Security wizard

[Tbaile]

Due to NIS requirements and to embrace the secure by design, the need for a initial wizard that guides the user to setup the security-oriented features is needed.

Requirements should be of the following:

1. Allow initial login with default password
2. Change root password (generated one is better)
3. SSH configuration (password auth and port open to WAN)
4. UI configuration (wan access disabled by default, disable access from 443)
5. Log storage configuration

The wizard must:

• be skippable (by either "skip" button with a GIGANTIC warning) or by us dev from UCI
• UI should redirect after login immediately in case wizard hasn't been completed (route hooks)

[cotosso]

To ensure the user is fully aware and able to manage everything with the highest level of security, it is important to include some key messages in the wizard.

On the first screen, provide some basic information and guidance:

• This wizard is the first step in configuring NethSecurity and will help you set up a more secure initial configuration.

• We recommend running this wizard at the very first startup of NethSecurity, preferably with the device disconnected from the internet.

• If you suspect that someone else may have accessed the firewall, we strongly advise performing a factory reset before running the wizard again.

About the UI configuration:
4. UI configuration (wan access disabled by default, disable access from 443)

We can recommend to disable all WAN access on ports 443 and 9090, and later setting up access based on ACLs on Firewall Rules section.
Also remember that it's possible to access the system from the controller (if it's being used) without needing to open any ports.
However a checkbox option could be useful to select single port access.