- Ssh must be reachable from the outside on all machines, as admins need to log as root (in the future, a single ssh-only machine may be reachable as an admin proxy in the LAN, and other ssh services not forwarded)
- Ssh must be reachable from the outside on all machines, as admins need to log as root (in the future, a single ssh-only machine may be reachable as an admin gateway to the LAN, and other ssh services not forwarded)
- All non-root users are assumed "public access", either for public missions or for open-source scripts
- Proxies (ssh rental mission) should not be located on the main LAN, as those may bypass the admin proxy... unless we overwrite the ssh binary to block inter-LAN access?
- All files restricted to root are assumed "critical data" by default
- Local libraries are considered unable to be secured against root elevation
- No server is added to an existing LAN until it is deemed secured, as such machine would provide an entrypoint into the LAN
