perfsonar-user - [perfsonar-user] Security guidance and http(s)
Subject: perfSONAR User Q&A and Other Discussion
List archive
- From: Tim Chown <>
- To: perfsonar-user <>
- Subject: [perfsonar-user] Security guidance and http(s)
- Date: Wed, 22 May 2024 11:04:07 +0000
- Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=jisc.ac.uk; dmarc=pass action=none header.from=jisc.ac.uk; dkim=pass header.d=jisc.ac.uk; arc=none
- Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=6FNHzQ6jy5REKTHnJvSvSjeSmV/UBxVxA/p7Q9SApDs=; b=SZB9bvL/Cmt4+yznjH3Euq/T7S09KGUxN9M1r/9nkLfVbMuyerNUK/EFzTUgDffYQlanqCLlp2bEXBZqCctdTk1fh7++mwS+c1oE1Z71/nh+zK3yUtXFgCfCdDWcTH4zJNJBY0Bdzz1Df4corUWz87wk7ULmNJYUCewzgWdUgUb53frRMV8QIPcwvf9jpBgP06OKEx1miF9mP262zLXoOr27mrhc22nh3ZQRJwhnxXWBfdwPKt3hPivoagdqPPggAXurXezk0AN3fllpYdPcXQTYSW4e5RV+jNQ0rLuDsE50dJUvH6mFqo0Q6iP2dejqO8z0jAggtmX5bQybb8mVmg==
- Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=EU0ntv0OiWl9JrBzX+o+PUBh2Hy9DbjYlbCsdV2Ha09DWOiMYWvGQnsFaNUkhClCBwd2jtXvURi12ITtu5VaIlNk/qb+cw8RNZT0dlUwQM5Hyvr6p+aJbFYkm7PGY6D756aK2pqikZ4hxDUUwdEmMznLqdKl8uljBCwNq3WlhtV6PFz7CCvFR4hhrQNI/hXWJ1pnvEtLDihZ388Ioq7vzwqEEEzew/CDajGvVLaMLTiT5DMlIOCDKI/x7wEeSE+h7pQyCHLGIxHPugmvDX11Tpf6qNWFhgMVKH4aeH43Awy66YaXb/SME3JeNtU2k5G9sPTHSKeF384GHRlIPTwNGA==
- Msip_labels: MSIP_Label_628f3288-8b3e-408d-a4e1-b1f65b180f66_Enabled=True;MSIP_Label_628f3288-8b3e-408d-a4e1-b1f65b180f66_SiteId=48f9394d-8a14-4d27-82a6-f35f12361205;MSIP_Label_628f3288-8b3e-408d-a4e1-b1f65b180f66_SetDate=2024-05-22T11:04:06.9157464Z;MSIP_Label_628f3288-8b3e-408d-a4e1-b1f65b180f66_ContentBits=0;MSIP_Label_628f3288-8b3e-408d-a4e1-b1f65b180f66_Method=Privileged
|
Hi,
We’ve had some queries about firewall settings for perfSONAR, in particular for http(s).
I believe the current relevant guidance is at https://www.perfsonar.net/deployment_security.html, which lists ports 80 and 443 as “management interfaces”.
A couple of questions from that. The first is whether port 80 is needed any more. Is all web activity now on 443?
And secondly, what specifically is 443 used for? There’s access to the “toolkit” page, there’s also presumably pscheduler’s negotiation of tests and their scheduling, and subsequent retrieval of measurement results? What else is 443 required for?
It might be nice to be explicit in what the “management” is, given it seems a common question.
We have had some sites ask whether they can keep web access / port 443 internal only, to have just an internal toolkit view, is that possible if tests are configured via a remote configuration file that’s pulled down and rersults are sent to a remote archive?
Thanks, Tim |
- [perfsonar-user] Security guidance and http(s), Tim Chown, 05/22/2024
- Re: [perfsonar-user] Security guidance and http(s), Andrew Lake, 05/22/2024
- Re: [perfsonar-user] Security guidance and http(s), Tim Chown, 05/23/2024
- Re: [perfsonar-user] Security guidance and http(s), Andrew Lake, 05/23/2024
- Re: [perfsonar-user] Security guidance and http(s), Tim Chown, 05/23/2024
- Re: [perfsonar-user] Security guidance and http(s), Andrew Lake, 05/22/2024
Archive powered by MHonArc 2.6.24.