NASA PKI for PKI FORUM Presenters: Paul Ma, NASA-Ames Research Center

Slides:

Advertisements

Similar presentations

Experiences with Massive PKI Deployment and Usage Daniel Kouřil, Michal Procházka Masaryk University & CESNET Security and Protection of Information 2009.

Advertisements

Copyright © 2012 AirWatch, LLC. All rights reserved. Proprietary & Confidential. Mobile Content Strategies and Deployment Best Practices.

© Southampton City Council Sean Dawtry – Southampton City Council The Southampton Pathfinder for Smart Cards in public services.

15June’061 NASA’s PKI Migration to Treasury 13th Fed-Ed Meeting 15 June ‘06 Presenter: Tice DeYoung.

Deploying and Managing Active Directory Certificate Services

Certification Authority. Overview  Identifying CA Hierarchy Design Requirements  Common CA Hierarchy Designs  Documenting Legal Requirements  Analyzing.

CREN-Mellon conference, December 1, 2001 University of Texas PKI Status.

2013 NASA Safety and OH Directors’ Meeting Kennedy Space Center, FL 2013 NASA Safety and OH Directors’ Meeting Kennedy Space Center, FL “Moving Forward.

Public Key Infrastructure Ben Sangster February 23, 2006.

DESIGNING A PUBLIC KEY INFRASTRUCTURE

Security Controls – What Works

Information Security Policies and Standards

Understanding Active Directory

Chapter 11: Active Directory Certificate Services

ITS Offsite Workshop 2002 PolyU IT Security Policy PolyU IT/Computer Systems Security Policy (SSP) By Ken Chung Senior Computing Officer Information Technology.

CN1276 Server Kemtis Kunanuraksapong MSIS with Distinction MCTS, MCDST, MCP, A+

Data Security in Local Networks using Distributed Firewalls

NASA Office of Education Competitive Funding Opportunities Joeletta Patrick Minority University Research and Education Project.

Stephen S. Yau CSE , Fall Security Strategies.

Information Resources Directorate Small Business Opportunities Jon S. Symes Assistant to the Director IRD/CIO September 8, 2011.

Christopher Chapman | MCT Content PM, Microsoft Learning, PDG Planning, Microsoft.

Public Key Infrastructure from the Most Trusted Name in e-Security.

Information and Communication Technologies in the field of general education in Armenia NATIONAL CENTER OF EDUCATIONAL TECHNOLOGIES.

AGILECO - Project Looking Glass Team 3 – Final Presentation Presenters: - Chris Dornin - Meghan Porter-Mahoney - Laura Zachary - Aaron Marsh.

Security Guide for Interconnecting Information Technology Systems

Wolfgang Schneider NSI: A Client-Server-Model for PKI Services.

Deploying a Certification Authority for Networks Security Prof. Dr. VICTOR-VALERIU PATRICIU Cdor.Prof. Dr. AUREL SERB Computer Engineering Department Military.

Best Practices in Deploying a PKI Solution BIEN Nguyen Thanh Product Consultant – M.Tech Vietnam

NASA Educational Workshops (NEW) National Aeronautics and Space Administration.

Have a Seat with ODIN DOCOTRs NASA IT Summit

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Agency Master Planning 50 th R. H. Goddard Memorial Symposium Dreams and Possibilities: Planning for the Achievable Calvin Williams Acting Director, Technical.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Page 1 April 1, 2003 Langley Research Center Contractor Forum_040103_Final.ppt LaRC Core Financial Project Contractor Forum Yvonne Dellapenta LaRC Core.

Configuring Directory Certificate Services Lesson 13.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

Information Assurance Policy Tim Shimeall

Module 9: Fundamentals of Securing Network Communication.

Secure Messaging Workshop The Open Group Messaging Forum February 6, 2003.

1 Introduction to Microsoft Windows 2000 Windows 2000 Overview Windows 2000 Architecture Overview Windows 2000 Directory Services Overview Logging On to.

PKI Forum Business Panel March 6, 2000 Dr. Ray Wagner Sr. Director, Technology Research.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

Maintaining Network Health. Active Directory Certificate Services Public Key Infrastructure (PKI) Provides assurance that you are communicating with the.

CSI-MAXIMUS, Inc CSI Comprehensive Service & Support Implementing the CSI Way.

Module 9: Designing Public Key Infrastructure in Windows Server 2008.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

By Umair Ali. Dec 2004Version 1 -PKI - a security architecture – over the internet. -Provides an increased level of confidence for exchanging information.

Ames Research CenterDivision 1 Information Power Grid (IPG) Overview Anthony Lisotta Computer Sciences Corporation NASA Ames May 2,

Chapter 2 Securing Network Server and User Workstations.

HP OpenView eCare is a fast, efficient way to access always- on, interactive technical support tools needed to manage your business and ensure uptime.

Security fundamentals Topic 5 Using a Public Key Infrastructure.

NASA’s Organization National Aeronautics and Space Administration.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

Sicherheitsaspekte beim Betrieb von IT-Systemen Christian Leichtfried, BDE Smart Energy IBM Austria December 2011.

Chang, Wen-Hsi Division Director National Archives Administration, 2011/3/18/16:15-17: TELDAP International Conference.

ITIL® Service Asset & Configuration Management Foundations Service Transition Thatcher Deane 02/17/2010.

A Study of Certification Authority Integration Model in a PKI Trust Federation on Distributed Infrastructures for Academic Research Eisaku SAKANE, Takeshi.

A System for Monitoring and Management of Computational Grids Warren Smith Computer Sciences Corporation NASA Ames Research Center.

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

Jordan Population and Housing Census 2015

NASA Shared Service Center (NSSC)

Leigh Grundhoefer Indiana University

Final HIPAA Security Rule

جايگاه گواهی ديجيتالی در ايران

PLANNING A SECURE BASELINE INSTALLATION

Presentation transcript:

NASA PKI for PKI FORUM Presenters: Paul Ma, NASA-Ames Research Center pma@mail.arc.nasa.gov 650-604-3586

Outline Background Information on Information Technology Security Development Group (ITSDG) NASA PKI Deployment Plan Objectives and Scope NASA Public Key Infrastructure (PKI) PKI Components NASA PKI Components and Architecture NASA Issues Issues for the PKI Forum

NASA NASA has 11 major Centers distributed all over United States: Ames Research Center (ARC) at Moffett Field, CA Dryden Flight Research Center (DFRC) at Southern CA Glenn Space Flight Center (GRC) at Cleveland, OH Goddard Space Flight Center (GSFC) at Greenbelt, MD Jet Propulsion Laboratory (JPL) at Pasadena, CA Johnson Space Center (JSC) at Houston, TX Kennedy Space Center (KSC) at Cape Canaveral, FL Langley Research Center (LaRC) at Hampton, VA Marshall Space Flight Center (MSFC) at Huntsville, AL Stennis Space Center (SSC) at Bay St. Louis, MI

Principal Center for IT Security GSFC GRC MSFC JPL ARC IT Security Notifications, Incident Coordination & Response Expert Center IT Security Training and Awareness IT Security Networks & Communications Expert Center IT Security Systems & Applications Expert Center IT Security Development Expert Center (ITSDG) Incident(s) Identification Curriculum Requirements Network Audit Tools Audit Tools Architecture Planning Intrusion Tracking IT Security Workshops Firewalls Application Security Enabling Applications Response Teams IT Security Awareness Internet Security Req. Virus Detection Secure Video Conferences Threat Evaluate On-Line Courses Incident Tracking Tools WWW Secure Applications Crypto-Technology Demonstrations Threat Resolution ITS Technical Training Monitoring & Testing Secure O/S Configurations IT Security Tools WorkFlow Secure Processes Liaison System Testing Tools

NASA PKI Deployment Plan Objectives To implement a public key infrastructure contains the following components: A common NASA directory or repository for certificates A certificate authority (CA) Agents of the CA, registration authorities (RA) Policies to guide the operation of the PKI

PKI Deployment Plan Scope Establishing one central CA located at ARC and RA at ARC Assist the setup of RAs at other Centers Providing PKI services to secure sensitive but unclassified electronic information Creating documents for CA operation; Certificate Policy Statement, Certificate Practice Statement, and Security Plan Implementing security mechanisms and procedures for secure CA operation Establishing a disaster recovery plan Establishing a technical support service

NASA PKI Components The NASA PKI services are provided by: Certification Authority (CA) Ames manages the NASA CA. The software used is Entrust Technologies’ Entrust Infrastructure version 4.0. Registration Authority (RA) Each NASA Center manages its own RA operation using Entrust Technologies’ Administration Software. Certificate Repository Certificates are stored in the existing NASA X.500 infrastructure. Policy NASA’s policies are defined in the X.509 Certificate Policy for NASA PKI and the NASA Certification Authority Certification Practice Statement.

NASA PKI Architecture Certificates are stored here RAs sends requests X500 Certificates are stored here NASA Center RAs sends requests for certificates to the CA Certificates are managed by the CA Center RA Entrust Authority (Entrust CA) Main System Ames Backup Data Entrust Authority (Entrust CA) Backup System MSFC

User Access USER COMMUNITY End users retrieve certificates from the distributed directories for use by their PKI-enabled applications. X500 NASA ARC MSFC DFRC JSC GSC GSFC KSC JPL LaRC HQ SSC USER COMMUNITY Entrust Authority (Entrust CA) Main System Ames End users access the CA During certificate creation/ recovery/update operations.

PKI Status Secure CA at ARC and backup CA at MSFC have been tested and have been operational. Seven Centers have been passed through the ORR Audit. 2 Centers need more documentation before the final ORR approval. 2 more Centers are preparing for the ORR. Currently we are hoping to finish the ORR by the end of March providing the Centers are ready.

NASA Applications NASA PKI Secure Web Secure Desktop Secure E-Mail Secure Networking NASA PKI Secure Web Secure File Transfer Secure Remote Access Secure E-Forms Secure Desktop Secure E-Mail E-Grant Copyright 1997 Entrust Technologies 3

Information Integrity: Key To A Safe Free-Flight Airspace System 0101010011100111001110 010101011100111 010101001110011100111001010111 010101001110011100 0101010011100 0101010 010101001 10011100 010101001110011100111001010111101101

NASA Issues Interoperability between CAs, e-mail applications (Eudora and MS Exchange/Outlook) Directory Service was a major problem internally Policy issues gave us more troubles or as much troubles as technically issues export, auditing, archiving, license tracking, etc how to deal with external partners

Issues for PKI Forum PKI Forum needs to deal with scalability issues as well as interoperability issues Heavy client Directory lookup CRL distribution How is PKI is going to deal with all the millions of IPSec devices that are coming that require security?