Security Bob Cowles

Slides:

Advertisements

Similar presentations

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks MyProxy and EGEE Ludek Matyska and Daniel.

Advertisements

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Policy Based Dynamic Negotiation for Grid Services Authorization Infolunch, L3S Research Center Hannover, 29 th Jun Ionut Constandache Daniel Olmedilla.

Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

AUP Acceptable Use Policy Summarized by Mr. Kirsch from the Sioux Falls School District Technology Plan.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

Acceptable Use Policy (or Fair Use): For Users of Computers and other technology.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI GGUS user authentication Tiziana Ferrari/EGI.eu Peter Solagna/EGI.eu

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.

Security Controls – What Works

INFSO-RI Enabling Grids for E-sciencE JRA3 2 nd EU Review Input David Groep NIKHEF.

Dorian Grid Identity Management and Federation Dialogue Workshop II Edinburgh, Scotland February 9-10, 2006 Stephen Langella Department.

1 REUNA Certificate Authority Juan Carlos Martínez REUNA Chile Rio de Janeiro,27/03/2006, F2F meeting, TAGPMA.

Information Resources and Communications University of California, Office of the President Current Identity Management Initiatives at UC & Beyond: UCTrust.

Using Digital Credentials On The World-Wide Web M. Winslett.

Information Resources and Communications University of California, Office of the President UCTrust Implementation Experiences David Walker, UCOP Albert.

Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.

\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ WHEN TITLE IS NOT A QUESTION N O ‘WE CAN’ Identity and Privacy: the.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

General Awareness Training Security Awareness Module 3 Take Action! Where To Go for Help.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Jenkins Independent Schools NETWORK STAFF USER CONTRACT Acceptable Use Policy 2007 – 2008.

March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

Simplify TeleHealth - Copyright 2012 Emerge.MD inc - Confidential Single Sign On via Active Directory Federation Services 4.6 Release (March 2014) Updates.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

AAI WG EMI Christoph Witzig on behalf of EMI AAI WG.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and OSG: Common Security Policies? OSG.

1 Protection and Security: Shibboleth. 2 Outline What is the problem Shibboleth is trying to solve? What are the key concepts? How does the Shibboleth.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

ESnet RAF and eduroam ™ Tony J. Genovese ATF Team ESnet/Lawrence Berkeley National Laboratory.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

Leveraging the InCommon Federation to access the NSF TeraGrid Jim Basney Senior Research Scientist National Center for Supercomputing Applications University.

Authorisation, Authentication and Security Guy Warner NeSC Training Team Induction to Grid Computing and the EGEE Project, Vilnius,

Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.

Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005

NECTEC-GOC CA The 3 rd APGrid PMA face-to-face meeting. June, Suriya U-ruekolan National Electronics and Computer Technology Center, Thailand.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.

June 6, 2006OSG - Draft VO AUP1 Open Science Grid Trust as a Foundation June 6, 2006 Keith Chadwick.

EGI-InSPIRE RI EGI EGI-InSPIRE RI Establishing Identity in EGI the authentication trust fabric of the IGTF and EUGridPMA.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and JSPG activities David Kelsey CCLRC/RAL.

VOMS Attribute Authorities Michael Helm ESnet/LBNL 23 Feb 2007.

JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.

Rights Management for Shared Collections Storage Resource Broker Reagan W. Moore

4.1 © 2004 Pearson Education, Inc. Exam Managing and Maintaining a Microsoft® Windows® Server 2003 Environment Lesson 12: Implementing Security.

Policies and Security for Internet Access

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

SEE-GRID The SEE-GRID initiative is co-funded by the European Commission under the FP6 Research Infrastructures contract no SEE-GRID.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.

Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC NC August 2004.

New OSG Virtual Organization Security Training OSG Security Team.

Community Sign-On and BEN. Table of Contents  What is community sign-on?  Benefits  How it works (Shibboleth)  Shibboleth components  CSO workflow.

Grid Security Atlas Tier 2 Meeting Bob Cowles August 18, 2006 Work supported by U. S. Department of Energy contract DE-AC03-76SF00515.

POLICIES & PROCEDURES FOR HANDLING CONFIDENTIAL INFORMATION NOVEMBER 5 TH 2015.

Nassau Association of School Technologists

Open Science Grid Consortium Meeting

LCG Security Status and Issues

THE 13TH NATIONAL HIPAA SUMMIT HEALTH INFORMATION PRIVACY & SECURITY IN SHARED HEALTH RECORD SYSTEMS SEPTEMBER 26, 2006 Paul T. Smith, Esq. Partner,

AUP, EDP, & Centralized Printing

Presentation transcript:

Security Bob Cowles

User AUP 1. You shall only use the GRID to perform work, or transmit or store data consistent with the stated goals and policies of the VO of which you are a member and in compliance with these conditions of use. 2. You shall not use the GRID for any unlawful purpose and not (attempt to) breach or circumvent any GRID administrative or security controls. You shall respect copyright and confidentiality agreements and protect your GRID credentials (e.g. private keys, passwords), sensitive data and files. 3. You shall immediately report any known or suspected security breach or misuse of the GRID or GRID credentials to the incident reporting locations specified by the VO and to the relevant credential issuing authorities. 4. Use of the GRID is at your own risk. There is no guarantee that the GRID will be available at any time or that it will suit any purpose. 5. Logged information, including information provided by you for registration purposes, shall be used for administrative, operational, accounting, monitoring and security purposes only. This information may be disclosed to other organizations anywhere in the world for these purposes. Although efforts are made to maintain confidentiality, no guarantees are given. 6. The Resource Providers, the VOs and the GRID operators are entitled to regulate and terminate access for administrative, operational and security purposes and you shall immediately comply with their instructions. 7. You are liable for the consequences of any violation by you of these conditions of use.

VO Requirements Define purpose Provide security incident contact address curity_Policy.pdfhttps://edms.cern.ch/file/573348/6/VO_Se curity_Policy.pdf

Site Requirements What are site responsibilities? –General –Security –Appropriate use for VO

Incident Response Communications – signed? encrypted? –IRC / IM Interface w/ other grids Need tests (certification & periodic) –resources organize, perform, evaluate

Vulnerabilities Identification of vulnerabilities Communication with –developers –“public” Scoring of importance (CVSS?)

IGTF International Grid Trust Federation –APGridPMA –EUGridPMS –TAGPMA Developing Authentication Profiles

Identity Proofing Issue Grid Certificate based on Shibboleth identification

VOMS & Attrib Certs Stability & compatibility across releases Problem reporting Requirements & prioritization Attrib cert contents and use

Certificate Renewal Mechanisms Necessary? OCSP instead?

VO Box VO Specific servers

OCSP

Authorization Structure Policy & Standardization (GGF16) –AuthZ/Policy requirements followed by a "panel" discussing the way forward and conclusions –Encourage and facilitate interoperability between Grid operational infrastructures – andhttp:// –

Classic Certification

Short Lived Credential Services

Other AuthN/AuthZ Systems GridSHIB Wireless in Universities