Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 1 Application Level Gateway Securing services using.

Slides:

Advertisements

Similar presentations

Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.

Advertisements

Network Security Essentials Chapter 11

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

FIREWALLS Chapter 11.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

GridFTP: File Transfer Protocol in Grid Computing Networks

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Security Firewall Firewall design principle. Firewall Characteristics.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Firewall Configuration Strategies

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

4b.1 Grid Computing Software Components of Globus 4.0 ITCS 4010 Grid Computing, 2005, UNC-Charlotte, B. Wilkinson, slides 4b.

Java Server Team 8. Overview What is a Java Server? History Architecture Advantages Disadvantages Current Technologies Conclusion.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Globus Computing Infrustructure Software Globus Toolkit 11-2.

Computer Networks IGCSE ICT Section 4.

Web-based Portal for Discovery, Retrieval and Visualization of Earth Science Datasets in Grid Environment Zhenping (Jane) Liu.

1 Enabling Secure Internet Access with ISA Server.

Firewalls Marin Stamov. Introduction Technological barrier designed to prevent unauthorized or unwanted communications between computer networks or hosts.

FIREWALL TECHNOLOGIES Tahani al jehani. Firewall benefits  A firewall functions as a choke point – all traffic in and out must pass through this single.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

1 Kyung Hee University Prof. Choong Seon HONG Network Control.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Intranet, Extranet, Firewall. Intranet and Extranet.

1 3 Web Proxies Web Protocols and Practice. 2 Topics Web Protocols and Practice WEB PROXIES  Web Proxy Definition  Three of the Most Common Intermediaries.

Chapter 6: Packet Filtering

Data Management Kelly Clynes Caitlin Minteer. Agenda Globus Toolkit Basic Data Management Systems Overview of Data Management Data Movement Grid FTP Reliable.

Dynamic Firewalls and Service Deployment Models for Grid Environments Gian Luca Volpato, Christian Grimm RRZN – Leibniz Universität Hannover Cracow Grid.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

Presented by Xiaoyu Qin Virtualized Access Control & Firewall Virtualization.

CoG Kit Overview Gregor von Laszewski Keith Jackson.

GT Components. Globus Toolkit A “toolkit” of services and packages for creating the basic grid computing infrastructure Higher level tools added to this.

P RESENTED B Y - Subhomita Gupta Roll no: 10 T OPICS TO BE DISCUSS ARE : Introduction to Firewalls  History Working of Firewalls Needs Advantages and.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Patterns for Application Firewalls Eduardo B. Fernandez Nelly A. Delessy Gassant.

Reliable Data Movement using Globus GridFTP and RFT: New Developments in 2008 John Bresnahan Michael Link Raj Kettimuthu Argonne National Laboratory and.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

PRESENTED BY P. PRAVEEN Roll No: 1009 – 11 – NETWORK SECURITY M.C.A III Year II Sem.

CYBERINFRASTRUCTURE FOR THE GEOSCIENCES Data Replication Service Sandeep Chandra GEON Systems Group San Diego Supercomputer Center.

Fundamentals of Proxying. Proxy Server Fundamentals  Proxy simply means acting on someone other’s behalf  A Proxy acts on behalf of the client or user.

Network Security. 2 SECURITY REQUIREMENTS Privacy (Confidentiality) Data only be accessible by authorized parties Authenticity A host or service be able.

© 2006 Cisco Systems, Inc. All rights reserved. Cisco IOS Threat Defense Features.

Communicating Security Assertions over the GridFTP Control Channel Rajkumar Kettimuthu 1,2, Liu Wantao 3,4, Frank Siebenlist 1,2 and Ian Foster 1,2,3 1.

Ames Research CenterDivision 1 Information Power Grid (IPG) Overview Anthony Lisotta Computer Sciences Corporation NASA Ames May 2,

Holding slide prior to starting show. A Portlet Interface for Computational Electromagnetics on the Grid Maria Lin and David Walker Cardiff University.

Steering and Interactive Visualization on the Grid Using the UNICORE Grid Middleware K. Benedyczak 1,2, A. Nowiński 1, K.S. Nowiński 1, P. Bała 1,2 (1)ICM,

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

Cole David Ronnie Julio. Introduction Globus is A community of users and developers who collaborate on the use and development of open source software,

Introduction to Grids By: Fetahi Z. Wuhib [CSD2004-Team19]

SOAP-based Web Services Telerik Software Academy Software Quality Assurance.

 Cachet Technologies 1998 Cachet Technologies Technology Overview February 1998.

1 Firewalls - Introduction l What is a firewall? –Firewalls are frequently thought of as a very complex system that is some sort of magical, mystical..

