Securing RabbitMQ against abuse
45 views
Skip to first unread message
Norbert Egger
Feb 23, 2017, 7:08:54 AM2/23/17
to rabbitmq-users
Background informations:
We are currently developing an Android Smart Home application which communictes through a RabbitMQ server with a home gateway. This is an overview
We are currently thinking of an archticture like this:
- Ever Android App and every smart home gateway has its own Exchange. This exchange is secured with username and password.
Problems/Questions:
How would you define the architecture? We are currently thinking of:
- create one exchange for each smart home system
- secure this exchange with username password -> only the android app and the home gatway know the credentials
- use TLS
What do you think of this setup? Is it insecure? Are there any risk, that some one can snort username and passwort and our RabbitMQ Server is abused?
Looking forward to a good discussion,
best regards,
Norbert
Michael Klishin
Feb 23, 2017, 7:31:14 AM2/23/17
to rabbitm...@googlegroups.com, Norbert Egger
Exchanges cannot be secured with a password. Authentication happens when a client connects.
You could limit access to one exchange per publisher, however, see [1].
Depending how many home systems you are trying to support, possibly one vhost per
system could work but it's not common to see a cluster with, say, a million of vhosts
so we have little data to reason about what might begin to break in that scenario.
Using a proxy with a reasonable limit on the number of connections (it could also
perform TLS termination in case you don't plan to use x509 certificates for client authentication [2])
is a good idea.
Bogus or buggy clients can enqueue an unreasonable number of messages that consume resources.
Max queue length and/or message TTL can help with that [3].
3.7.0 has a couple of new features that allows you to limit the number of connections and queues per vhost
[4]. With 3.6.x the same can be done with an external app that collects metrics over HTTP API and closes
excessive connections/deletes queues.
1. http://rabbitmq.com/access-control.html
2. https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl
3. http://www.rabbitmq.com/ttl.html
4. https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_7_0_milestone13
On 23 February 2017 at 15:08:58, Norbert Egger (xne...@gmail.com) wrote:
> *Background informations:*
> You received this message because you are subscribed to the Google Groups "rabbitmq-users"
> group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
> To post to this group, send an email to rabbitm...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
You could limit access to one exchange per publisher, however, see [1].
Depending how many home systems you are trying to support, possibly one vhost per
system could work but it's not common to see a cluster with, say, a million of vhosts
so we have little data to reason about what might begin to break in that scenario.
Using a proxy with a reasonable limit on the number of connections (it could also
perform TLS termination in case you don't plan to use x509 certificates for client authentication [2])
is a good idea.
Bogus or buggy clients can enqueue an unreasonable number of messages that consume resources.
Max queue length and/or message TTL can help with that [3].
3.7.0 has a couple of new features that allows you to limit the number of connections and queues per vhost
[4]. With 3.6.x the same can be done with an external app that collects metrics over HTTP API and closes
excessive connections/deletes queues.
1. http://rabbitmq.com/access-control.html
2. https://github.com/rabbitmq/rabbitmq-auth-mechanism-ssl
3. http://www.rabbitmq.com/ttl.html
4. https://github.com/rabbitmq/rabbitmq-server/releases/tag/rabbitmq_v3_7_0_milestone13
On 23 February 2017 at 15:08:58, Norbert Egger (xne...@gmail.com) wrote:
> *Background informations:*
> We are currently developing an Android Smart Home application which
> communictes through a RabbitMQ server with a home gateway. This is an
> overview
>
>
>
>
>
>
> communictes through a RabbitMQ server with a home gateway. This is an
> overview
>
>
>
>
>
>
> We are currently thinking of an archticture like this:
> - Ever Android App and every smart home gateway has its own Exchange. This
> exchange is secured with username and password.
>
> *Problems/Questions:*
> - Ever Android App and every smart home gateway has its own Exchange. This
> exchange is secured with username and password.
>
> How would you define the architecture? We are currently thinking of:
> - create one exchange for each smart home system
> - secure this exchange with username password -> only the android app and
> the home gatway know the credentials
> - use TLS
>
> What do you think of this setup? Is it insecure? Are there any risk, that
> some one can snort username and passwort and our RabbitMQ Server is abused?
>
> Looking forward to a good discussion,
> best regards,
> Norbert
>
> --
> - create one exchange for each smart home system
> - secure this exchange with username password -> only the android app and
> the home gatway know the credentials
> - use TLS
>
> What do you think of this setup? Is it insecure? Are there any risk, that
> some one can snort username and passwort and our RabbitMQ Server is abused?
>
> Looking forward to a good discussion,
> best regards,
> Norbert
>
> You received this message because you are subscribed to the Google Groups "rabbitmq-users"
> group.
> To unsubscribe from this group and stop receiving emails from it, send an email to rabbitmq-user...@googlegroups.com.
> To post to this group, send an email to rabbitm...@googlegroups.com.
> For more options, visit https://groups.google.com/d/optout.
>
--
MK
Staff Software Engineer, Pivotal/RabbitMQ
Reply all
Reply to author
Forward
0 new messages