Security

[egeldenhuys]

Disclaimer Note: I wear a tinfoil hat and keep my GPG secret keys on a Yubikey.

Would you protect your SSH server with a password? Not if you wear a tinfoil hat. You would only allow public key authentication.

Access to Docks and the ability to bind mount is equivalent to root access to every node in the swarm. Access to Docks should be seen as more valuable as SSH access, therefore it should be protected as such.

Possible Attacks

• Brute Force
• Admin password is stolen
• CSRF (Mitigated by storing JWT in local storage)
• MITM (Mitigated by HTTPS)

Possible Solutions

• Integrate with fail2ban to block brute force attempts
• Two Factor Authentication
• Public/Private key authentication
• Less convenience

[egeldenhuys]

2FA

• speakeasy - Two-factor authentication for Node.js. One-time passcode generator (HOTP/TOTP) with support for Google Authenticator.
• u2f - U2F Authentication for Node.js

Brute Force Attack Mitigation

• fail2ban
  • Developing Filters
  • How Fail2Ban Works to Protect Services on a Linux Server

[egeldenhuys]

In regards to fail2ban, we will at least generate a well defined log to be used by fail2ban.

[devosray]

I have played around with the speakeasy library and it seems very simple and intuitive to use. Implementing 2FA would be a great bonus to the security of the project. Might want to consider making 2FA mandatory for any role that has write permissions.