[Beowulf] iptaled
Leif Nixon
nixon at nsc.liu.se
Fri Sep 30 02:55:11 PDT 2005
Joe Landman <landman at scalableinformatics.com> writes:
> Putting each node in your cluster on the public net, significantly
> increases your security perimeter, increases the amount of monitoring
> you need to do, and should generally keep you awake at night. Even
> with IPtables and other tools, you are still more exposed than not.
>
> There may be a set of perfectly valid reasons to do this, but in the
> end you have to balance security (reducing exposure points to a
> controllable few) versus functionality.
There is a school of thought that claims a firewall is a security
SPOF, that it creates a false sense of security and encourages
laziness in keeping your systems patched, and that firewalls are, in
fact, evil and only should be used in the rarest of circumstances.
I don't fully agree, but I've been involved in enough heated arguments
with proponents of that view that I have come to respect some of their
arguments.
--
Leif Nixon - Systems expert
------------------------------------------------------------
National Supercomputer Centre - Linkoping University
------------------------------------------------------------
More information about the Beowulf
mailing list