5.7 Remote Command Execution

Previous page
Table of content
Next page

Internet is like setting up one or more new departmental LANs. We have already made some minor references to security, but will discuss it now in more detail.
Linux workstations and Beowulf clusters are not inherently more insecure than other computers. Any computer attached to a network has the potential to be broken into. Even if you take measures to restrict access to a computer as tightly as possible, software running on it may have exploitable bugs that can grant unauthorized access to the system. The only way to maintain a secure network is to keep abreast of the latest CERT advisories5 and take some basic preventative measures. Several Beowulf systems have been victimized by crackers6 cracker in ways that could have been prevented by paying a little bit of attention to security issues.
6.5.1 System Configuration
How you defend your Beowulf from  attack will depend on what system  access model you choose. The universally accessible machine is the most vulnerable, while the stand-alone machine is the most secure, as it is not attached to an external network. But few Beowulfs are stand-alone machines. The guarded Beowulf is the most practical configuration to defend, because its only entry points are its worldly nodes. It is possible to focus on implementing security measures for only the worldly nodes, and allow the internal nodes to completely trust each other. Even though it is possible for an intruder to gain access to the internal nodes once a worldly node is compromised, it is not necessary to completely secure the internal nodes. They can easily be recreated through cloning and generally do not store any sensitive persistent data. Despite the security advantages presented by the guarded Beowulf access model, other needs may demand the implementation of a universally accessible machine. For such a configuration, you have to secure each individual node, since each one constitutes an external access point.
6.5.2 IP Masquerading
Network Address Translation,7 commonly referred to as NAT, is a technique devised for reusing IP addresses as a stopgap measure to slow the depletion of the IPv4 address space. NAT permits IP address reuse by allowing multiple networks to use
5CERT is the Computer Emergency Response Team, run by Carnegie Mellon's Software Engineering Institute. CERT posts regular bulletins reporting the latest Internet security vulnerabilities at http://www.cert.org/.
6Cracker is the accepted term among computer programmers for a rogue hacker who tries to gain unauthorized access to computer systems. The term hacker is restricted to those computer programmers not seduced by the Dark Side of the Force.
7''The IP Network Address Translator (NAT)," Internet Engineering Task Force RFC 1631, http://info.internet.isi.edu/in-notes/rfc/files/rfcl631.txt

 


Previous page
Table of content
Next page
How to Build a Beowulf
How to Build a Beowulf: A Guide to the Implementation and Application of PC Clusters (Scientific and Engineering Computation)
ISBN: 026269218X
EAN: 2147483647
Year: 1999
Pages: 134
Authors: Thomas Sterling, Daniel F. Savarese, Donald J. Becker, John Salmon
BUY ON AMAZON
Strategies for Information Technology Governance
A Practitioners Guide to Software Test Design
Java for RPG Programmers, 2nd Edition
Microsoft Windows Server 2003(c) TCP/IP Protocols and Services (c) Technical Reference
The Java Tutorial: A Short Course on the Basics, 4th Edition
Digital Character Animation 3 (No. 3)
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy