By Les Cottrell for UltraLight meeting, Caltech October 2005

Slides:

Advertisements

Similar presentations

NIMAC 2.0: The Accessible Media Producer Portal NIMAC 2.0 for AMPs.

Advertisements

Ethics Ethics are the rules of personal behavior and conduct established by a social group for those existing within the established framework of the social.

Configuring Windows Vista Security Lesson 8. Skills Matrix Technology SkillObjective DomainObjective # Setting Up Users Configure and troubleshoot parental.

Novell from Home Net Storage. Novell access via NetStorage 1-Web Interface Connect to your shared drive through your web browser Windows, Mac or Linux.

1 SLAC Site Report By Les Cottrell for UltraLight meeting, Caltech October 2005.

C. Edward Chow Presented by Mousa Alhazzazi C. Edward Chow Presented by Mousa Alhazzazi Design Principles for Secure.

Fermilab VPN Service What is a VPN ?.

Create New Account. Use of the Winland EnviroAlert EA800-ip requires an account for remote access to: –View real-time sensor data –Modify setting configurations.

Securing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

BIF713 Operating Systems & Project Management Instructor: Murray Saul

Computing services for the Traveling Physicist Alberto Pace CERN – Information Technology Division.

Logging onto the Computer for the first time And Signing the Acceptable Use Policy (AUP) for Using the Internet.

Staying Safe Online Keep your Information Secure.

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Network Operating Systems versus Operating Systems Computer Networks.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

Downloading and Installing Autodesk Revit 2016

Downloading and Installing Autodesk Inventor Professional 2015 This is a 4 step process 1.Register with the Autodesk Student Community 2.Downloading the.

Terri Lahey Control System Cyber-Security Workshop October 14, SLAC Controls Security Overview Introduction SLAC has multiple.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Agenda Steps to Obtain your Phobos and Matrix Accounts. How to use a Telnet Application to Access your Phobos and Matrix Accounts How to Create an Effective.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.

Fall 2011 Nassau Community College ITE153 – Operating Systems Session 21 Administering User Accounts and Groups 1.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.

Group Policy for Laptops and Printers. Order of Operations Computer Policies Things that apply to the hardware or all users Firewall Settings Disable.

| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.

1 ESnet VPN Survey Nov 2011 R. Les Cottrell & Guillaume Cessieux SLAC, Presented at the ESCC meeting, Baton Rouge, Jan 2012.

Privacy & Confidentiality in Internet Research Jeffrey M. Cohen, Ph.D. Associate Dean, Responsible Conduct of Research Weill Medical College of Cornell.

Facebook for Beginners One Session Class. What will you learn today? What can you do on Facebook? Creating a profile Privacy Connecting with friends Sending.

Family Connection Collaborative Webs A Tool for Creating and Managing Web sites.

Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.

Gaggle Mail Supervised student Data transfer from home  school.

Designed By: Jennifer Gohn.  “Getting people to do things they wouldn’t ordinarily do for a stranger” –Kevin Mitnick  There are several different.

By: Alina. If I’m signing up for a job the people who might hire me have to search on the internet if I’m mature or capable of having a job because if.

CACI Proprietary Information | Date 1 PD² v4.2 Increment 2 SR13 and FPDS Engine v3.5 Database Upgrade Name: Semarria Rosemond Title: Systems Analyst, Lead.

Internet Basics 10/23/2012. What is the Internet? It’s a world-wide network of computer networks. It grows hourly and involves national governments, communities,

Lesson 13 PROTECTING AND SHARING DOCUMENTS

Internet Acceptable Use Policy

Virtual Machine and VirtualBox

Backing Up Your System With rsnapshot

How To Be Safe On The Internet

NTP, Syslog & Secure Shell

Creating an Account on Wikieducator

Student Monmouth College

Raspberry Pi in Headless Operation

Home Computer Security

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

Lab 1 introduction, debrief

Lab 10 Overview DNS.

Lesson 13 PROTECTING AND SHARING DOCUMENTS

1. Press the Power button or switch to flip on the printer, if it is turn off. 2. From the Home display screen on the product control panel, click the.

Installing the HP LaserJet Pro 500 color MFP M570 printer software in Windows on a Wireless Network & Wired Network.

Providing Network Services

Information Security Awareness 101

INSTALLING AND SETTING UP APACHE2 IN A LINUX ENVIRONMENT

Chapter 27: System Security

Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH

OPS235: Week 1 Installing Linux ( Lab1: Investigations 1-4)

Student Experience It’s your education.

Virtual Machine and VirtualBox

Logging into the linux machines

16. Account Monitoring and Control

Unit 32 Every class minute counts! 2 assignments 3 tasks/assignment

Designing IIS Security (IIS – Internet Information Service)

6. Application Software Security

Digital Footprint By: Jamie Purdy.

Presentation transcript:

By Les Cottrell for UltraLight meeting, Caltech October 2005 UL Group Accounts etc. By Les Cottrell for UltraLight meeting, Caltech October 2005

Concern If UL host compromised With a 10Gbits/s access it is potentially a great Denial of Service engine Bad press General embarrassment, funding agencies upset Knee-jerk reaction from upper management to impose severe restrictions

Concern Group accounts such as uldemo: Ssh can help but: Eliminates accountability of WHO did something Hard to manage account: Tracking who has access to account Require renewal after reasonable interval Disable compromised account (granularity of disable, number of people who have to be notified) Don’t know who or how to contact someone in case of problem Password changing (at mercy of least diligent person) Ssh can help but: If private key obtained, Owner may not know Owner does not know where the associated public key has been installed

SLAC requirement No group accounts available for logon Each account is associated with an individual Each individual must sign an Appropriate Use Policy (AUP) document: www2.slac.stanford.edu/comp/slacwide/account/declare.html For UL can FAX to 1-650-926-3329 attention of Yee-Ting Li ytl@slac.stanford.edu Will file for later reference Will set up local account on UL host With public key (no password) Moves need for password management to home sites No need to create and remember yet another password Should be quick turn-around

UL Config at SNV Current Linux, run “up2date” Default path via 10Mbits/s so mistakes are minimized All services are “off” (i.e. daemons are not running), except ssh Only individual accounts for registered people Root access only by sudo and only for preferred people Hosts are registered in UL DNS, do NOT have SLAC in name, are NOT in SLAC IP address space Hard for journalist to associate host with SLAC

Other Issues I suspect other sites such as BNL and FNAL may have similar issues Should the 10Gbits/s links have connectivity to Internet at large, or be limited to UL sites? Should UL node addresses be on web? What happens when a user leaves UltraLight Do we require accounts to be renewed? Should we set up a Virtual Organization for UltraLight with its own AUP and Security plan? The other sites (e.g. Labs) can decide whether to accept the UL AUP if so may simplify setting up accounts But a lot of work to set up and get agreement, maybe use an existing AUP