From c46acabfe695fb838f61868860ff54c6a600a309 Mon Sep 17 00:00:00 2001 From: Shilla Saebi Date: Tue, 28 Jan 2014 15:55:48 -0500 Subject: [PATCH] small cleanup security_guide ch037_risks typo queueuing to Queuing minor grammar edit, added comma Made changes to sentence formats removed extra paragraph for 1 sentence, added 0MQ, removed space afer Change-Id: Idb7b7cce09e2a38c2e2838c06e023a4ebf4b4839 --- doc/security-guide/ch037_risks.xml | 62 +++++++++++++++++++++--------- 1 file changed, 44 insertions(+), 18 deletions(-) diff --git a/doc/security-guide/ch037_risks.xml b/doc/security-guide/ch037_risks.xml index db3f014df3..7d469f9490 100644 --- a/doc/security-guide/ch037_risks.xml +++ b/doc/security-guide/ch037_risks.xml @@ -1,19 +1,45 @@ - - Message Queuing Architecture - Inter-process communication within OpenStack is facilitated via message queueing services. Today, three messaging service backends are supported: - - RabbitMQ - - - Qpid - - - ZeroMQ - - - Both RabbitMQ and Qpid are Advanced Message Queuing Protocol (AMQP) frameworks which provide message queues for peer-to-peer communication. Queue implementations are typically deployed as centralized or decentralized pool of queue servers. ZeroMQ differs by communicating directly using TCP sockets between peers. - Message queues effectively facilitate command and control functions across OpenStack deployments. Once access to the queue is permitted no further authorization checks are performed. Services accessible via the queue do validate the contexts and tokens within the actual message payload. However, awareness of the token's expiration value should be noted as these tokens are potentially replayable and may provide authorization for other services within the infrastructure. - OpenStack does not support message-level confidence (i.e., message signing). Because of this, the message transport itself must be secured and authentication to the queue server must be performed. For HA configurations, queue to queue authentication and encryption should to be performed as well. - With ZeroMQ messaging, IPC sockets are used on individual machines. These sockets may be vulnerable to attack for local message injection and snooping unless secured by an operator. - + + + Message Queuing Architecture + Message queuing services facilitate inter-process + communication in OpenStack. OpenStack supports these message + queuing service back ends: + + + RabbitMQ + + + Qpid + + + ZeroMQ or 0MQ + + + Both RabbitMQ and Qpid are Advanced Message Queuing Protocol + (AMQP) frameworks, which provide message queues for peer-to-peer + communication. Queue implementations are typically deployed as a + centralized or decentralized pool of queue servers. ZeroMQ + provides direct peer-to-peer communication through TCP + sockets. + Message queues effectively facilitate command and control + functions across OpenStack deployments. Once access to the queue + is permitted no further authorization checks are performed. + Services accessible through the queue do validate the contexts and + tokens within the actual message payload. However, you must note + the expiration date of the token because tokens are potentially + re-playable and can authorize other services in the + infrastructure. + OpenStack does not support message-level confidence, such as + message signing. Consequently, you must secure and authenticate + the message transport itself. For high-availability (HA) + configurations, you must perform queue-to-queue authentication and + encryption. + With ZeroMQ messaging, IPC sockets are used on individual + machines. Because these sockets are vulnerable to attack, ensure + that the cloud operator has secured them. +