Security

Moderators: Site Moderators, FAHC Science Team

Post Reply
beerhoff
Posts: 9
Joined: Sat Mar 21, 2020 11:18 pm
Hardware configuration: Intel i9-7900X 3.30GHz 20-cores + NVidia GeForce GTX 1080 Ti| MacBook Pro i7 3.1GHz Quad core + ATI Radeon Pro 560
Location: Toronto, Canada
Contact:

Security

Post by beerhoff »

Hey folks,

You're doing great job, thanks for that!

There is a question about IT Security controls you have implemented for the solution. Do you have any thread regarding this that I could use as a KB for my team? Can you share how do you protect end user side against their data (PII, credentials, documents etc.) theft? How are we protected against loss of control under our computers? These are common questions I got from my teammates for the last 2 days who would like to join the project, but I couldn't find relevant info yet. I hope, Labs have pretty powerful IT security systems implemented and your network, servers and services are protected well. But how do you maintain an assurance?

BR,
George
Facebook group for Canadians is here

Image
JimboPalmer
Posts: 2522
Joined: Mon Feb 16, 2009 4:12 am
Location: Greenwood MS USA

Re: Security

Post by JimboPalmer »

Welcome to Folding@Home!

I am just a user like you, with no association with F@H. I am however a programmer for 40 years and an author of multi level client server applications PC <<>> interactive server <<>> batch server
So I am interested in how they handled problems I had.

F@H will only ever use ports 80 and 8080, same as any browser. The client contacts a fixed Assignment Server, and the assignment server hands off the download to a Work Server. (for the last week, beefing up those assignment servers has been a high priority as everyone wants to be assigned work) The work servers are on many University campuses, but the Assignment servers are at Stanford, so the client always contacts the same IP Addresses.

The client is currently only distributed by Standford. (in the past Sony had Android and PS2 clients, neither is active now) The client only has read/write access to one directory. (Folks who try custom installs run afoul of this frequently) There is very exhaustive digital signature checking to be sure what was sent is what was received, it also serves to impede false flag servers.

All the science part of the client is open source, but F@H keeps the communication protocols proprietary. Security by obscurity.

https://foldingathome.org/faqs/miscella ... ty-issues/
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
bruce
Posts: 20824
Joined: Thu Nov 29, 2007 10:13 pm
Location: So. Cal.

Re: Security

Post by bruce »

JimboPalmer wrote:The client contacts an Assignment Server, and the assignment server hands off the download to a Work Server.
The connection to the WS uses explicit IP addresses which are a lot harder to hack than DNS names.
JimboPalmer
Posts: 2522
Joined: Mon Feb 16, 2009 4:12 am
Location: Greenwood MS USA

Re: Security

Post by JimboPalmer »

bruce wrote:
JimboPalmer wrote:The client contacts an Assignment Server, and the assignment server hands off the download to a Work Server.
The connection to the WS uses explicit IP addresses which are a lot harder to hack than DNS names.
I think there are only 2 Assignment servers and the Client contacts them by IP address, not DNS as well. (I am less sure of this so I did not mention it)
Only using IP addresses makes it harder for false flag servers to mess with DNS to get access. (at the cost of less flexibility for the University's IT departments)
Tsar of all the Rushers
I tried to remain childlike, all I achieved was childish.
A friend to those who want no friends
bruce
Posts: 20824
Joined: Thu Nov 29, 2007 10:13 pm
Location: So. Cal.

Re: Security

Post by bruce »

18.218.241.186

Quoting from a log:

Code: Select all

..:..:..: No WUs available for this configuration
14:50:55:WU02:FS00:Connecting to 18.218.241.186:80
14:50:55:WARNING:WU02:FS00:Failed to get assignment from '18.218.241.186:80': No WUs available for this configuration
14:50:55:ERROR:WU02:FS00:Exception: Could not get an assignment
14:53:31:WU02:FS00:Connecting to 65.254.110.245:8080
14:53:32:WARNING:WU02:FS00:Failed to get assignment from '65.254.110.245:8080': No WUs available for this configuration
Post Reply