Comment 6 for bug 1524750

Hello Sergii, please let me clarify issue:
1. It is Fuel master only related (let's focus here on Fuel master node)
2. In solution proposal I tried to explain proposed approach with networks services exposure. Note that this issue report is about services exposure and please let's focus on this.
3. Of course I fully agree with reasoning mentioned by you (doesn't break deployment, component, is not LCM management related) but this issue is security related, not functionality related.
4. As this issue is security related and focused of unnecessary network exposure and risks associated with it, I'm concerned here about possible DOS attack vectors possible to exploit on Fuel master node.
5. For security threats taxonomy, industry uses CVSS rating. Fuel is no exception, for security assessments we should use CVSS as a measure of Fuel security standing.
6. According to CVSS rating this issue is at level 7.5 of CVSS base score (High) , https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7. Assessment input values (input vector):
- attack vector (AV): Network
- attack complexity (AC): Low
- privileges required (PR): None
- user interaction (UI): None
- scope (S): Unchanged
- confidentiality (C): None
- integrity (I): None
- availability (A): High
8. Proposed mitigation steps are focused on firewall refactoring, which would prevent unnecessary network exposure (limit scope of attack vector to adjacent networks) and limit CVSS rating to ratio of about 6.5 (medium), what I believe is acceptable for most of Fuel use cases.