Omar Kohl
2018-Jan-03  19:35 UTC
[Gluster-users] Trusted pool authentication & traffic encryption
Hi all, I have some questions concerning Gluster security. I was thinking about using Gluster for synchronizing data between my laptop and my desktop computer. I realize that this is not the usual use case, but I think it should work. I would create one replica-2 volume with one brick on each PC plus a FUSE mount of that volume on each PC. I would then always write my data to the local FUSE mount. Quite often one of the PCs would be offline but this should not be a problem (right?) because they would synchronize as soon as both are online. Question1: The hosts in the trusted peer network know about each other via hostname or IP address. What would happen if I take my laptop into another network and someone else has the same IP address as my desktop PC at home? Are there any circumstances under which the Laptop would start sending data to that third-party machine? What if for instance this third party were a malicious attacker that knew I was using Gluster? Question2: If someone has access to my home network would they see the clear-text traffic between the two Gluster hosts (i.e. between the brick processes)? I thinks both questions are easily generalizable to other settings. For instance an attacker could try IP spoofing in a datacentre or they could record all traffic that passes through a switch. I suspect both questions might be answered with TLS/SSL encryption (e.g. https://access.redhat.com/documentation/en-us/red_hat_gluster_storage/3.2/html/administration_guide/chap-network_encryption) but I would like confirmation and preferably some more details how the hosts/bricks authenticate to each other and if any assumptions are being made. Kind regards, Omar
