Description
NethSecurity already supports personal administrative accounts, MFA, administrative access logs, configuration change logs, visited UI pages tracking, and log forwarding.
The goal is to introduce a minimal separation between root and ordinary administrators.
Expected behavior
root is the only account allowed to create, remove, or modify administrative users.
- Ordinary administrators can manage the firewall but cannot manage other administrators.
- Administrator management restrictions must be enforced by backend/API checks, not only in the UI.
- When an administrator is removed or disabled, all active sessions for that user must be revoked immediately.
- Access to the SSH section in the UI must be restricted to
root.
- The UI must warn when default credentials are still in use.
- Denied administrator management attempts must be logged (already present)
* The setup wizard must include passphrase configuration.
To be evaluated again in the future
* The UI must warn when the passphrase hasn't been configured.
Already present
* The setup wizard must include the creation of an ordinary admin
To be evaluated again in the future
- The UI must warn if there are no ordinary admins configured
Suggested sub-issues
- Restrict administrator management to
root.
- Revoke active sessions when an administrator is removed or disabled.
- Restrict SSH access to
root.
- Add warning for default password usage.
- Add warning for missing ordinary admin
Components
NethSecurity 8.8.0.
Description
NethSecurity already supports personal administrative accounts, MFA, administrative access logs, configuration change logs, visited UI pages tracking, and log forwarding.
The goal is to introduce a minimal separation between
rootand ordinary administrators.Expected behavior
rootis the only account allowed to create, remove, or modify administrative users.root.* The setup wizard must include passphrase configuration.To be evaluated again in the future
* The UI must warn when the passphrase hasn't been configured.Already present
* The setup wizard must include the creation of an ordinary adminTo be evaluated again in the future
Suggested sub-issues
root.root.Components
NethSecurity 8.8.0.