21 Jul
2020
21 Jul
'20
9 p.m.
Hi everyone, we have a ceph cluster for object storage only, the rgws are accessible from
the internet, and everything is ok.
Now, one of our team/client required that their data should not ever be accessible from
the internet.
In any case of security bug/breach/whatever, they want to limit the access to their data
from the local network.
Before creating a second "private" cluster, is there a way to achieve this on
our current "public" cluster?
Is a multi-zone without replication would help me with that?
A public rgws for public access on the "pub_zone", and a private rgws for
private access on the "prv_zone"?
pubzone.rgw.buckets.data
prvzone.rgw.buckets.data
If the "public" rgws is hacked, without the access_key/secret_key of the private
zone, is there any possibilities to access the private zone?
Does a multi-realms would help me to secure it more?
Any input would be really appreciated.
I don't want to put to much energy for false security and/or security by obscurity,
so if these scenarios of multi-sites/multi-realms are useless, in a security point of
view, please tell me. :-)
Thanks!
JS
23 Jul
23 Jul
11:31 a.m.
On 7/21/20 6:30 PM, Jean-Sebastien Landry wrote:
Hi everyone, we have a ceph cluster for object storage
only, the rgws are accessible from the internet, and everything is ok.
Is there a HTTP proxy in between?
Now, one of our team/client required that their data should not ever be accessible from
the internet.
First: Upload with a Private ACL. This means that Authentication is
always required to read the data.
In any case of security bug/breach/whatever, they want
to limit the access to their data from the local network.
Before creating a second "private" cluster, is there a way to achieve this on
our current "public" cluster?
Is a multi-zone without replication would help me with that?
A public rgws for public access on the "pub_zone", and a private rgws for
private access on the "prv_zone"?
pubzone.rgw.buckets.data
prvzone.rgw.buckets.data
If the "public" rgws is hacked, without the access_key/secret_key of the
private zone, is there any possibilities to access the private zone?
Does a multi-realms would help me to secure it more?
Any input would be really appreciated.
I don't want to put to much energy for false security and/or security by obscurity,
so if these scenarios of multi-sites/multi-realms are useless, in a security point of
view, please tell me. :-)
Why not work with a HTTP proxy in between that filters out specific
bucket names? Or only allows access to them if the client IP matches X.
This way two barriers need to be crossed:
- Filtering in the proxy
- RGW authentication
Wido
>
> Thanks!
> JS
> _______________________________________________
> ceph-users mailing list -- ceph-users(a)ceph.io
> To unsubscribe send an email to ceph-users-leave(a)ceph.io
>
10:59 p.m.
Hi Wido, yes I have and http proxy in between.
Your right, bucket filtering on the proxy and ACL on the bucket will be simple enough,
but I don't know if it will be good enough.
I know it's far-fetched but, if, for whatever reason, the access/secret key are
leaked,
and I have a security issue on the rgw (edge node) then the data could be exposed after
modifying the proxy filtering rules.
Maybe I could have two proxy, one on the edge node fronting the public network, without
filtering,
forwarding to a second proxy in the private network, doing the bucket filtering...
Thanks!
JS
1391
days inactive
1393
days old
2 comments
2 participants
participants (2)
-
Jean-Sebastien Landry -
Wido den Hollander