Skip to content

fix: expand network-security primer (closes #55)#479

Open
frameworks-volunteer wants to merge 1 commit intosecurity-alliance:developfrom
frameworks-volunteer:fix/issue-55-network-security-primer
Open

fix: expand network-security primer (closes #55)#479
frameworks-volunteer wants to merge 1 commit intosecurity-alliance:developfrom
frameworks-volunteer:fix/issue-55-network-security-primer

Conversation

@frameworks-volunteer
Copy link
Copy Markdown
Collaborator

@frameworks-volunteer frameworks-volunteer commented May 5, 2026

Summary

Expands the existing infrastructure/network-security.mdx from a thin 9-bullet list into a proper primer following the repo template structure. The page now covers:

  • Default-deny ingress with explicit allow-lists
  • Network segmentation (public/internal/management zones)
  • Firewalls and IDS/IPS (cloud-native + custom)
  • VPNs for remote access (infrastructure use, cross-referencing privacy VPN)
  • Encrypted transit (TLS, mTLS, DoH/DoT)
  • ACLs with least-privilege
  • Audits and monitoring cadence
  • Real Web3 incident examples (Curve, Galxe)
  • Common pitfalls with specific remediation
  • Quick-reference cheat sheet table

Architecture decision: keep Network under Infrastructure

On the question from @mattaereal about a separate Network domain: the current structure already places DDoS, DNS, and network security under Infrastructure, which is where they belong. A separate top-level "Network Security" category would duplicate content and fragment the reader's journey (DDoS is both a network and an infrastructure concern; DNS is both network and domain management).

Instead, this PR expands the existing infrastructure/network-security.mdx into a proper hub that cross-references:

  • DDoS Protection → /infrastructure/ddos-protection
  • DNS & Domain Security → /infrastructure/domain-and-dns-security/overview
  • Cloud hardening → /infrastructure/cloud
  • Zero-Trust → /infrastructure/zero-trust-principles
  • Privacy VPN → /privacy/vpn-services

The VPN content in privacy/ covers the individual privacy use case (hiding metadata, choosing providers, public Wi-Fi). The network-security page covers the infrastructure use case (VPN gateways for team access to management plane). These are distinct concerns that naturally live in different frameworks, with cross-references connecting them.

Closes #55

@frameworks-volunteer frameworks-volunteer mentioned this pull request May 5, 2026
Open
@github-actions
Copy link
Copy Markdown

github-actions Bot commented May 5, 2026
edited
Loading

built with Refined Cloudflare Pages Action

⚡ Cloudflare Pages Deployment

Name Status Preview Last Commit
frameworks ✅ Ready (View Log) Visit Preview 2639e06

@scode2277 scode2277 added the content:add This issue or PR adds content or suggests to label May 6, 2026
@mattaereal mattaereal self-requested a review May 7, 2026 22:01
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@scode2277 scode2277 scode2277 approved these changes

@mattaereal mattaereal Awaiting requested review from mattaereal

Assignees

No one assigned

Labels

content:add This issue or PR adds content or suggests to

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Content(add): new Network Security Framework

2 participants

@frameworks-volunteer @scode2277