Skip to main content

Security

Clearly, offering remote access to these old systems is problematic from a security perspective. There is no intention to negligently provide a service that lacks purpose or the capacity to protect the platform's users. Some measures have already been taken to provide a basic level of service protection through routing filters. For example, in a hub-and-spoke VPN, all traffic to and from remote sites must pass through the hub. The hub controls are made available to clients of the Torus VPN service to stop traffic flow between clients.

However, it is also clear that we could offer more technical solutions to enforce greater control over traffic flow and thereby improve participation.

Some ideas include:

  • Next-Gen Firewall
    • Offer higher levels of management and control
    • Deep Packet Inspection. Will require some subscription, SNORT, etc.
  • Jump Hosts (Bastion Hosts)
    • The bastion host would be a contemporary (e.g., Linux or BSD), hardened operating system. This would be provided solely for the client's use and would allow demarcation between the public internet and the private torus to the remote system(s).
  • Zero Trust Security Access
  • There are a bunch of options available, most of which cost money or time to support. Also see ZTNA.
Back to top