server by only allowing traffic from trusted internal IP addresses or devices.
• Regular Audits: Perform regular audits of your network and firewall configurations to ensure no unauthorized access is allowed.
• Keep Software Updated: Regularly update both Docker and the backend software to ensure that you are protected against the latest security vulnerabilities.

Conclusion

Installing the Forensic OSINT backend in a secure organizational environment ensures that your data remains protected while allowing the Chrome Extension to access the backend for syncing captures. By configuring your firewall, using a static IP or internal domain, and enabling SSL, you can ensure secure and efficient communication between the frontend and backend.