[secops] Initial problem statement
Doug Kingston
dpk at randomnotes.org
Wed Feb 15 23:33:41 PST 2023
I am guessing that we will want some form of overlay admin network
potentially using VLANS and VPN access of some form?
I have been working recently to get OpenVPN up and running with various
client platforms to Mikrotik routers with some success.
-Doug-
On Sun, Feb 12, 2023 at 4:03 PM Bart Kus <me at bartk.us> wrote:
> Hello,
>
> I'd like to kick off discussion about HamWAN security with a relatively
> high level problem statement.
>
> We need to limit access to our control infrastructure (routers,
> switches, modems, hypervisors, iLOs, etc) while still allowing easy
> reliable access for amateur administrators to control that
> infrastructure. We also need to support the case of a person on a tower
> with a cell phone being able to easily login it to a modem to get
> real-time signal readings for dish alignment.
>
> The current network is mostly a single flat OSPF routing domain. We
> have a couple peering points, and some IPsec tunnels. Our routers are
> mostly RouterOS flavor, which supports a pretty wide set of
> capabilities. We may want to look at switching the edge routers to VyOS
> though.
>
> What general high level design would be useful in keeping access easy,
> while moving the control points out of public reach?
>
> --Bart
>
> _______________________________________________
> SecOps mailing list
> SecOps at hamwan.org
> http://mail01.fmt.hamwan.net/mailman/listinfo/secops
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail01.fmt.hamwan.net/pipermail/secops/attachments/20230215/8ca57c95/attachment.html>
More information about the SecOps
mailing list