[Linux-cluster] Cluster Communications Security
Steven Dake
sdake at redhat.com
Thu Nov 15 20:25:25 UTC 2007
On Wed, 2007-11-14 at 13:00 -0800, Scott Becker wrote:
> What's the general consensus of security risks of cman communications
> over a public subnet?
> The faq only briefly mentions it.
>
> thanks
> scottb
>
Scottb,
the cluster communication for the most part is encrypted with SOBER128
and messages are authenticated with HMAC/SHA1. There are some
theoretical weaknesses with SHA1 which is why the US government has
mandated the move away from the SHA1 hash algorithm.
I would recommend not placing the cluster communication on any type of
"external" network, however inside a firewall your data is fairly
secure.
By fairly, I mean that it would take some very determined people to
determine your shared key and they would have to be able to sniff the
network and know what kind of unencrypted packets were being sent. This
would probably also require access to the local cluster.
All in all, I'd say if your worried about protecting your system from
expert hackers you are safe with the current system. If you want to
protect against multimillion dollar government-sponsored attacks, there
is no solution for you at this time.
Regards
-steve
> --
> Linux-cluster mailing list
> Linux-cluster at redhat.com
> https://www.redhat.com/mailman/listinfo/linux-cluster
More information about the Linux-cluster
mailing list