[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Linux-cluster] Cluster Communications Security



On Wed, 2007-11-14 at 13:00 -0800, Scott Becker wrote:
> What's the general consensus of security risks of cman communications 
> over a public subnet?
> The faq only briefly mentions it.
> 
>     thanks
>     scottb
> 

Scottb,
the cluster communication for the most part is encrypted with SOBER128
and messages are authenticated with HMAC/SHA1.  There are some
theoretical weaknesses with SHA1 which is why the US government has
mandated the move away from the SHA1 hash algorithm.

I would recommend not placing the cluster communication on any type of
"external" network, however inside a firewall your data is fairly
secure.

By fairly, I mean that it would take some very determined people to
determine your shared key and they would have to be able to sniff the
network and know what kind of unencrypted packets were being sent.  This
would probably also require access to the local cluster.

All in all, I'd say if your worried about protecting your system from
expert hackers you are safe with the current system.  If you want to
protect against multimillion dollar government-sponsored attacks, there
is no solution for you at this time.

Regards
-steve
 
> --
> Linux-cluster mailing list
> Linux-cluster redhat com
> https://www.redhat.com/mailman/listinfo/linux-cluster


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]