Network Security Improvements #291

New Issue

mik-tf · 2024-09-30T16:55:11Z

mik-tf commented

2024-09-30 16:55:11 +00:00

Situation

We address the network issues
- local network
  - by design we set access to private network from 3node (for troubleshooting reasons)
  - update: we remove it
    - no GEP needed for this change
external network
- we set restrictions of network to increase security
- public IPs passes by gateway
- we set allowed-list
- specs
  - gold certified farmers
    - in DC environment
      - feature off by default, mandatory
  - standard farmers
    - feature on by default, optional (can opt out)

Specs

GEP for network
- internal network
  - not subject to governance
    - we just implement the security update
- external network
  - subject to governance
    - gold certified farmers
      - in DC environment
        
        feature off by default, mandatory
    - standard farmers
      - feature on by default, optional (can opt out)
- tech/dev side
  - being worked on, will be there soon

Timeline

Goal: between October 7-14, we do the following:

External network
- GEP token-based passes
- We create GEP draft
- We confirm with engineering circle that it can be implemented (allowed-list, etc.)
- We create a GEP
Internal network
- We implement it as soon as it is possible technically (no GEP needed)

# Situation - We address the network issues - local network - by design we set access to private network from 3node (for troubleshooting reasons) - update: we remove it - no GEP needed for this change - external network - we set restrictions of network to increase security - public IPs passes by gateway - we set allowed-list - specs - gold certified farmers - in DC environment - feature off by default, mandatory - standard farmers - feature on by default, optional (can opt out) # Specs - GEP for network - internal network - not subject to governance - we just implement the security update - external network - subject to governance - gold certified farmers - in DC environment - feature off by default, mandatory - standard farmers - feature on by default, optional (can opt out) - tech/dev side - being worked on, will be there soon # Timeline Goal: between October 7-14, we do the following: - External network - GEP token-based passes - We create GEP draft - We confirm with engineering circle that it can be implemented (allowed-list, etc.) - We create a GEP - Internal network - We implement it as soon as it is possible technically (no GEP needed)

mik-tf added this to the Sep 30 – Oct 13 project 2024-09-30 16:55:11 +00:00

mik-tf referenced this issue from tfgrid/circle_engineering

2024-09-30 17:02:43 +00:00

restricted network traffic on zos #98

mik-tf referenced this issue

2024-10-01 01:00:11 +00:00

TF Protection against cyber threats #225

gosam modified the project from Sep 30 – Oct 13 to Oct 14 – Oct 27

2024-10-14 10:10:05 +00:00

gosam commented

2024-10-25 15:40:01 +00:00

@scott @mik-tf What is the status here?

mik-tf commented

2024-10-27 15:56:40 +00:00

Update

The changes needed for 3.15 do not require a GEP. Closing for now
In 3.16 we will make a GEP for the allowed-list, when it is clearly defined.

# Update - The changes needed for 3.15 do not require a GEP. Closing for now - In 3.16 we will make a GEP for the allowed-list, when it is clearly defined.

mik-tf closed this issue

2024-10-27 15:56:40 +00:00

Sign in to join this conversation.