Overview on Web Caching COSC 513 Class Presentation Instructor: Prof. M. Anvari Student name: Wei Wei ID:

DataGrid is a project funded by the European Commission EDG Conference, Heidelberg, Sep 26 – Oct under contract IST OGSI and GT3 Initial.

Regan Little. Definition Methods of Screening Types of Firewall Network-Level Firewalls Circuit-Level Firewalls Application-Level Firewalls Stateful Multi-Level.

A System for Monitoring and Management of Computational Grids Warren Smith Computer Sciences Corporation NASA Ames Research Center.

Working at a Small-to-Medium Business or ISP – Chapter 8

CONNECTING TO THE INTERNET

Computer Data Security & Privacy

Prepared By : Pina Chhatrala

Securing the Network Perimeter with ISA 2004

Introduction to Networking

Lecture # 7 Firewalls الجدر النارية. Lecture # 7 Firewalls الجدر النارية.

WEB SERVICES DAVIDE ZERBINO.

Presentation transcript:

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 1 Application Level Gateway Securing services using a Proxy Thijs Metsch (German Aerospace Center – DLR e.V.) OGF19, , FI-RG Meeting

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 2 Outline Structure of the presentation ALG Design of an ALG Usage of the ALG Demonstration Introduction Security concepts Look-out Classification Conclusions Questions (RFT)

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 3 Security concepts Idea and strategy Federal Office for Information Security (BSI)(BSI) suggests a packet filter – Application-Level-Gateway (ALG) – packet filer (PAP) concept A ALG (or proxy) prevents direct communication between the partners. But he accepts requests and forwards them to the destination Possible to control the direction of data flow

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 4 Packet filter Application Level Gateways / Proxy Advantages for this concept Forms a basis for a high security level Simple to extends with e.g. IDS, virus scanners Usage of security issues on servers can be prevented Security concepts (2) Duties of the components Traffic Management Load balancing Primary filter Logging Validation of traffic Accounting Support for Non blocking buffered I/O

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 5 Application Level Gateway Design for a Web Service Proxy Framework Validation & Mapping Unit GRAM Support RFT Support Own Services User authentication Consumer Listener Fetcher Supplier Cache Sender Polling Bidirectional communication … …

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 6 Realization Advantages of plug-in based design Create a Proxy which understands SOAP and supports Web- and Grid services. Technical details Decision based upon information in SOAP messages Validation in specialized plug-ins (e.g. with help of a schema) Load balancing by coupling of several proxies Advantages of a plug-in based design Easy to extend Simple integration of (new) communication protocols Support for in-house developed services.

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 7 Usage of the ALG Solutions for several strategies Using an ALG as Web Service Proxy Authentication of users with the help of GSI No knowledge about what is actually going on Validation of all actions taken by users Knowledge about all operations can be gained (Accounting, Logging) Increases latency Usage as a “firewall opener” Support for non-blocking buffered I/O (RFT/GridFTP) Can become complicated Usage is based upon desired security level

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 8 Job Demo ALG in use Globus Container ALGCog Desktop Demo

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 9 Submitted directly to globus container Submitted through an ALG Submitted directly to globus container

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 10 Classification of the ALG Advantages and disadvantages Advantages Less LOC in ALG means less bugs Filter and delete content in requests Force early and strong authentication Logging and Accounting Block some attacks (with help of an IDS) No modification of client and servers Disadvantages Complexity in configuration and maintenance of the ALG Downsizes maximal throughput Higher latencies Still an ALG would one be a part of a security concept

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 11 Conclusions Current status and future work Proven remedy (e.g. in IBM Websphere Web Service Gateway, Xtradyne WS-DBC, Visonys Airlock or other HTTP/ Proxies) Usage of modern technologies Java and Axis (Which means support for Tomcat and Globus Toolkit) Available for OGSA/WSRF-based Grids Prototype has been implemented Future work Support of virtual organizations Integration of firewall hardware (for port opening) Integration of IDS, VPN-Tunnels and Virus scanners

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 12 Questions & Suggestions? Further references „Globus Toolkit Version 4: Software for Service- Orientated Systems“, Ian Foster „Globus Firewall Requirements“, Von Welch „Firewall Issues Overview“, Open Grid Forum „Konzeption von Sicherheitsgateways“, Bundesamt für Sicherheit in der Informationstechnik “Simple Object Access Protocol”, W3 Konsortium

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > Slide 13 Support for RFT (Reliable File Transfer) ALG as an firewall opener 1. Detect an RFT request with the help of the SOAP message 2. Handoff to a RFT plug-in for further validation 3. Open firewall for participants 4. or alter request; start own gridFTP server; act as cache Mapping Module RFT Plug-In validate XML Schema 1 2 3