[cgl_discussion] Security for internal messaging between diff erent nodes of the cl uster?

Makan Pourzandi (LMC) Makan.Pourzandi at ericsson.ca
Mon Feb 3 09:57:02 PST 2003


Hi Eric, 

I understand your point here, however, if we take into account the fast spread of SQL Slammer worm recently and the damages caused by it to the intranets/servers of different corporate companies (which are behind a set of different firewalls and supposedly in a secured environment), not to mention anything else, I believe perhaps this is not that much of paranoia. Don't forget that we do not ask for mandatory protection to be used for all internal communications, we ask here for "support" for such a protection to give the customr/operator/... the possibility of activating such a protection in case of need. It is important that the customr/operator can configure the desired security needed.  

Regards, 
Makan 



> -----Original Message-----
> From: Eric.Chacron at alcatel.fr [mailto:Eric.Chacron at alcatel.fr]
> Sent: Monday, February 03, 2003 10:37 AM
> To: Makan Pourzandi (LMC)
> Cc: Cgl_Discussion (E-mail); CGL Specs-sg (E-mail)
> Subject: Re: [cgl_discussion] Security for internal messaging between
> different nodes of the cl uster?
> 
> 
> 
> Markan,
> 
> I think we must secure the system against paranoia too.
> In another words i doesn't think internal cluster com. have to be
> encrypted, excepted if this has
> no significant performance cost.
> 
> Eric
> 
> 
> 
> 
> "Makan Pourzandi (LMC)" 
> <Makan.Pourzandi at ericsson.ca>@lists.osdl.org on
> 01/31/2003 08:59:16 PM
> 
> Sent by:  cgl_discussion-admin at lists.osdl.org
> 
> 
> To:   "Cgl_Discussion (E-mail)" <cgl_discussion at osdl.org>, 
> "CGL Specs-sg
>       (E-mail)" <cgl_specs at osdl.org>
> cc:
> Subject:  [cgl_discussion] Security for internal messaging between
>       different nodes of the cl uster?
> 
> 
> 
> 
> Hi all,
> 
> Context:
> We have a carrier-grade server that consists of multiple 
> nodes with LAN
> between nodes (LAN has been chosen to simplify the discussion, the
> interconnection between nodes can be of any kind: Ethernet switches,
> fiber,...).
> 
> Generally, one supposes that the server is in a trusted environment,
> (i.e.; the server is behind one or several firewalls, and is protected
> from intrusions). In reality, the spread of all viruses and Trojans
> shows that firewalls are not enough to secure the whole network
> (c.f. more precisely the propagation of viruses inside intranets of
> different companies despite that those intranets are behind
> firewalls).
> 
> Question:
> 1) Do we need to support any security mechanism for the 
> internal messaging
> between different nodes inside the kernel?
> 
> 2) Do we need to support confidentiality or integrity for messages
> exchanged
> inside the cluster?
> 
> Remark that the fact that we support this does not mean that 
> we want to use
> them upon all messages exchanged. We can choose not to 
> encrypt/authenticate
> all or part of messages when the cluster is heavily loaded to 
> avoid loss in
> performances.
> 
> Also, clearly not all communications must be protected, for 
> example I don't
> believe that we need to protect heart beat messages.
> 
>  I personally believe that even if we do not support 
> encrypted messaging
> inside
> the cluster at least we want to be able to guarantee 
> integrity for some
> communications
> inside the cluster (for example, to be able to protect some
> requests/commands
> through the control panel).
> 
> Any comments?
> 
> Thank you,
> Makan
> 
> 
> 
> 



More information about the cgl_discussion mailing list