search

UOS-RZ / deterrers

The automateD nETwork pERimeter thREat pRevention System (DETERRERS) is a tool for decentral network administration. It automates workflows at the network perimeter, e.g., automatic scanning for vulnerabilities and automatic configuration of perimter firewall policies.
BSD 3-Clause "New" or "Revised" License
2 stars 2 forks source link

Meaning of Selection #19

Open lkiesow opened 1 year ago

lkiesow commented 1 year ago

It is unclear what profiles and selections mean. By default, an empty value is selected. I assume this means that everything will be blocked? Why not explicitly state “Everything Blocked”?

95631a60-2545-4ec7-b46c-a12dc99411c5

But even if you select something, it is unclear what these options mean. What does the profile HTTP actually do? I assume it allows TCP port 80 but blocks everything else? Or does it also allow TCP port 443? Not knowing helps neither security nor does it help when you look for issues.

Worse still, what does “Multipurpose” mean? All TCP and UDP ports open?

5a906d36-b0ae-4410-abe4-993cd093c27c

It is nice to have profiles for the most common settings, but it would be far better if you could still edit the resulting settings.

Also, instead of trying to build combined profiles, make them additive so that you can simply select “SSH”, “HTTP” and “HTTPS” to build a combined profile.

tibroc commented 1 year ago

While this is usability wise important, refactoring in the sense of #12 would be more helpful for us