Security

Moderators: Site Moderators, FAHC Science Team

Security

Postby beerhoff » Sun Mar 22, 2020 5:40 pm

Hey folks,

You're doing great job, thanks for that!

There is a question about IT Security controls you have implemented for the solution. Do you have any thread regarding this that I could use as a KB for my team? Can you share how do you protect end user side against their data (PII, credentials, documents etc.) theft? How are we protected against loss of control under our computers? These are common questions I got from my teammates for the last 2 days who would like to join the project, but I couldn't find relevant info yet. I hope, Labs have pretty powerful IT security systems implemented and your network, servers and services are protected well. But how do you maintain an assurance?

BR,
George
Facebook group for Canadians is here

Image
beerhoff
 
Posts: 10
Joined: Sun Mar 22, 2020 12:18 am
Location: Toronto, Canada

Re: Security

Postby JimboPalmer » Sun Mar 22, 2020 6:04 pm

Welcome to Folding@Home!

I am just a user like you, with no association with F@H. I am however a programmer for 40 years and an author of multi level client server applications PC <<>> interactive server <<>> batch server
So I am interested in how they handled problems I had.

F@H will only ever use ports 80 and 8080, same as any browser. The client contacts a fixed Assignment Server, and the assignment server hands off the download to a Work Server. (for the last week, beefing up those assignment servers has been a high priority as everyone wants to be assigned work) The work servers are on many University campuses, but the Assignment servers are at Stanford, so the client always contacts the same IP Addresses.

The client is currently only distributed by Standford. (in the past Sony had Android and PS2 clients, neither is active now) The client only has read/write access to one directory. (Folks who try custom installs run afoul of this frequently) There is very exhaustive digital signature checking to be sure what was sent is what was received, it also serves to impede false flag servers.

All the science part of the client is open source, but F@H keeps the communication protocols proprietary. Security by obscurity.

https://foldingathome.org/faqs/miscella ... ty-issues/
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
JimboPalmer
 
Posts: 2041
Joined: Mon Feb 16, 2009 5:12 am
Location: Greenwood MS USA

Re: Security

Postby bruce » Sun Mar 22, 2020 6:10 pm

JimboPalmer wrote:The client contacts an Assignment Server, and the assignment server hands off the download to a Work Server.

The connection to the WS uses explicit IP addresses which are a lot harder to hack than DNS names.
bruce
 
Posts: 20010
Joined: Thu Nov 29, 2007 11:13 pm
Location: So. Cal.

Re: Security

Postby JimboPalmer » Sun Mar 22, 2020 6:17 pm

bruce wrote:
JimboPalmer wrote:The client contacts an Assignment Server, and the assignment server hands off the download to a Work Server.

The connection to the WS uses explicit IP addresses which are a lot harder to hack than DNS names.

I think there are only 2 Assignment servers and the Client contacts them by IP address, not DNS as well. (I am less sure of this so I did not mention it)
Only using IP addresses makes it harder for false flag servers to mess with DNS to get access. (at the cost of less flexibility for the University's IT departments)
JimboPalmer
 
Posts: 2041
Joined: Mon Feb 16, 2009 5:12 am
Location: Greenwood MS USA

Re: Security

Postby bruce » Sun Mar 22, 2020 6:25 pm

18.218.241.186

Quoting from a log:
Code: Select all
..:..:..: No WUs available for this configuration
14:50:55:WU02:FS00:Connecting to 18.218.241.186:80
14:50:55:WARNING:WU02:FS00:Failed to get assignment from '18.218.241.186:80': No WUs available for this configuration
14:50:55:ERROR:WU02:FS00:Exception: Could not get an assignment
14:53:31:WU02:FS00:Connecting to 65.254.110.245:8080
14:53:32:WARNING:WU02:FS00:Failed to get assignment from '65.254.110.245:8080': No WUs available for this configuration
bruce
 
Posts: 20010
Joined: Thu Nov 29, 2007 11:13 pm
Location: So. Cal.


Return to V7.5.1 Public Release Windows/Linux/MacOS X

Who is online

Users browsing this forum: No registered users and 3 guests

cron