Needs attention:
Revisit the firewall rules on router to prevent leakage channels. Absolute minimum set of services should be allowed from testbed -> users/boss/etc.
Control net separation
Primary goals are to allow vetted users to access the malware safely and prevent unauthorized users from gaining access.
Some belt-and-suspenders support to prevent leakage is to export NFS shares read-only:
The archive is 60 GB (in two 30 GB archives). We will receive approximately 1 GB per day in updates. In light of the size, we will store it on scratch.
It will be exported using SMB in a password-protected share.
Updates occur over SSH. We need to provide GA tech with a key.
How will we annotate the experiment file to let the testbed know this needs special treatment (i.e., read-only mounts, copy encryption key/token to box)?