Uploaded image for project: 'Indy Node'
  1. Indy Node
  2. INDY-1254

Document use of firewall to deal with DDoS attacks

    XMLWordPrintable

Details

    • Story
    • Status: Complete
    • Medium
    • Resolution: Done
    • None
    • None
    • None
    • None

    Description

      Story
      As an administrator of an Indy Node, I want to understand policies around firewall usage to minimize network risk to DDoS attacks.

      Acceptance Criteria

      • Administrator documentation exists for configuring IPTables on Linux as a firewall protecting both node network inferfaces
      • The documentation explains how to specifically protect the NIC used for communication between network nodes, restricting communication to whitelisted addresses.
      • The documentation explains how to quickly blacklist an IP address on either NIC.

      Notes

      • We estimate that half of the stewards on the Sovrin network use IPTables as their firewall.
      • The stewards that do not use IPTables appear to use a range of commercial firewall packages, and be educated in their use to conform with network steward guidelines. Therefore, examples with IPTables are sufficient to guide these admins.
      • We evaluated other tools as firewall proxy, and decided not to include them in the recommendations at this time:
      • This documentation does not need to account for Observer Rings, but can be adapted for that use case when they are part of the network.
      • The documentation needs to comply with the Sovrin Network guidelines for stewards:
        • As the first implementation of an Indy network, the Sovrin Network Guidelines are a useful guide for how our tool should work.
        • Mandates usage of two NICs, (INDY-1249, INDY-1282)
        • Mandates usage of a firewall,
        • Provides specific targets for how long it should take for an IP address to be blacklisted or whitelisted.

      Attachments

        Issue Links

          Activity

            People

              sergey-shilov Sergey Shilov
              ashcherbakov Alexander Shcherbakov
              Alexander Shcherbakov, Richard Esplin
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: