Forum: CFEngine Help Subject: Re: Master to client security, signing? Author: neilhwatson Link to topic: https://cfengine.com/forum/read.php?3,24394,24437#msg-24437
Every system I can think of will have a point of failure somewhere. Defense in depth is the correct approach. Each client or policy server can have MAC systems like SElinux, active 'tripwires' via Cfengine or other appraoch, limited services and users. Policy servers themselves often service only a selection of clients. In a DMZ one might have a dedicated policy server. This is the single point of failure but it is limited to that DMZ. The version control service is deep inside the keep, in the most protected area. Policy servers have access to it but only what they need and only read only. When you combine these things together the security is good. Only pulling the plug would make it any better. I do not think that having clients pull directly from version control would scale well and there is little benefit versus pulling from a policy host instead. G _______________________________________________ Help-cfengine mailing list Help-cfengine@cfengine.org https://cfengine.org/mailman/listinfo/help-cfengine
