Ask Your Question
0

Networking in Trove. Security question

asked 2017-03-14 14:10:23 -0500

gunph1ld gravatar image

Hello,

I use Trove on my test environment and some things look very insecurely for me. The base trove schema requires access to the MQ service from guest instances, that means the network allocated to guest instances (let's call it the trove network) should has access to the management network (where the MQ servers placed), but in order to allocate a network port on the trove network a client need to have access to this network. The question is — what does prevent (or can prevent) users to create an instance (not a trove guest, but just a common compute instance) in the same trove network and get access to the management network (at least to the MQ service). It’s not a problem for trove guests, because clients don’t have SSH access to trove guests. Seems, nothing does and any clients can just allocate instances on the trove network and get access to the MQ service (next, ddos is a possible security violation at least) I found the config option trove_managed_net_id in the Trove wiki, but there are no mentions how to use it and I can not find any terminations of those options in the trove code (newton release)

Thanks.

edit retag flag offensive close merge delete

1 answer

Sort by » oldest newest most voted
0

answered 2017-06-28 05:48:39 -0500

amrith gravatar image

would you please restate your question. Is this an issue about security in trove because you have port 22 open? Closing port 22 would seem like the obvious answer, but I'm not sure I'm fully understanding your question.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2017-03-14 14:10:23 -0500

Seen: 95 times

Last updated: Jun 28 '17