Skip to content

Commit c42700d

Browse files
committed
[docs] Added "Security Hardening" to Roadmap
1 parent 671b09a commit c42700d

1 file changed

Lines changed: 16 additions & 0 deletions

File tree

general/roadmap-2030.rst

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -387,3 +387,19 @@ Mesh Networking
387387
during rollouts (e.g., coordinated radio channel adjustments).
388388
- **Dynamic Topology Mapping**: Utilize monitoring data from mesh
389389
interfaces to generate real-time topology maps of the active network.
390+
391+
Security Hardening
392+
------------------
393+
394+
- **Device Auto-Registration**: The current shared secret for new device
395+
registration is effective for small setups but lacks the granularity
396+
expected in enterprise environments. The goal is to research and adopt
397+
stronger authentication mechanisms comparable to those available in
398+
enterprise network management systems, reducing the risk of unauthorized
399+
hardware joining the network if a static secret is compromised.
400+
- **Passphrase-Protected SSH Keys**: To mitigate the risk of unauthorized
401+
use of SSH keys stored within the system, OpenWISP will explore
402+
passphrase-based or comparable approaches. The goal is to ensure that,
403+
even if a key file is accessed, it remains protected by an additional
404+
credential or equivalent safeguard, adding another layer of protection
405+
for remote device management.

0 commit comments

Comments
 (0)