Hardening guide's a good idea as well.
I don't see a general road map in the wiki? I'm going to start working on a
security roadmap ("wish list" is probably more accurate for now, not going to
put dates/releases on it) but that can either be merged into or linked from a
"general" road map when that exists.
John
On Aug 3, 2012, at 3:29 PM, Hugo Trippaers wrote:
> Hey John,
>
> Completely agree!
>
> I think it's pretty easy to make a central config flag for that. If it is
> there I will use that flag to check before loading the trust managers.
>
> Cheers,
>
> Hugo
>
> P.S. what about a hardening guide for CS?
>
> Sent from my iPhone
>
> On 3 aug. 2012, at 21:49, "John Kinsella" <[email protected]> wrote:
>
>> Arve's made a comment in the "Official ASF process for re-writing code"
>> thread about accepting SSL certs that I wanted to comment on, without
>> hijacking that thread:
>>
>> CloudStack (and most (maybe all) Cloud management platforms I've seen)
>> blindly accept any ssh host keys or SSL certificates they encounter. As a
>> security guy, to me this is Bad - we're throwing out a key ability to
>> recognize impostors.
>>
>> What I'd like to see is probably a "don't blindly trust keys" configuration
>> option that's disabled by default. That way, those who like the status quo
>> can continue right along.
>>
>> In my mind, I envision the following functionality to be enabled when the
>> configuration flag is enabled:
>> * ssh connections between mgmt server/hosts and between hosts/SSVMs would
>> NOT blindly accept ssh keys, but would log an error that's clearly logged
>> specifying that either a host key mismatch or an unrecognized key was
>> encountered. This then becomes an admin's problem to fix.
>> * SSL based connections would similarly not blindly trust a self-signed or
>> mismatched SSL certificate, but attempt the verification and only proceed if
>> the cert was validated. Otherwise, detailed error is logged specifying the
>> service, host, and key. This then becomes an admin's problem to fix.
>>
>> Possibly a simple utility script similar to the SSVM test script could be
>> written that would check to make sure that various ssh/ssl connections are
>> working properly, and if not would clearly point them out.
>>
>> Thoughts? I'm not expecting to fix this for CS4, but if we can come to a
>> general agreement we can throw it on the roadmap.
>>
>> John
>>
>> Stratosec - Secure Infrastructure as a Service
>> o: 415.315.9385
>> @johnlkinsella
>>
>
Stratosec - Secure Infrastructure as a Service
o: 415.315.9385
@johnlkinsella
