Project

General

Profile

Actions

Feature #3453

closed

Management GUI (lighttpd) interface binding control

Added by Ted Lum almost 11 years ago. Updated over 8 years ago.

Status:
Duplicate
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
Start date:
02/15/2014
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:

Description

Add configuration option to allow/prevent lighttpd from binding to certain interfaces.

In a highly secure environment it's especially important to control access to the configuration mechanisms for the security devices themselves. It is therefor highly undesirable to allow such configuration mechanisms to be exposed to the open, public, side of a security device. Further, it is highly desirable to make this access control "intrinsically safe" given the grave consequences.

While it is currently possible to control the lighttpd port binding - security by obscurity - and through the use of filter rules, this is not intrinsically safe. Rule misconfiguration and crashed 3rd party modules can result in the inadvertent and unintended exposure of a security sensitive mechanism.

I would suggest either adding a list of interfaces that lighttpd would explicitly bind to, or possibly add a check box to the interface detail page that determines if that interface should have the management binding or not. Further, I would default the management interface binding to the LAN interface only, so that a system administrator needs to explicitly and knowingly expose management on other interfaces. It would also be necessary to make provisions for access through VPN tunnels since from the outside it would be desirable to tunnel into the device to access management rather than exposing management directly. I would rather tunnel into another device on the network that has access to the network management segment but that's personal preference.

Actions

Also available in: Atom PDF