[Commotion-admin] [commotion-router] Separate mesh-accessible node web interface from control-plane network. (#83)
Josh King
notifications at github.com
Fri Jan 10 17:18:05 UTC 2014
Currently, there is a single backhaul IP network that both carries control-plane traffic (commotion-service-manager traffic, OLSRd, Serval) and hosts the web interface for the nodes. Therefore, it's currently necessary to provide access to it for the client interfaces. We should evaluate the downsides of either:
* removing access to it from the client network, or
* separating control-plane traffic into a separate IP subnet
This is only of concern for meshes with attached host/client networks, as any full node will implicitly have access to the control-plane anyway. But it's still a way to potentially limit some of our attack surface.
Derived from audit issue iSEC-COMMO13-11
---
Reply to this email directly or view it on GitHub:
https://github.com/opentechinstitute/commotion-router/issues/83
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.chambana.net/pipermail/commotion-admin/attachments/20140110/cd585a10/attachment.html>
More information about the Commotion-admin
mailing list