[cgl_discussion] Security for internal messaging between diff erent nodes of the cl uster?

Pradeep Kathail pkathail at cisco.com
Tue Feb 4 09:18:35 PST 2003


At 2/3/2003 11:19 AM -0800, Mika Kukkonen wrote:
>Maximum security and maximum performance are orthogonal goals, and I am
>all in favor of letting the distro's and their customers to decide which
>one they value more. 
>
>But the discussion below is quite academic: could you guys come up with
>a certain feature where this trade-off is an issue, and a decision by
>us is needed? 
>
>I mean that just saying that "internal network needs to be secured" does
>not tell anything how to do it; saying that each internal connection
>needs to be run over IPSec does, and clearly that requirement IMHO can
>not be a mandatory requirement, but ... "configurable" ;-)

I do not believe internal private networks needs to be secured. If these
networks are not directly connected to external network, what is the 
need to secure them? Any requirement to secure IPC communication must
be configurable. I do not want to give up any performance, when I know
my internal network can not be attacked...

Brgds.
Pradeep


>--MiKu
>
>On ma, 2003-02-03 at 09:57, Makan Pourzandi (LMC) wrote:
>> 
>> Hi Eric, 
>> 
>> I understand your point here, however, if we take into account the
>fast spread of SQL Slammer worm recently and the damages caused by it to
>the intranets/servers of different corporate companies (which are behind
>a set of different firewalls and supposedly in a secured environment),
>not to mention anything else, I believe perhaps this is not that much of
>paranoia. Don't forget that we do not ask for mandatory protection to be
>used for all internal communications, we ask here for "support" for such
>a protection to give the customr/operator/... the possibility of
>activating such a protection in case of need. It is important that the
>customr/operator can configure the desired security needed.  
>> 
>> Regards, 
>> Makan 
>> 
>> 
>> 
>> > -----Original Message-----
>> > From: Eric.Chacron at alcatel.fr [mailto:Eric.Chacron at alcatel.fr]
>> > Sent: Monday, February 03, 2003 10:37 AM
>> > To: Makan Pourzandi (LMC)
>> > Cc: Cgl_Discussion (E-mail); CGL Specs-sg (E-mail)
>> > Subject: Re: [cgl_discussion] Security for internal messaging between
>> > different nodes of the cl uster?
>> > 
>> > 
>> > 
>> > Markan,
>> > 
>> > I think we must secure the system against paranoia too.
>> > In another words i doesn't think internal cluster com. have to be
>> > encrypted, excepted if this has
>> > no significant performance cost.
>> > 
>> > Eric
>> > 
>> > 
>> > 
>> > 
>> > "Makan Pourzandi (LMC)" 
>> > <Makan.Pourzandi at ericsson.ca>@lists.osdl.org on
>> > 01/31/2003 08:59:16 PM
>> > 
>> > Sent by:  cgl_discussion-admin at lists.osdl.org
>> > 
>> > 
>> > To:   "Cgl_Discussion (E-mail)" <cgl_discussion at osdl.org>, 
>> > "CGL Specs-sg
>> >       (E-mail)" <cgl_specs at osdl.org>
>> > cc:
>> > Subject:  [cgl_discussion] Security for internal messaging between
>> >       different nodes of the cl uster?
>> > 
>> > 
>> > 
>> > 
>> > Hi all,
>> > 
>> > Context:
>> > We have a carrier-grade server that consists of multiple 
>> > nodes with LAN
>> > between nodes (LAN has been chosen to simplify the discussion, the
>> > interconnection between nodes can be of any kind: Ethernet switches,
>> > fiber,...).
>> > 
>> > Generally, one supposes that the server is in a trusted environment,
>> > (i.e.; the server is behind one or several firewalls, and is protected
>> > from intrusions). In reality, the spread of all viruses and Trojans
>> > shows that firewalls are not enough to secure the whole network
>> > (c.f. more precisely the propagation of viruses inside intranets of
>> > different companies despite that those intranets are behind
>> > firewalls).
>> > 
>> > Question:
>> > 1) Do we need to support any security mechanism for the 
>> > internal messaging
>> > between different nodes inside the kernel?
>> > 
>> > 2) Do we need to support confidentiality or integrity for messages
>> > exchanged
>> > inside the cluster?
>> > 
>> > Remark that the fact that we support this does not mean that 
>> > we want to use
>> > them upon all messages exchanged. We can choose not to 
>> > encrypt/authenticate
>> > all or part of messages when the cluster is heavily loaded to 
>> > avoid loss in
>> > performances.
>> > 
>> > Also, clearly not all communications must be protected, for 
>> > example I don't
>> > believe that we need to protect heart beat messages.
>> > 
>> >  I personally believe that even if we do not support 
>> > encrypted messaging
>> > inside
>> > the cluster at least we want to be able to guarantee 
>> > integrity for some
>> > communications
>> > inside the cluster (for example, to be able to protect some
>> > requests/commands
>> > through the control panel).
>> > 
>> > Any comments?
>> > 
>> > Thank you,
>> > Makan
>> > 
>> > 
>> > 
>> > 
>> _______________________________________________
>> cgl_discussion mailing list
>> cgl_discussion at lists.osdl.org
>> http://lists.osdl.org/mailman/listinfo/cgl_discussion
>-- 
>"Good ideas do not die, they just lie down and get recycled." -- me
>
>_______________________________________________
>cgl_discussion mailing list
>cgl_discussion at lists.osdl.org
>http://lists.osdl.org/mailman/listinfo/cgl_discussion 




More information about the cgl_discussion mailing list