Re: #fabric-questions Fabric Networking #fabric-questions


Nye Liu <nye@...>
 

If you plan on running a p2p node on the public internet, ideally it should be secured such that a firewall (other than possibly a simple port whitelist at the router) isn't needed.

If you believe a firewall is needed, put them all in a shared VPN or put each in a DMZ each with a public address and only allow the protocol ports (or ssh if you don't have a jump box in the DMZ). If you run a patchwork of NAT/forwarding hacks, you are inevitably going to run into DNS/TLS issues unless you are very careful.

In my experience, people generally overly rely on firewalls instead of addressing node security directly.

On 1/23/2020 10:24 AM, Cavell wrote:
Apologies for the confusion in my wording,

I accidentally used firewall instead of router. Since the nodes are in different locations, its hard to access them without port forwarding them. From an initial glance, it seems like to build the network, I'll need to port forward all the nodes and make the publicly accessible to deploy them in different locations. I'm concerned about the security risks of doing so since anyone can access the nodes so long as they have the public address and port number.

Thanks for the quick responses,
Cavell Teng

Join fabric@lists.hyperledger.org to automatically receive all group messages.