Comment by mapgrep
12 years ago
Google was letting information flow between its data centers completely unencrypted until last month. http://www.washingtonpost.com/business/technology/google-enc... Last month!
Think about that for a second. Most people on HN wouldn't send a single file to their own backup provider in the clear. Google was sending gushing torrents of data, presumably including email, IMs, etc, over long distances that way.
That's very nice that the company that encouraged all of us to put all our email and documents in its data centers "pushed harder than anyone on the whole internet" for some basic security well after the NSA compromised their shit, but it doesn't excuse their irresponsible practices.
> Google was letting information flow between its data center completely unencrypted until last month. http://www.washingtonpost.com/business/technology/google-enc.... Last month!
Over their own private WAN. The analogy would be sending things in the clear over your LAN. [Citation: http://www.eecs.berkeley.edu/~rcs/research/google-onrc-slide...]
The likelihood miles and miles of cabling, much of it presumably leased, will be compromised is nowhere near comparable to the likelihood a normal, single-location office/home ethernet LAN will be compromised. (And if you think both are easily compromised, that only adds to my original point.)
"much of it presumably leased,"
This is a very interesting assumption
http://www.howstuffworks.com/tech-myths/5-myths-about-google...
http://www.lightreading.com/document.asp?doc_id=633236
Fiber optic links are not so easily compromised. Not without service interruption, which will raise quite a few eyebrows.
8 replies →
Fwiw Micheal Crighton wrote about this ("piggyback slurp") in Congo:
http://goo.gl/KSf78p
Google doesn't actually own the underwater cables though. So isn't the analogy more like sending things through a LAN in a building that you're renting?
http://gigaom.com/2008/02/25/googlenet-update-google-buys-a-...
4 replies →
Do not trust that your internal networks are secure. Any links carrying business or customer data should be encrypted.
I remember over a decade ago talking with the security head of a university where I was working, about a new system design. I made some comment like "well this is all on the machine room network" and his response was "I wouldn't trust the machine room network." Pretty eye-opening since he was the person responsible for its security.
http://www.cs.uccs.edu/~xzhou/teaching/CS522/Projects/SIGCOM...
There's the actual paper google wrote. It's very good. OpenFlow is a terrific piece of technology.
Do they actually own and operate all of the wires between various datacenters? That sounds like a huge undertaking.
I doubt they own all of the links they use worldwide, but Google did go on a buying binge a few years ago, acquiring large amounts of "dark fiber". There's some discussion about that whole topic here:
http://www.howstuffworks.com/tech-myths/5-myths-about-google...
http://news.cnet.com/Google-wants-dark-fiber/2100-1034_3-553...
http://www.lightreading.com/document.asp?doc_id=633236
Assuming that the fiber end points only touch Google data centers, this would be ok, I guess.
inter-datacentre communication most likely happens on dedicated networks "outside" the internet