GEP: Restricted Network Traffic #103

Open
opened 2024-10-07 12:59:19 +00:00 by mik-tf · 1 comment
Owner

Situation

  • We need to increase security on network traffic

Specs

  • default whitelisted outgoing web traffic which means VM's can only go to whitelisted services (https) and web domains (can be with filter e.g. *.ubuntu.com), this to make sure people cannot use our VM's for e.g. hacking
    • can be turned off by farmer)
    • not turned on for certified farms
  • the whitelists for outgoing traffic come from a github repo which is signed by us, this gets reloaded every hour

TODO

  • Check if feasible to do, if it is then:
  • The comms circle will make
    • forum post discussing this to community
    • write GEP to be passed
  • Then ops can create the GEP
  • Once the GEP is passed, we can implement it

References

  • Main issue with tech aspect: #98
# Situation - We need to increase security on network traffic # Specs - default whitelisted outgoing web traffic which means VM's can only go to whitelisted services (https) and web domains (can be with filter e.g. *.ubuntu.com), this to make sure people cannot use our VM's for e.g. hacking - can be turned off by farmer) - not turned on for certified farms - the whitelists for outgoing traffic come from a github repo which is signed by us, this gets reloaded every hour # TODO - Check if feasible to do, if it is then: - The comms circle will make - forum post discussing this to community - write GEP to be passed - Then ops can create the GEP - Once the GEP is passed, we can implement it # References - Main issue with tech aspect: https://git.ourworld.tf/tfgrid/circle_engineering/issues/98
mik-tf added the
Story
label 2024-10-07 12:59:19 +00:00
mik-tf added this to the tfgrid_3_15 project 2024-10-07 12:59:19 +00:00
mik-tf modified the project from tfgrid_3_15 to tfgrid_3_17 2024-10-24 14:30:55 +00:00
Author
Owner

Update

# Update - Moved this issue along with this one (https://git.ourworld.tf/tfgrid/circle_engineering/issues/98#issuecomment-9128) to 3.16
Sign in to join this conversation.
No Milestone
No project
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: tfgrid/circle_engineering#103
No description provided.