Forgot to CC the list, my bad. On Wed, Apr 8, 2009 at 12:25 PM, Joseph C. Bender <[email protected]> wrote: > J.C. Roberts wrote: >> >> As for the mentioned issue of encrypting the bus data, since you've got >> the VLAN it is feasible, but if you've got an attacker inside the >> switches of your datacenter, then you obviously have more important >> problems. > > Another scenario is that you get a compromised machine that has access to > this pool of resources. I don't have to compromise your switching, I just > have to compromise a host that uses this network. Given that Windows hosts > get to participate with this sort of thing, that's just a matter of time. > > Given that the security model relies on *VLANS* of all things to segment > network resources (from what little information is out there), one > compromised host could ruin your whole day, especially if the switch has > VLAN tagging vulnerabilities as well (which has happened more times than I'd > like to think about.) >
Since J.C. is talking about HPC, I don't think that'd be such a concern. Like Matthew said, the "dedicated network" scenario is much more likely, and thus the probability of a compromised host decreases dramatically (since you control every single host in the network). I'm currently working with bioinformatics algorithms in cluster environments, so (as always), your extremely detailed emails have been a great reading material, J.C. Thanks, and keep up the great work! > > -JCB
