[Info-vax] How would you load balance excess webserver traffic between multiple OpenVMS servers?

Dave Froble davef at tsoft-inc.com
Tue Jan 12 20:20:36 EST 2021 

On 1/12/2021 4:49 PM, ultr... at gmail.com wrote:

> actually this is for a medium sized company who just got hit with a ransomware attack.

Anyone hit by ransomware probably deserves it.  I don't blame the 
hackers, I blame the "bank that stores it's cash on the front sidewalk".

> They are tired of the hacks and expense
> of trying to defeat this crap.

That is the only thing that could have a chance of stopping the hacking. 
  Try for some reasonable security, rather than "everyone else does it".

> I know someone who is high up there and told him I may be able to design an OpenVMS solution to
> eliminate ransomware and malware attacks.

Well, maybe.  It will depend upon lots of things.  Right now I doubt any 
of the hacker's tools would do much on VMS, but, as Simon warns, there 
is no reason they could not be designed to do so.

> They want to move their webserver in house to avoid shutdowns that Amazon and others are threatening.

Getting a hold on one's own data and apps is always a good first step.

> My idea was to set up and Apache or WASD webserver since Purveyor is no longer functioning on the front end

I'd suggest WASD, however, I know little about setting up a web server.

> and using a decnet over IP
> connection over an SSH tunnel

Forget DECnet.  TCP/IP will do the job, if used properly.  Avoid all the 
"middleware" and work at the bottom, using sockets.  The hackers will be 
familiar with much of the middleware.  If you carefully design 
communication protocols that are unknown to the hackers, that is a big 
first step.  Apps must be able to vet communications, and reject 
anything other than what's expected, before letting any work be done on 
the messages.

> connect to a back end server running RDB or some DB and to also send those web requests to the BE
> OpenVMS server via the decnet  over IP encrypted connection using Snergy DBL to process them for speed and security. Also I was going
> to cluster the two systems together over the decnet over IP tunnel since the two boxes would reside in two different buildings right next
> to each other so if one building burned the other would failover. This would be relatively cheap and secure solution eliminating ransomware and
> malware attacks while providing 24/7 uptime I thought - until Hoffman just telling me it will not work.

The wizard is not all powerful ..

:-)

> So I guess OpenVMS can't stop ransomware attacks either?

I doubt current tools used for ransomware would work on VMS.  That's a 
good beginning.

For ransomware to work, it must be able to access and update your data. 
That's non-trivial, unless one uses tools that easily such.  Don't use 
such tools.  Don't allow easy access to the data.  Backups to 
non-rewritable storage and tightly controlled would allow quick recovery.

Lots of possibilities.  But not when you store your cash on the front 
sidewalk.  Security by obscurity is one of the best types of security. 
Security by the opposition not even knowing the data exists is even better.

But, there is no such thing as absolute security.

-- 
David Froble                       Tel: 724-529-0450
Dave Froble Enterprises, Inc.      E-Mail: davef at tsoft-inc.com
DFE Ultralights, Inc.
170 Grimplin Road
Vanderbilt, PA  15486

More information about the Info-vax mailing list