Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC NC 2004 10 August 2004.

Slides:



Advertisements
Similar presentations
Wei Lu 1, Kate Keahey 2, Tim Freeman 2, Frank Siebenlist 2 1 Indiana University, 2 Argonne National Lab
Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
GT 4 Security Goals & Plans Sam Meder
Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.
INADEQUATE SECURITY POLICIES Each covered entity and business associate must have written polices that cover all the Required and Addressable HIPAA standards.
Security by Design A Prequel for COMPSCI 702. Perspective “Any fool can know. The point is to understand.” - Albert Einstein “Sometimes it's not enough.
Chapter 19: Network Management Business Data Communications, 5e.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
NERC Security Requirements – What Vendors Should Provide James W. Sample, CISSP, CISM Manager of Information Security California ISO.
Science Gateway Security Recommendations Jim Basney Von Welch This material is based upon work supported by the.
2 Issues of the information age Computer _______ and mistakes –Preventing computer related waste & mistakes Computer crime –Computer as tool to commit.
Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
Environmental Council of States Network Authentication and Authorization Services The Shared Security Component February 28, 2005.
1 ITC242 – Introduction to Data Communications Week 12 Topic 18 Chapter 19 Network Management.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
CAMP Med Mapping HIPAA to the Middleware Layer Sandra Senti Biological Sciences Division University of Chicago C opyright Sandra Senti,
Alter – Information Systems 4th ed. © 2002 Prentice Hall 1 E-Business Security.
VMs at a Tier-1 site EGEE’09, Sander Klous, Nikhef.
No one questions that Microsoft can write great software. Customers want to know if we can be innovative, scalable, reliable in the cloud. (1996) 450M+
Information Security Technological Security Implementation and Privacy Protection.
Middleware challenges to service providers, the Nordic view TERENA, Ingrid Melve, UNINETT.
BUSINESS B1 Information Security.
1 Multi Cloud Navid Pustchi April 25, 2014 World-Leading Research with Real-World Impact!
SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Proposed Rule: Security and Electronic Signature Standards.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.
Figures – Chapter 14. Figure 14.1 System layers where security may be compromised.
GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center
1 Smart Grid Cyber Security Annabelle Lee Senior Cyber Security Strategist Computer Security Division National Institute of Standards and Technology June.
March 27, 2006TAGPMA - Rio de Janeiro1 Short Lived Credential Services Profile Tony J. Genovese The Americas Grid PMA DOEGridsATF/ESnet/LBNL.
Network Security. Need for security  Connecting to the Internet is quickly becoming a necessity for companies/ individuals  Understand the security.
Project co-funded by the European Commission within the 7th Framework Program (Grant Agreement No ) Business Convergence WS#2 Smart Grid Technologies.
Integrated Factory Acceptance Test (IFAT) as Security Best Practice 10/27/2015FoxGuard Solutions1 Larry Alls, Security Engineering Manager FoxGuard Solutions.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Dropbox security glitch CASE STUDY Lewis Scaife SYSM 6309 Advanced Requirements Engineering Summer 2013 Professor – Dr. Lawrence Chung.
National Computational Science National Center for Supercomputing Applications National Computational Science Credential Management in the Grid Security.
The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.
Security, Accounting, and Assurance Mahdi N. Bojnordi 2004
IT Security. What is Information Security? Information security describes efforts to protect computer and non computer equipment, facilities, data, and.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
1 AHM, 2–4 Sept 2003 e-Science Centre GRID Authorization Framework for CCLRC Data Portal Ananta Manandhar.
Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
E-Commerce E-Commerce Security?? Instructor: Safaa S.Y. Dalloul E-Business Level Try to be the Best.
Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VOMS Proxy Lifetime UCB 21 Aug 2012 David Kelsey STFC.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Security Bob Cowles
Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.
Information Management System Ali Saeed Khan 29 th April, 2016.
OSG Security Review Mine Altunay March 12, Jan Security Overview Current Initiatives  OSG Security roadmap  Technical and operational.
Bob Jones EGEE Technical Director
Grid Computing Security Mechanisms: the state-of-the-art
Team 1 – Incident Response
Critical Security Controls
Open Science Grid Consortium Meeting
LCG Security Status and Issues
Incident Response Plan for the Open Science Grid
Security for Open Science
The New Virtual Organization Membership Service (VOMS)
How to Mitigate the Consequences What are the Countermeasures?
ONLINE SECURE DATA SERVICE
PLANNING A SECURE BASELINE INSTALLATION
WS Standards – WS-* Specifications
Most Valid And Authentic Microsoft (AZURE) AZ-203 Dumps Pdf
Microsoft (AZURE) AZ-301 Dumps Pdf
Presentation transcript:

Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC NC August 2004

NC Secure Grid Services Major changes required that have an impact on: –Researchers –Application Developers –Research Organizations –Sites Proposal

10 August 2004NC Researchers Identification Authentication Authorization

10 August 2004NC Identification Registration process collects personal information Privacy concerns Responsible site personnel must have ability to quickly contact DOE paranoia about Foreign Nationals

10 August 2004NC Authentication “Standard” use of certificates is insufficient Must incorporate other forms of AuthN –Credential Repositories KCA MyProxy –Variety of one time password tokens –Smart cards How to quantify trust in a federated AuthN environment?

10 August 2004NC Authorization AuthZ got the hard issues from AuthN Must keep initial implementation SIMPLE –Typically jobs disappear or fail with misleading error messages –Require patience and calm problem reporting to resolve the issues Heterogeneous resources present a challenge for specifying job requirements Consider boiling water in Peru

10 August 2004NC Application Developers Applications with inflexible req’ts will find fewer host sites (think like a virus writer) Early design to resolve security concerns can greatly improve application portability Logging in a standard form essential for debugging and incident response Robust - recovery from temporary outages (allowing security upgrades)

10 August 2004NC Application Developers (2) Secure programming design and practices (consider boiling water in Peru) –Check all input for validity and verify environment is as expected and minimize requirements for privileges –React quickly to investigate, patch and deploy when security problems are found during both development and production phases “when” they are found, not “if” –Design for re-AuthN and re-AuthZ to protect users

10 August 2004NC Research Organizations Must maintain AuthN information in a secure, reliable form, responsive to concerns for privacy vs. need for rapid contact in cases of misuse Must develop and maintain AuthZ policies in a secure, reliable and auditable form Logs must be generated and securely stored to allow auditing of past AuthN and AuthZ decisions

10 August 2004NC Sites Must monitor resources to detect and report anomalous or suspected misuse Maintain infrastructure by mitigating or rapidly applying security patches Immediately isolate compromised machines, resources or services Cooperate with other sites and participate actively in incident investigation

10 August 2004NC Proposal Concentrate on Grid as providing a virtual facility –Research Organizations use services already in place and provided by the facility for AuthN, AuthZ and logging select from a menu of policies –Sites draw on facility resources and expertise for incident detection and response facility provides incident coordination

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.