[cgl_discussion] Security for internal messaging between different nodes of the cl uster?

Corey Minyard cminyard at mvista.com
Mon Feb 3 08:13:44 PST 2003


I depends on what you are building.

In my previous job, we were building a distributed HLR.  Our customers 
were worried about maintenance people and operators sniffing the network 
and stealing the (very valuable) authentication keys.  These things were 
going into third-world countries where the rules are very different.  So 
there were encrypted in storage and transport.

You could say "then they should encrypt them themselves". 
 Unfortunately, that's a subtle set of algorithms to get right.  I think 
the user should have the option of encrypting messages.  The cluster 
communication should do the key negotiation and such as necessary.

-Corey

Eric.Chacron at alcatel.fr wrote:

>Markan,
>
>I think we must secure the system against paranoia too.
>In another words i doesn't think internal cluster com. have to be
>encrypted, excepted if this has
>no significant performance cost.
>
>Eric
>
>
>
>
>"Makan Pourzandi (LMC)" <Makan.Pourzandi at ericsson.ca>@lists.osdl.org on
>01/31/2003 08:59:16 PM
>
>Sent by:  cgl_discussion-admin at lists.osdl.org
>
>
>To:   "Cgl_Discussion (E-mail)" <cgl_discussion at osdl.org>, "CGL Specs-sg
>      (E-mail)" <cgl_specs at osdl.org>
>cc:
>Subject:  [cgl_discussion] Security for internal messaging between
>      different nodes of the cl uster?
>
>
>
>
>Hi all,
>
>Context:
>We have a carrier-grade server that consists of multiple nodes with LAN
>between nodes (LAN has been chosen to simplify the discussion, the
>interconnection between nodes can be of any kind: Ethernet switches,
>fiber,...).
>
>Generally, one supposes that the server is in a trusted environment,
>(i.e.; the server is behind one or several firewalls, and is protected
>from intrusions). In reality, the spread of all viruses and Trojans
>shows that firewalls are not enough to secure the whole network
>(c.f. more precisely the propagation of viruses inside intranets of
>different companies despite that those intranets are behind
>firewalls).
>
>Question:
>1) Do we need to support any security mechanism for the internal messaging
>between different nodes inside the kernel?
>
>2) Do we need to support confidentiality or integrity for messages
>exchanged
>inside the cluster?
>
>Remark that the fact that we support this does not mean that we want to use
>them upon all messages exchanged. We can choose not to encrypt/authenticate
>all or part of messages when the cluster is heavily loaded to avoid loss in
>performances.
>
>Also, clearly not all communications must be protected, for example I don't
>believe that we need to protect heart beat messages.
>
> I personally believe that even if we do not support encrypted messaging
>inside
>the cluster at least we want to be able to guarantee integrity for some
>communications
>inside the cluster (for example, to be able to protect some
>requests/commands
>through the control panel).
>
>Any comments?
>
>Thank you,
>Makan
>
>
>
>
>_______________________________________________
>cgl_discussion mailing list
>cgl_discussion at lists.osdl.org
>http://lists.osdl.org/mailman/listinfo/cgl_discussion
>
>
>  
>





More information about the cgl_discussion mailing list