[Beowulf] iptaled

[Leif Nixon]

Joe Landman <landman at scalableinformatics.com> writes:

> Putting each node in your cluster on the public net, significantly
> increases your security perimeter, increases the amount of monitoring
> you need to do, and should generally keep you awake at night.  Even
> with IPtables and other tools, you are still more exposed than not.
>
> There may be a set of perfectly valid reasons to do this, but in the
> end you have to balance security (reducing exposure points to a
> controllable few) versus functionality.

There is a school of thought that claims a firewall is a security
SPOF, that it creates a false sense of security and encourages
laziness in keeping your systems patched, and that firewalls are, in
fact, evil and only should be used in the rarest of circumstances.

I don't fully agree, but I've been involved in enough heated arguments
with proponents of that view that I have come to respect some of their
arguments.

-- 
Leif Nixon                       -            Systems expert
------------------------------------------------------------
National Supercomputer Centre    -      Linkoping University
------------------------------------------------------------