[Beowulf] Security issues

Robert G. Brown rgb at phy.duke.edu
Mon Oct 27 12:33:27 PDT 2008 

On Mon, 27 Oct 2008, Joe Landman wrote:

>> But if you build a good infrastructure jailing the users within one 
>> directory with access to files that do not affect the underlaing OS you 
>> will have better chance of leaving such attacks out of your systems.
>
> Well, there has been a discussion in the past about using chroot jails for 
> security.  My current understanding after following these threads a year or

Also to be remembered is that in most situations where one user exploits
another's account or takes another's data INSIDE an organization, the
best security tool is known as a "sucker rod".  Or a hammer.  Applied,
none too gently, to a user's fingers or the side of their head.

Or (if you are in one of this silly environments that frowns on actually
causing physical pain to users:-) you can use the "throwing them off of
the system, permanently, so hard that they bounce" which can have highly
deleterious effects on their ability to e.g. finish a dissertation.  Or
in a corporate environment, one can "fire them and prosecute".

There is therefore something of a difference between security at the
oh-so-hard outer layer, where one must repel the great unknown masses
intent on penetrating to the soft and chewy interior and with whom you
have no reasonable possibility of discovering them and applying
sanctions, and the security at the soft and chewy interior.  Most
clusters have damn-all by way of real security on the inside.  Security
costs cycles, and cycles are precious.  A sucker rod (or any of the less
violent but still painful "internal" sanctions) combined with vigilance
and a clearly expressed AUA can usually provide adequate internal
security in an environment where your office is down the hall from the
user's office, where the department chair and policy are on your side,
where you have clear ways to identify and punish misbehaving
individuals.

Once somebody sitting in some internet cafe in Germany and working
through three intermediary breakouts has made it through your hard outer
layer to userspace therein, then no matter how hard you try to protect
your systems you are in some trouble -- at least THAT user's account is
compromised from the beginning.  Preventing promotion and further
compromise in the time window before vigilance detects the intrusion
(one hopes), then starts costing something.  For some clusters, the data
is sufficiently precious that it is worth spending cycles and money to
protect it.  For others, it is not.  Either way, the systems management
staff is the "real" security system for any LAN or cluster -- the tools
they implement and their vigilance is the fundamental protection of the
users, their precious data (if any), and the resource itself.

A good systems manager is just a tiny notch this side of being a raving
paranoid.  Perhaps a "muttering" paranoid.  They only rave if they catch
you being bad, often carrying a sucker rod...:-)

    rgb

-- 
Robert G. Brown                            Phone(cell): 1-919-280-8443
Duke University Physics Dept, Box 90305
Durham, N.C. 27708-0305
Web: http://www.phy.duke.edu/~rgb
Book of Lilith Website: http://www.phy.duke.edu/~rgb/Lilith/Lilith.php
Lulu Bookstore: http://stores.lulu.com/store.php?fAcctID=877977

More information about the Beowulf mailing list