This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/

[atlas] Anchor VM security

Previous message (by thread): [atlas] Anchor VM security
Next message (by thread): [atlas] Letsencrypt certificates on anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Robert Kisteleki robert at ripe.net
Thu Dec 12 13:27:05 CET 2019

On 2019-12-10 21:52, Rami Al-Dalky wrote:
> Hi,
> 
> If someone is planning to host a VM anchor, what are the security
> measures that RIPE Atlas can provide? For example, protecting the VM
> from being compromised by an attacker.
> 
> Any information about this is highly appreciated because the plan is
> host several anchors.
> 
> Thanks,
> Rami

Hello,

There's no single best answer to this question.

The operations team behind anchors are keeping the machinery updated
with all the latest patches, just like you'd do with any
Internet-connected server. We consider it very important when we manage
these machines. They also provide very limited services (e.g. DNS and
HTTP(S)).

On the other hand the very reason for installing an anchor is to make it
reachable (be measured) and to reach other hosts (to measure) so forms
of firewalling are counterproductive to the purpose. When in doubt, we
recommend placing these "just outside your firewall".

Regards,
Robert

Previous message (by thread): [atlas] Anchor VM security
Next message (by thread): [atlas] Letsencrypt certificates on anchors

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

[ ripe-atlas Archives ]