Profile cover photo
Profile photo
Seth Nygard
160 followers -
I am unique ... just like everyone else ...
I am unique ... just like everyone else ...

160 followers
About
Posts

Private Port(s) ...

I spent the weekend debating on how to, and even if I should, address this subject. There has been a clear history within the community of shooting the messenger but regardless I decided that I do need to say something.

How do I handle this thing called Private Port in my OpenSimulator grid?

Well it turns out this is rather poorly documented, no surprise there, and there are a few things to take into consideration before deciding what to do.

I won't go into details of what this port is used for but the first hint can be found here in the definition of private (as defined in Webster's Dictionary)
1a : intended for or restricted to the use of a particular person, group, or class <a private park>

Note: Depending on the grid setup there can be more than one port to be considered to a Private Port.

So how does this relate to OpenSimulator?

1. If you are an open connect grid such as OSGrid, Metro, etc then there is little you can do and this Private Port becomes in essence publicly available so it is Private only in name but not actual use.

2. If you are a grid where you control all the simulators then this Private Port should be accessible ONLY by YOUR simulator servers and NOTHING else.

3. If you are a grid that allows select people to connect their own simulators then you need to additionally allow access to your Private Port(s) by ONLY those SPECIFIC servers in addition to YOUR own.

How do I make a Private Port actually private?

Well this is left up to you and it is assumed that you have the necessary skills to keep it private while also ensuring proper functionality within OpenSimulator.

The short answer and most effective way will be to implement strict firewall rules that fits your specific use condition(s) and network topology. This of course adds some extra complexity and assumes a greater knowledge of what to do.

If someone comes along and tells you that you need to open up the Private Port(s) for any reason other than adding simulators that YOU control then you need to very carefully consider all the implications.

I will not name any grids, but I did a quick survey of grids, some of which are large and even a few closed grids as well. Out of 34 girds I checked only 7 had taken any visible measures to keep their Private Port actually private. I did not include any known open-connect grids in this survey.

I don't know, and will not speculate as to why 80% of the grids appear to have failed to take adequate measures. I will however say that when this Private Port is not actually private then inventory and assets are not as well protected as you may think.

To all the grid owners, managers, hosting providers, and people doing any consulting out there, please do your due diligence when setting things up. Your residents and/or clients, rely on you to do what you can to help protect them. Just because one gird may not have protected their Private Port(s) does not mean that it is not important or that you don't need to protect yours.

If you are relying on people simply not finding such a possible vulnerability then you will be in for a rather nasty surprise sooner or later. History has proven repeatedly that security by obscurity never works.

For anyone that wonders what really happens in a git merge;
https://www.youtube.com/watch?v=N8mYThDVvKM

Post has shared content

Happy Thanksgiving to all our friends in the USA.

Post has shared content
How electronics are really made
Unbelievable, what?
And these guys are getting smaller and smaller!
šŸ˜€
Via +Flavia Gritaā€‹
#Figurines
Photo

Post has shared content

Post has shared content
Something to think about when you look at the nice cheap device. Although many expensive ones share the same issues.

Post has shared content
This is so true!

Post has shared content
I totally agree with this man !
Photo

Post has attachment
Wait while more posts are being loaded