| 2017-02-02 15:09:14 |
james beedy |
bug |
|
|
added bug |
| 2017-02-02 15:09:14 |
james beedy |
attachment added |
|
Screen Shot 2017-02-02 at 7.07.58 AM.png https://bugs.launchpad.net/bugs/1661275/+attachment/4812110/+files/Screen%20Shot%202017-02-02%20at%207.07.58%20AM.png |
|
| 2017-02-02 15:10:48 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure by default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying these by reverting any manual changes I may make, so I can't lock down my instances if I wanted to (which I do).
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure by default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:11:08 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure by default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:23:14 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but possibly we could only open port 22 to the security group the controller is in by default, and make having it open to the world a model config?
Would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:23:52 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but possibly we could only open port 22 to the security group the controller is in by default, and make having it open to the world a model config?
Would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but possibly we could only open port 22 on the instance to the security group the controller is in by default, and make having 22 open to the world a model config?
Would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:26:45 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
1. Why are there default security group rules for the model?
2. Why does my instance get these rules applied?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but possibly we could only open port 22 on the instance to the security group the controller is in by default, and make having 22 open to the world a model config?
Would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:27:54 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model.
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open. Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed, but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:28:06 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed, but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do), and I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed, but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:30:48 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed, but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed (but even 22 isn't always needed from 0.0.0.0/0), but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:31:09 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed (but even 22 isn't always needed from 0.0.0.0/0), but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed (22 isn't always needed from 0.0.0.0/0), but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:31:24 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed (22 isn't always needed from 0.0.0.0/0), but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed (22 isn't always accessed from 0.0.0.0/0), but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 15:33:03 |
james beedy |
description |
I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed (22 isn't always accessed from 0.0.0.0/0), but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
Following a recent security group audit, I'm catching a lot of flack due to the ports being exposed by default on my Juju deployed instances. Can we work toward finding a more secure default implementation here?
It seems my instances inherit the default security group rules for the model. I understand why port 22 is needed (22 isn't always accessed from 0.0.0.0/0), but why 17070?
See attached screen shot of the ports that are opened by default on my instance, ports that have no rhyme or reason to be open(17070). Whats worse, Juju prevents me from modifying/removing these rules by reverting any manual changes I may make. I can't lock down my instances if I wanted to (which I do). I feel this is a scary thing to force upon anyone.
Not sure what the best approach is for this, but would appreciate some consideration and/or feedback.
Thanks |
|
| 2017-02-02 18:31:08 |
Sandor Zeestraten |
bug |
|
|
added subscriber Sandor Zeestraten |
| 2017-02-03 04:23:39 |
Anastasia |
marked as duplicate |
|
1420996 |
|
