🔐 ggRock Security

This article outlines the key security considerations you should take into account when planning to integrate ggRock into your infrastructure.

🧱 Infrastructure Exposure

There are two primary ways ggRock can potentially expose your environment:

1. Required network ports — These must be open for proper operation.
2. ggRock application access — If someone gains access to the UI or API backend, they could potentially misuse it.

🌐 Required Network Ports

Below is a list of ports required for a standard ggRock installation:

💡 Tip:

Refer to ggRock IPTABLES Firewall Configuration for guidance on securing your server with its built-in firewall.

🔁 Port Forwarding Consideration

When ggRock is used as the default gateway for client PCs, it will forward external traffic to your main LAN gateway. In this setup, any ports you intend to expose to the internet must also be opened in the local firewall.

🛡️ Recommended Network Mitigations

• Use an external VPN with IP whitelisting to control remote access to the network hosting ggRock.
• If remote access to the ggRock app is not required, limit access to LAN-only.

⚙️ ggRock Application Security

The ggRock application includes Linux and Python scripts, along with a C# .NET Core backend — all tightly integrated.

• All closed-source components (excluding ggrock-linux-configurator) are encrypted and obfuscated for both security and DRM purposes.
• Application access is protected by an Identity system with a single admin account gating all functionality.
• As of now, ggRock has no known or intended methods of remote code execution that could be used maliciously — even with administrative access.

🔐 Application Access Mitigations

• Follow password best practices for the ggRock administrator account.
• For server administration:

• Use a non-elevated user account whenever possible.
• Avoid sharing or using root credentials unless absolutely necessary.

Updated on: 10/12/2025