File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change @@ -387,3 +387,19 @@ Mesh Networking
387387 during rollouts (e.g., coordinated radio channel adjustments).
388388- **Dynamic Topology Mapping **: Utilize monitoring data from mesh
389389 interfaces to generate real-time topology maps of the active network.
390+
391+ Security Hardening
392+ ------------------
393+
394+ - **Device Auto-Registration **: The current shared secret for new device
395+ registration is effective for small setups but lacks the granularity
396+ expected in enterprise environments. The goal is to research and adopt
397+ stronger authentication mechanisms comparable to those available in
398+ enterprise network management systems, reducing the risk of unauthorized
399+ hardware joining the network if a static secret is compromised.
400+ - **Passphrase-Protected SSH Keys **: To mitigate the risk of unauthorized
401+ use of SSH keys stored within the system, OpenWISP will explore
402+ passphrase-based or comparable approaches. The goal is to ensure that,
403+ even if a key file is accessed, it remains protected by an additional
404+ credential or equivalent safeguard, adding another layer of protection
405+ for remote device management.
You can’t perform that action at this time.
0 commit comments