On Wed, 2007-11-14 at 13:00 -0800, Scott Becker wrote: > What's the general consensus of security risks of cman communications > over a public subnet? > The faq only briefly mentions it. > > thanks > scottb > Scottb, the cluster communication for the most part is encrypted with SOBER128 and messages are authenticated with HMAC/SHA1. There are some theoretical weaknesses with SHA1 which is why the US government has mandated the move away from the SHA1 hash algorithm. I would recommend not placing the cluster communication on any type of "external" network, however inside a firewall your data is fairly secure. By fairly, I mean that it would take some very determined people to determine your shared key and they would have to be able to sniff the network and know what kind of unencrypted packets were being sent. This would probably also require access to the local cluster. All in all, I'd say if your worried about protecting your system from expert hackers you are safe with the current system. If you want to protect against multimillion dollar government-sponsored attacks, there is no solution for you at this time. Regards -steve > -- > Linux-cluster mailing list > Linux-cluster@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/linux-cluster -- Linux-cluster mailing list Linux-cluster@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/linux-cluster
