Intra-cloud plaintext?

ptilsenptilsen Posts: 2,835Member ■■■■■■■■■■
I was looking at the image linked in this article and was actually somewhat alarmed. Am I crazy, or does just dropping all traffic to plaintext within one's own cloud sound like horrible design?

I'm not suggesting all traffic in all networks requires encryption, but traffic between services within a major cloud's network? Breach the perimeter and someone suddenly can get at everything.
Working B.S., Computer Science
Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
In progress: CLEP US GOV,
Next up: MATH 211, ECON 352, ICS 340

Comments

  • colby_arcolby_ar Posts: 61Member ■■□□□□□□□□
    The best part is the sinister looking smiley face.
  • ptilsenptilsen Posts: 2,835Member ■■■■■■■■■■
    Well, that's actually what the article was about. The Google engineers interviewed are furious, understandably. I'm a little more perturbed that anyone who can circumvent or penetrate Google's front-end gets to see plaintext traffic on the back-end.
    Working B.S., Computer Science
    Complete: 55/120 credits SPAN 201, LIT 100, ETHS 200, AP Lang, MATH 120, WRIT 231, ICS 140, MATH 215, ECON 202, ECON 201, ICS 141, MATH 210, LING 111, ICS 240
    In progress: CLEP US GOV,
    Next up: MATH 211, ECON 352, ICS 340
  • prampram Posts: 171Member
    ptilsen wrote: »
    I'm a little more perturbed that anyone who can circumvent or penetrate Google's front-end gets to see plaintext traffic on the back-end.

    This describes like, 100% of every environment I've seen.
  • instant000instant000 Posts: 1,745Member
    pram wrote: »
    This describes like, 100% of every environment I've seen.

    The one fallacy is that they have acquired links that are "supposed" to be "private".

    These "private" links span across geographic areas.

    This reminds me of this article:
    Room 641A - Wikipedia, the free encyclopedia

    One thing they could do would be enabling a hardware-based VPN mesh across their backend. Without knowledge of their environment, I cannot begin to know how troublesome this is for them. The same way they make their little throw-away servers, they could make throw-away VPN routers to protect their site-to-site communications. I'm imagining something like multiple parallel tunnels between sites, and just let routing dicate the data flow and path-sharing.

    Of course, this added complexity probably hurts their availability, and we then suffer more frequent outages of youtube (hah, that might increase productivity).

    And somehow, I then thought about this story:

    This thought on availability had me then thinking about "Mafiaboy" but that's probably too much of a tangent right now.
    Currently Working: CCIE R&S
    LinkedIn: http://www.linkedin.com/in/lewislampkin (Please connect: Just say you're from TechExams.Net!)
  • wes allenwes allen Posts: 540Member ■■■■■□□□□□
  • wes allenwes allen Posts: 540Member ■■■■■□□□□□
    Traditional L3 and up encryption has too much overhead and is way too slow for the amounts of data that they move around. Keep in mind that it wasn't all that long ago that many big sites still didn't use ssl by default outside of Auth, for all external traffic anyway.
    ptilsen wrote: »
    Am I crazy, or does just dropping all traffic to plaintext within one's own cloud sound like horrible design?
Sign In or Register to comment.