Secure Networking

Pizza, beer, and mingling.

"Network Security in a World Without Trust"
Andreas M. Antonopoulos (http://www.linkedin.com/in/amantonopoulos), Rooteleven.com

"Security in the Deployment Stack"
Jo Rhett (http://www.linkedin.com/in/jorhett) - Senior Operations Architect, StubHub!

Before cloud usage became common, most people would protect their computing resources by setting up firewalls and other barriers to entry to their physical data centers, and then not worrying about the inside. These days, many are running applications that communicate with each other in the cloud, where you can't create a wall around all of your resources quite so easily. A high level of paranoia has also led some to secure all network communications within physical data centers in case there is a breach.

How do you secure these communications so that they can't be seen by others? For example, MySQL has added native SSL support (used by MySQL for securing the replication stream, as well as communication with clients), but many other such systems have not.

There are a range of tools available to secure network communications, including stunnel (https://www.stunnel.org/index.html), OpenVPN (http://openvpn.net/), OpenSSH (http://www.openssh.org/), and OpenSSL (http://www.openssl.org/).

Securing web service calls has a head-start, because you can use HTTPS. But if you need to secure other things, such as a messaging backbone, a NoSQL store, or sending jobs to a worker pool cluster (e.g., Hadoop, Mesos, Gearman, etc) or some other system, how do you do it? Are you using one of the tools above, or have you found something else that works? If you've used more than one of these, which one do you think works best? Whatever tool you're using, how do you manage your certificates? Do you bake them into your machine images, or hand-install unique certs on every host? Is there an alternative? Have you found a solution to running headless without having to use certs without passwords?

For our October event, I'd like to hear about issues and solutions in securing network communications within applications made up of multiple heterogenous components. What are you using, and why? Can you show us tips for setting this up at scale? I'm looking for 2-4 20-25 minute talks. If you can give a talk, please contact me, Chris Westin, through meetup.

As well as the evening's theme talks, we can fit in 2-3 five minute lightning talks at the beginning of the evening; any topic that would be interesting to the #lspe audience is welcome. If you're interested in giving a lightning talk, contact me, Chris Westin, through meetup.