Ir al contenidoIr a la navegación de la página: página anterior [tecla de acceso p]/página siguiente [tecla de acceso n]
documentation.suse.com / Documentación de SUSE Enterprise Storage 7 / Security Hardening Guide / Hardening meassures / Prevent Denial Of Service (DoS)
Se aplica a SUSE Enterprise Storage 7

5 Prevent Denial Of Service (DoS)

The most important piece in preventing Denial Of Service (DoS) is to put proper quotas on users and groups to ensure that clients can not exhaust resources easily. While this is not the only way a client can impact your cluster, it's the easiest one and also can happen by accident. For details on how to setup quotas please refer to Sección 23.6, “Configuración de cuotas de CephFS” and Sección 21.5.2.4, “Habilitación de la gestión de cuotas de usuario”.

Importante
Importante

Be aware that CephFS quotas are enforced client side, so a malicious client can ignore them and exceed the limitations. If this is a concern in your environment, do not use CephFS.

To set the quotas conviniently you can use the Ceph Dashboard.

Quotas in the dashboard
Figura 5.1: Quotas in the dashboard

Current Ceph versions do not offer advanced ways of preventing malicious clients from attacking the availability of the cluster (for exmaple, with many open connections). To ensure you notice an attack or a misconfiguration, you need to setup proper monitoring that will alert you if the cluster gets into a problematic state so you can investigate and if necessary act.