Re: [Keepalived-devel] Keppalived, VRRP and security
Status: Beta
Brought to you by:
acassen
Menu
▾
▴
Re: [Keepalived-devel] Keppalived, VRRP and security
|
From: Diego R. <lr...@ra...> - 2003-07-23 06:16:42
|
I take it back...it seems all I was missing for AH authentication was the password! :) sorry for the newbie question. Q: in this scenario, is safeguarding the password enough for it to NOT be hacked? I would prefer the VRRP be encrypted such that nobody can sniff it and make sense out of it in time to do damage. Is this practical/possible?=20 Is AH safe enough? Thanks On Tue, 2003-07-22 at 21:40, Diego Rivera wrote: > Hello all >=20 > I'm no expert in VRRP, but it seems to me that it doesn't have an > encryption/validation mechanism that I would consider "secure" (i.e. > certificate exchange or similar mechanism). >=20 > Passwords are transmitted in the clear (if I'm not mistaken). >=20 > I'd love to be able to set up my keepalived-enabled boxes to only allow > VRRP from an allowed box without having to go into firewalling the > protocol itself (i.e., only accept packets from IP xxx....). >=20 > I tried AH, but have no docs or samples on how to make it work > effectively, or what I would need to do in order to make it work. >=20 > Info is greatly appreciated. >=20 > Thanks --=20 =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D * Diego Rivera * * * * "The Disease: Windows, the cure: Linux" * * * * E-mail: lrivera<AT>racsa<DOT>co<DOT>cr * * Replace: <AT>=3D'@', <DOT>=3D'.' * * * * GPG: BE59 5469 C696 C80D FF5C 5926 0B36 F8FF DA98 62AD * * GPG Public Key avaliable at: http://pgp.mit.edu * =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D |
