I'm attempting to set up a small network of computers where 4 child nodes feed small snippets of data into 1 parent node. I need the data transmission between the nodes to be secure (secure as in, if the packets are intercepted it is not easy to determine their contents). Does anyone have suggestions? I looked into HTTPS POST and encrypting SOAP messages, but before I got my hands too dirty I wanted to get opinions from the crowd.
+3
A:
HTTP over TLS is fine. And, since there is already quite a bit of tooling around it, it should be quite an easy and productive approach.
John Gietzen
2010-07-01 18:22:51
Most people also don't actually verify the server certificate or enable client certificates with https, making it prone to all sorts of fun attacks.
lrm
2010-07-01 18:52:06
@TheRook: HTTP over SSL and HTTP over TLS are both called HTTPS. I was just clarifying.
John Gietzen
2010-07-01 19:56:59
@Irm: "All sorts" meaning Man-in-the-middle. Anyways, almost any TLS library will enforce trusted certificates out of the box by default.
John Gietzen
2010-07-01 21:35:30
+2
A:
Besides TLS (SSL), which provides line-level encryption, you may want to authenticate the user using WS Security with X.509 Certificates. Another cheap security method is to limit traffic between hosts via by accepting messages only from known addresses/internal network hosts.
Nissan Fan
2010-07-01 18:26:41
+1
A:
Again, HTTP over TLS (Formerly known as HTTPS) is secure enough for most security needs, and since th network packets already encrypted by HTTPS, you do not need to reencrypte your message (Unless you have an extraordinary situation).
eyazici
2010-07-01 18:26:49
+1
A:
I would suggest using TLS/SSL protocol.
There are some libraries available to implement this (depending on the programming language you are using):
-OpenSSL
-GnuTLS
-JSSE
-...
You also might want to check wikipedia on TLS/SSL for more information.
Luis Miguel
2010-07-01 18:27:47
+2
A:
You probably want to look up TLS, which was built on its predecessor: the Secure Sockets Layer. Version 1.2 uses a combination of a MD5 and SHA-1 key.
SHA is one of the best one-way encryption algorithms to date.
You should also look into virtual private networks (VPNs), since it sounds like you need to maintain a secure session.
vol7ron
2010-07-01 18:28:12
+1
A:
You could set up ssh tunnels, which (IMHO) are better for transmitting arbitrary data. The security is probably better since you can use public key crypto to secure messages. The system doesn't scale terribly well, but if you only have 4 nodes, this shouldn't be a problem.
Adam Shiemke
2010-07-01 18:38:38