Re: [Opensim-users] about OpenSim GRID security.
On 06/02/2014 04:16 PM, David Saunders wrote: GRid Security? Well there is a lacking of it. I been working on a ways to prevent grids/Simulators to connect to our network. Its built around allowing sims to authenticate with a configuration server that will open the door for them to connect to the grid services. But I not found a list of ports that need to open for clients to use, and been testing a list simulator ports to splite the services from the client to a public set of ports and the simulator a set of private port that can be open when they connect. Why not do it at the server side with a whitelist? If the requester is not on the list then they get no service. This would be easy if we did not allow trusted remote simulators to connect. What would be the point of grid services is trusted sims could not connect? When I asked about security lasst I was given you keep the ports a secret and only give them out to people you trust. You could have one server process/virtual machine that listens on the ports, does the whitelist and forwards legitimate requests to the actual services. Really this isn't an opensim question but a general securing services question. There are many different ways to do it including firewall, VPN, whitelist, load balancer, gating service and so on. - s ___ Opensim-users mailing list Opensim-users@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Re: [Opensim-users] about OpenSim GRID security.
Not sure if this will make it to 0.8, but I recently added HTTP authentication to all robust-bound connectors of internal grid services. HTTP authentication is not hard security, but it makes it much harder for unauthorized accesses to the grid services. (I, too, run a grid with simulators in different data centers.) On 6/2/2014 4:16 PM, David Saunders wrote: GRid Security? Well there is a lacking of it. I been working on a ways to prevent grids/Simulators to connect to our network. Its built around allowing sims to authenticate with a configuration server that will open the door for them to connect to the grid services. But I not found a list of ports that need to open for clients to use, and been testing a list simulator ports to splite the services from the client to a public set of ports and the simulator a set of private port that can be open when they connect. This would be easy if we did not allow trusted remote simulators to connect. When I asked about security lasst I was given you keep the ports a secret and only give them out to people you trust. A locked door is moor sure the a unlocked door behind a bush. David. On Sun, Jun 1, 2014 at 10:16 AM, Shaun T. Erickson s...@smxy.org mailto:s...@smxy.org wrote: A good firewall config will handle much of it. -ste On 6/1/14, 6:29 AM, Luisillo Contepomi wrote: I dont know if exist or not this list but I think it would be very interesting. OpenSimulator is a Alpha declarated by developers but I think that the project has enough maturity to start thinking seriously about security. ___ Opensim-users mailing list Opensim-users@opensimulator.org mailto:Opensim-users@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users ___ Opensim-users mailing list Opensim-users@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users ___ Opensim-users mailing list Opensim-users@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Re: [Opensim-users] about OpenSim GRID security.
A good firewall config will handle much of it. -ste On 6/1/14, 6:29 AM, Luisillo Contepomi wrote: I dont know if exist or not this list but I think it would be very interesting. OpenSimulator is a Alpha declarated by developers but I think that the project has enough maturity to start thinking seriously about security. ___ Opensim-users mailing list Opensim-users@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users
Re: [Opensim-users] about OpenSim GRID security.
So far the one greifer every one talks about just uses public rez privs The key to defeating him is to stop leaving your land wide open with public rez tuned on. The fact people do isnt the fault of opensim but is a case of operator error. If you wish to leave your security wide open like that you need to be prepared to take what comes with it. its like taking the front door off your house and expecting no one to just walk in and make them selves feel at home. you night not mind the good people that come in but for every few good ones there’s gonna be a bad one. Trinity On Sat, May 31, 2014 at 10:10 AM, M.E. Verhagen marcel...@gmail.com wrote: I think it is very hard to do something against so called attacks. A griever would simply register at a trusted grid and do its evil. So I do not think a trusted grid would bring anything perhaps some violation of privacy rights. The only way to do something about it is to stop those grievers c.q. hackers somehow. ___ Opensim-users mailing list Opensim-users@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users ___ Opensim-users mailing list Opensim-users@opensimulator.org http://opensimulator.org/cgi-bin/mailman/listinfo/opensim-users