[ClusterLabs] Antw: [EXT] Question regarding the security of corosync

Ulrich Windl Ulrich.Windl at rz.uni-regensburg.de
Wed Jun 22 01:59:09 EDT 2022


>>> Mario Freytag <m.freytag at webinc.eu> schrieb am 17.06.2022 um 11:39 in
Nachricht
<FR0P281MB16924707DEDCF096A3FA6B1DE9AF9 at FR0P281MB1692.DEUP281.PROD.OUTLOOK.COM>:

> Dear sirs, or madams,
> 
> I’d like to ask about the security of corosync. We’re using a Proxmox HA 
> setup in our testing environment and need to confirm it’s compliance with
PCI 
> guidelines.
> 
> We have a few questions:
> 
> Is the communication encrypted?
> What method of encryption is used?
> What method of authentication is used?
> What is the recommended way of separation for the corosync network? VLAN?

The answer you probably do not expect is this:
Assume the communication is safely encrypted, but a third party can interrupt
communication, is the system safe then?
In that light probably any system using the Internet as transport is not safe,
so you can set up your private connections (which should be private per
definition ;-))

Regards,
Ulrich


> 
> Best regards
> 
> Mario Freytag
> Systemadministrator | WEBINC GmbH & Co. KG
> 
> ​Unter den Eichen 5 Geb. F | 65195 Wiesbaden | T +49 611 541075 0
> Amtsgericht Wiesbaden | HRA 9610 | Geschäftsführung: Marina Maurer, Monika 
> Brandes





More information about the Users mailing list