[Openstack-security] Reg: Security concern
Clark, Robert Graham
robert.clark at hp.com
Tue May 28 11:17:28 UTC 2013
Swift, like many OpenStack products is reasonably secure at the edge (providing sensible deployment decisions are made) but much more vulnerable internally. A malicious attacker inside of your production network can attack a number of weak points in the architecture.
In many places security can be improved at the cost of performance, a good example being internal SSL between hosts. The hardening guide (being worked on this June) will address these pain points and provide guidance on secure deployment.
-Rob
From: Andrew finley <stackerandrew at gmail.com<mailto:stackerandrew at gmail.com>>
Date: Monday, 27 May 2013 12:37
To: "prometheanfire at gentoo.org<mailto:prometheanfire at gentoo.org>" <prometheanfire at gentoo.org<mailto:prometheanfire at gentoo.org>>
Cc: "openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>" <openstack-security at lists.openstack.org<mailto:openstack-security at lists.openstack.org>>
Subject: Re: [Openstack-security] Reg: Security concern
so you mean to say, i need to use a ssl tunnel to connect to swift while uploading content? do you have any example setups to test this? or any online documents to use ssl with swift?
On Mon, May 27, 2013 at 1:39 PM, Matthew Thode <prometheanfire at gentoo.org<mailto:prometheanfire at gentoo.org>> wrote:
On 05/27/13 02:43, Andrew finley wrote:
> Hi There,
>
> I've been working with nova, glance and keystone for past one year and
> now i want to look into swift to implement in production level, which
> raises a question about security concern with openstack where i found this
> group. So how secure is swift as of now, i've been reading mailing lists
> and disussions about man-in-middle attack can be performed, any suggestions?
>
> Regards,
> Andrew.
>
>
>
> _______________________________________________
> Openstack-security mailing list
> Openstack-security at lists.openstack.org<mailto:Openstack-security at lists.openstack.org>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
>
I don't know of any security concerns with swift, maybe a mitm can
happen if you don't use ssl, but I don't know of anything otherwise.
--
-- Matthew Thode (prometheanfire)
_______________________________________________
Openstack-security mailing list
Openstack-security at lists.openstack.org<mailto:Openstack-security at lists.openstack.org>
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-security
More information about the Openstack-security
mailing list