The goal is to keep an NFSv4 share secure under the following scenario-
(Sorry, I tried to post the image from the above AWS link but my reputation is not high enough).
My overall question is whether communication between instances in the public and private subnets needs to be encrypted for security.
I have the NFS server in the private subnet and it exports a folder to the web server (its IP address in the public subnet is specified in /etc/exports) in the public subnet. Both are within the VPC so their connections should be encrypted.
Is Kerberos (krb5p) necessary or overkill to secure the connection between these two instances in different subnets and prevent snooping?
And similarly, for a database server running PostgreSQL in the private subnet that connects to the webserver instance in the public subnet, would it be necessary or overkill to specify hostssl and md5 password authentication, given they are both within the VPC?
Aucun commentaire:
Enregistrer un commentaire