Skip to content

Security

Haris is presented as a secure system because the security model is layered. It does not depend on one control.

Transport Protection

Traffic is expected to move over an encrypted Tailscale tunnel so internal services are not exposed directly to the public internet.

The platform continues collecting and buffering locally during connectivity loss, then synchronizes once a trusted path returns.

Physical Compromise Awareness

Physical compromise is part of the threat model. Deployment notes, enclosure controls, tamper assumptions, and hardened services reduce the blast radius if the device is touched.

Operational Controls

  • Restricted exposed services
  • Fail-closed firewall assumptions
  • Health monitoring for the node itself
  • Reproducible deployment with infrastructure as code