[cgl_discussion] Re: [cgl_specs] Security for internal messaging between different nodes of the cl uster?

Stefano Campadello stefano.campadello at nokia.com
Wed Feb 5 02:13:57 PST 2003


On Fri, 31 Jan 2003, ext Makan Pourzandi (LMC) wrote:

> Hi all,
>
> Context:
> We have a carrier-grade server that consists of multiple nodes with LAN
> between nodes (LAN has been chosen to simplify the discussion, the
> interconnection between nodes can be of any kind: Ethernet switches,
> fiber,...).
>
> Generally, one supposes that the server is in a trusted environment,
> (i.e.; the server is behind one or several firewalls, and is protected
> from intrusions). In reality, the spread of all viruses and Trojans
> shows that firewalls are not enough to secure the whole network
> (c.f. more precisely the propagation of viruses inside intranets of
> different companies despite that those intranets are behind
> firewalls).
>
>
> Question:
> 1) Do we need to support any security mechanism for the internal messaging
> between different nodes inside the kernel?
>
> 2) Do we need to support confidentiality or integrity for messages exchanged
> inside the cluster?

Giving the fact that any  mechanism used to secure internal messaging
would intact the performance of the system I would opt for a "no".
But this depends on what you mean with "security" and "internal
messaging". (intranet = cluster???)
I think we should have a meant to protect the "system" from external
attack like worms, but we have such tools in our req. Logs, signed
executable and so on.
I would like to stress the point that all this req should be
"configurable", so that it is left to the end user to decide the trade-off
between security and performance.

 Any comments?


Stefano

-- 
 ----------------------------------------------------------------
 Stefano Campadello        Phone:  +358 50 4837503
 Nokia Research Center     Fax:    +358 7180 36308
 P.O.Box 407               Email:  Stefano.Campadello at nokia.com
 FIN-00045 NOKIA GROUP     Office: Itmerenkatu 11-13,
 Finland                   FIN-00180, Helsinki, Finland
 ----------------------------------------------------------------






More information about the cgl_discussion mailing list