[Discussion] Features - Designing for Scaleability
Matt Jonkman
jonkman at jonkmans.com
Fri Jan 16 04:41:06 UTC 2009
I was kind of thinking something along the lines of the sensors being
aware, but assuming they could all communicate with eachother may be too
much in many places. I think a hub and spoke architecture would probably
be best. But the communication method would probably be quite efficient
if we just used udp and internal encryption. i.e. udp with the payload
encrypted to preshared keys.
Matt
Frank Knobbe wrote:
> On Thu, 2009-01-15 at 12:35 -0600, Martin Holste wrote:
>> Regarding sensor-sensor communcation, I recommend using OpenVPN for
>> all communication since it's free, cross-platform, provides built-in
>> compression, has easy configuration, it's PKI infrastructure based,
>> and makes debugging much easier since you can sniff your tun0 socket.
>> It also makes your host firewall rules much more simple.
>
> But then you have administration overhead, right? (Sorry, I don't use
> OpenVPN. All my VPN's are SSH-based).
>
> Wouldn't it make more sense to use some sort of cloud/P2P-based
> sensor-to-sensor communication that is able to "find" other sensors to
> reduce admin tasks? Give it a name and let it join the sensor cloud. :)
> I think that may be what Matt was eluding to in regards to sensors being
> aware of each other.
>
> Cheers,
> Frank
>
>
>
--
--------------------------------------------
Matthew Jonkman
Emerging Threats
Phone 765-429-0398
Fax 312-264-0205
http://www.emergingthreats.net
--------------------------------------------
PGP: http://www.jonkmans.com/mattjonkman.asc
More information about the Discussion
mailing list