Network security

List of most to least secure ways of connecting to the Noodle service:

  1. On a network not (even indirectly) connected to the internet.
    • online features will necessarily not work;
      • email
      • upgrade button
      • unsplash
      • auto ssh
      • etc
  2. On a network only indirectly connected to the internet.
  3. On a public network with a firewall or NAT port forwarding blocking all but one port.
  4. On a public network.

Public network security options:

  • HTTPS
  • DNS CAA records
  • HTTP headers (content-security-policy, strict-transport-security, etc)
  • White list
  • Auto blacklisting enabled.
  • "Session Security Level" to 4 (prevent session hijacking).
  • IWA or 2 factor authentication.
  • "Minimum password length" to 8 (make password guessing harder).
  • Encrypted VPN or ssh tunnel.
  • Anonymity networks like tor can be used, optionally with ssl or ssh (in practice will prevent anyone, including governments, from knowing what server a user is talking to).