node
node copied to clipboard
mysteriumnetwork
Better security measures
Is your feature request related to a problem? Please describe. Hi, I'm a cybersecurity analyst, and is clear to me that this node security could be improved, so it's not necessarily Plug'n'Play. In particular, there are some security configurations that could be easily applied to improve security, monitoring, and help with traffic filtering. There is no way to integrate the node to a monitoring stack like grafana + Prometheus etc...
There should also be more configurability to "protect the world" from the node.
Maybe I'm wrong and I'm not seeing these solutions which may be already been implemented. But they are essential to make a node deployment viable to the general public (with a whitelist or not)
Describe the solution you'd like
- Wireguard configured by default to allow access only to the internet (allowedIPs directive)
- Triggering of FW rules filter common attacks from the node
- Predisposition of integration with an IPS/Content filter (again to cleanup node traffic)
- Better guidance on security in the official docs
- Grafana + Prometheus + Loki Stack integration
Of course, I am willing to help the team with that.
