search

gravitl / netmaker

Netmaker makes networks with WireGuard. Netmaker automates fast, secure, and distributed virtual networks.
https://netmaker.io
Other
9.52k stars 552 forks source link

[Feature]: Secure Management Dashboard with Management VPN #1706

Closed kwinsch closed 2 years ago

kwinsch commented 2 years ago

What happened?

My simple IDS started to detected a break in attempt on the management dashboard. The password is probably to complex, but I do not like the idea anyway to have a web interface, with potential bugs exposed, to the public internet. It is known, that up to 80% of the security problems resides in the web app.

Since netmaker is anyway able to manage WireGuard, why not create the possibility to create a fixed, static management VPN endpoint for pure dashboard access. This would eliminate at least one possible attack vector.

Version

v0.16.1

What OS are you using?

Linux

Relevant log output

No response

Contributing guidelines

mattkasun commented 2 years ago

Instructions for securing the netmaker dashboard:

kwinsch commented 2 years ago

That still does not solve the problem, if you have no public IP or fixed IP subnet range. Simple firewall rules do not work for most scenarios where the manager is located in various offices, which are connected with one or multiple and potential changing up-links or like in our case with LTE if he is on the road.