CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

Slides:



Advertisements
Similar presentations
Computer networks Fundamentals of Information Technology Session 6.
Advertisements

Computer Security set of slides 10 Dr Alexei Vernitski.
VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Module 5: Configuring Access for Remote Clients and Networks.
Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Fermilab VPN Service What is a VPN ?.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Network
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.
Virtual Private Networks Alberto Pace. IT/IS Technical Meeting – January 2002 What is a VPN ? u A technology that allows to send confidential data securely.
Computing services for the Traveling Physicist Alberto Pace CERN – Information Technology Division.
CERN’s Computer Security Challenge
VNC Greg Fankhanel Jessica Nunn Jennifer Romero. What is it? Stands for Virtual Network Computing It is remote control software which allows you to view.
1 Chapter 8 Copyright 2003 Prentice-Hall Cryptographic Systems: SSL/TLS, VPNs, and Kerberos.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Module 11: Remote Access Fundamentals
INTRODUCTION. The security system is used as in various fields, particularly the internet, communications data storage, identification and authentication.
BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.
Security at NCAR David Mitchell February 20th, 2007.
Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
VPN Security Policy By: Fred Cicilioni. VPN, or Virtual Private Network, is a protocol that allows remote access, allowing the user to connect to all.
McLean HIGHER COMPUTER NETWORKING Lesson 14 Firewalls & Filtering Comparison of Internet content filtering methods: firewalls, Internet filtering.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
1 Week #5 Routing and NAT Network Overview Configuring Routing Configuring Network Address Translation Troubleshooting Routing and Remote Access.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Keith Bower. What is Internet Security  Internet security is the protection of a computer's internet account and files from intrusion of an outside user.
General Concerns on WWW Security Name: Huaying Chen ID# Instructor: Dr Mort Anvari.
Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Lect 8 Tahani al jehain. Types of attack Remote code execution: occurs when an attacker exploits a software and runs a program that the user does not.
VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.
XXIII HTASC Meeting – CERN March 2003 LIP and the Traveling Physicist Jorge Gomes LIP - Computer Centre.
Password? CLASP Phase 2: Revised Proposal FOCUS, 3 May 2001 Denise Heagerty, IT/IS.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
Computer Security Sample security policy Dr Alexei Vernitski.
Todays’ Agenda Private vs. Personal Information Take out your notebook and copy the following information. Private information – information that can be.
Virtual Private Network (VPN) 1. A corporation with multiple geographic sites can use one of two approaches to building a corporate intranet. – Private.
SemiCorp Inc. Presented by Danu Hunskunatai GGU ID #
EasyAccess 2.0 A secured way to remotely access your Weintek HMIs and their PLCs Wherever they are on the globe.
LESSON 12 Business Internet. Electronic business, or e-business, is the application of information and communication technologies (ICT) in support of.
WARCS (Wide Area Remote Control for SPring-8)‏ A. Yamashita and Y.Furukawa SPring-8, Japan Control System Cyber-Security Workshop (CS)2/HEP Oct
Virtual Private Networks
VCE IT Theory Slideshows
Getting Connected to NGS while on the Road…
Chapter 5 Electronic Commerce | Security Threats - Solution
Port Knocking Benjamin DiYanni.
Configuring and Troubleshooting Routing and Remote Access
Chapter 5 Electronic Commerce | Security Threats - Solution
6.6 Firewalls Packet Filter (=filtering router)
Chapter 27: System Security
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Firewalls Routers, Switches, Hubs VPNs
Getting Connected to NGS while on the Road…
REDCap and Data Governance
Connecting Remotely Winter 2014.
Designing IIS Security (IIS – Internet Information Service)
Presentation transcript:

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division

CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, Motivations Long outstanding requests to access CERN resources (Dfs files, protected Web sites, controls, etc…) –From external labs –From private ISP’s (e.g. while in hotel rooms) ADSL “explosion” Securing the infrastructure –E.g. NICE, Afs passwords in clear using ftp/telnet –Complementing other measures such as secure mail, restricting ports in firewall, etc… Costs of ACB

CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, What is a VPN? “Virtual Private Network” Is a technology that can be used to access any resource that has been restricted to the CERN Intranet when you are using a computer outside CERN Using an ISPUsing an ISP thru a VPN

CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, How it works … A “remote” computer can connect to the internet using an arbitrary Internet Service Provider (ISP) and have an IP Address in the internet. The “tunnel” allows sending confidential data securely over the internet and reach the “safe” intranet The computer acts as if it was on the intranet

CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, Pilot Proposal Establish a VPN pilot service –Based on same technology than ACB –Restricted to managed computers on CERN Linux machines and NICE 2000 Requirements –A NICE username with a secure password –An explicit registration Pilot success criteria's –User needs satisfied –Scalability –Reasonable security checks can be implemented

CERN - European Organization for Nuclear Research Security Considerations

CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, Why are VPNs a security risk? Infected Computers –Viruses/worms/backdoors hidden on the VPN client machine will have full access to the CERN site –VPN client can be a launching pad for site wide disruption at Internet data rates –Home computers are a target for intruders and viruses Weak/Discovered passwords –Passwords can be guessed (if too trivial), cracked (from encrypted form) or “found” by others (files, paper, …) –Compromised VPN accounts can be used to launch attacks from anywhere as if inside the CERN firewall

CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, What can be done to limit VPN security risks? Protect the computer –Anti-virus updated at least daily (for Windows PCs) –Operating system and installed applications kept secure for all known security holes –System restricted to only run essential applications games, music and freely copied software are targets for viruses Protect the account & password –Require registration (no default access) –Verify that VPN passwords cannot be cracked –Require at least 128 bit encryption –Limit unsuccessful login attempts

CERN - European Organization for Nuclear Research More information on