Getting Secured

The purpose of parallel computing is to get faster computation. Therefore SCore Cluster System Software is designed for providing high-performance computation on a cluster system. There is a growing demand for the protection from the cracker attacks. However, there is a trade-off between the high-performance and the security. Having the more robust secured system, the lower the performance.

From the SCore Cluster System Software version 3.1, some level of security is introduced. SCore Cluster System Software, however, was not yet designed to be exposed to Internet. As the demand of network security getting larger and larger, and from the version 5.4, we implemented new security mechanism described in this page.

It is assumed that the reader of this page is an expert of Linux (Unix). If you can not undertand what is written in this page, we strongly recommend not to connect your cluster network with Internet.

The new security feature is based on [x]inetd and the ingress check. It is assumed that your upper (outer) network must have the ingress check. If you are not sure on this, ask network administrator, or do not connect with Internet.

Here is the procedure to secure your SCore cluster.

Edit the /etc/score.conf file and add the following line.
SCORE_SECURE_DAEMONS=yes
On you server host, copy /opt/score/score-src/SCore/security/server/* files into /etc/xinetd.d directory. On you cluster (compute) hosts, copy /opt/score/score-src/SCore/security/compute/* files into /etc/xinetd.d directory.
Edit those copied files, if necessary.
Enable [x]inetd.
Reboot server host and cluster (compute) hosts.

Although we are doing our best, connecting with Internet is considered to be dangerous and do at your own risk.

Cracking Alert

Some programs in SCore Cluster System Software give a warning message when they detect some illegal situation that might be a cracking trial. If a cluster administrator or a user finds one of these messages, stop using the system and consult a system administrator of your site as soon as possible.

SCore-D outputs an alert message at the initialization stage when it finds an illegal cache file in the directory /var/scored/scoreboard. Here is the sample of the message.
SCBD: SECURITY ERROR !! Cached file (/var/scored/scoreboard/server.02f00200DLs5) is not a regular file.
SCore-D outputs an alert message to sc_syslog when it detects an illegal login request. Here is the sample of the message.
UNAUTHORIZED LOGIN REQUEST: somebody@somehost:1234
scrun outputs an alert message when it detects an illegal connection request. Here is the sample of the message.
SCRUN: Unauthorized connection (INET from somehost:2345).

We need you help !

If you find any possible security hole in SCore Cluster System Software, send e-mail(s) to

score-master@pccluster.org.

PC Cluster Consotium

$Id: security.html,v 1.8 2003/08/18 07:56:31 hori Exp $