mysteriumnetwork / node

Mysterium Network Node - official implementation of distributed VPN network (dVPN) protocol
https://mysterium.network
GNU General Public License v3.0
1.11k stars 313 forks source link

Better security measures #4737

Open steccas opened 2 years ago

steccas commented 2 years ago

Is your feature request related to a problem? Please describe. Hi, I'm a cybersecurity analyst, and is clear to me that this node security could be improved, so it's not necessarily Plug'n'Play. In particular, there are some security configurations that could be easily applied to improve security, monitoring, and help with traffic filtering. There is no way to integrate the node to a monitoring stack like grafana + Prometheus etc...

There should also be more configurability to "protect the world" from the node.

Maybe I'm wrong and I'm not seeing these solutions which may be already been implemented. But they are essential to make a node deployment viable to the general public (with a whitelist or not)

Describe the solution you'd like

Of course, I am willing to help the team with that.

adinetech commented 2 years ago

Wireguard is already configured by default to allow access only to the internet, consumers can't access your local network.

steccas commented 2 years ago

Hi! @adinetech, yes but is the firewall that does this. Wireguard is configured with allowedIPs 0.0.0.0/0

I was wondering that a more restrictive setting there could be an added layer of security, just in case.