Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF SINDES Secure INformation DElivery System CERN IT/CF-ASI.

Published byKelley Brown Modified over 8 years ago

Similar presentations

Presentation on theme: "Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF SINDES Secure INformation DElivery System CERN IT/CF-ASI."— Presentation transcript:

1 Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF SINDES Secure INformation DElivery System CERN IT/CF-ASI

2 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF Outline What is SINDES Weak points How to improve

3 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF What is SINDES Main purpose: –CA - manage the certificates –Store & deliver confidential information

4 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF SINDES – Certificate Authority CA functionality: Create certificates Sign certificates Confirm identities Revoke certificates

5 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF SINDES – Storage & delivery Storage centre Upload secret files Store passwords Deliver files in a secure way

6 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF What is SINDES Main purpose: –CA - manage the certificates –Store & deliver confidential information Architecture based on OpenSSL x509 standard, Apache with mod_ssl and mod_rewrite Automated certification process – client has defined time window to ask for a certificate

7 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF Outline What is SINDES Weak points How to improve

8 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF Weak points of SINDES Usability –No delete file feature –Only two target types: cluster host today also subcluster type needed –No mechanism to move a machine between clusters –No view file feature; fetch file to client only –No file versioning

9 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF Weak points of SINDES Security issues: –Only one SINDES system user anybody with the access may tamper any file stored with SIDNES no user information in log files –No privileges granularity

10 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF Weak points of SINDES On the one hand: –System in production serving more than 8.000 hosts at CERN –A number of crucial applications relying on SINDES CA functionality to authenticate (i.e. Lemon, CDB, CluMan) On the other hand: –Limited functionality –Room for improvement in security aspect

11 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF Outline What is SINDES Weak points How to improve

12 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF How to improve SINDES Ways of improvement –Enhance the usability and security in the current version of the system –Find and adopt a new tool, keep the functionality Freeware tools: i.e. wallet by Russ Allbery http://www.eyrie.org/~eagle/software/wallet/ –Write a completely new tool We have 1 year manpower starting from the 1 st October 2010

13 CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF Thank you We would be glad to receive any feedback from You! jan.dudziec@cern.ch

Download ppt "Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF SINDES Secure INformation DElivery System CERN IT/CF-ASI."

Similar presentations

CCTracker Presented by Dinesh Sarode Leaf : Bill Tomlin IT/FIO URL

CCTracker Presented by Dinesh Sarode Leaf : Bill Tomlin IT/FIO URL
AUTHENTICATION AND KEY DISTRIBUTION

AUTHENTICATION AND KEY DISTRIBUTION
Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.

Experience Building and Supporting Secure Ad Hoc Collaborations Deb Agarwal Lawrence Berkeley National Laboratory Ad Hoc Collaboration - Internet2 Fall.
Chapter 1 – Introduction

Chapter 1 – Introduction
Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.

Social Engineering Jero-Jewo. Case study Social engineering is the act of manipulating people into performing actions or divulging confidential information.
Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.

Henric Johnson1 Network Security /. 2 Outline Attacks, services and mechanisms Security attacks Security services Methods of Defense A model for Internetwork.
Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t OIS Open source web analytics.

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Open source web analytics.
1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.

1 July 2005© 2005 University of Kent1 Seamless Integration of PERMIS and Shibboleth – Development of a Flexible PERMIS Authorisation Module for Shibboleth.
Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t CF CERN Business Continuity Overview Wayne Salter HEPiX April 2012.

Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF CERN Business Continuity Overview Wayne Salter HEPiX April 2012.
CERN - IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t SVN Pilot: CVS Replacement Manuel Guijarro Jonatan Hugo Hugosson Artur Wiecek David.

CERN - IT Department CH-1211 Genève 23 Switzerland t SVN Pilot: CVS Replacement Manuel Guijarro Jonatan Hugo Hugosson Artur Wiecek David.
Operating Systems & Infrastructure Services CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t OIS CERN Search Updates Eduardo Alvarez November.

Operating Systems & Infrastructure Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS CERN Search Updates Eduardo Alvarez November.
CERN IT Department CH-1211 Genève 23 Switzerland www.cern.ch/i t Integrating Lemon Monitoring and Alarming System with the new CERN Agile Infrastructure.

CERN IT Department CH-1211 Genève 23 Switzerland t Integrating Lemon Monitoring and Alarming System with the new CERN Agile Infrastructure.
CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t OIS Ideas for 2011 Prepare must be done work items –Warranty –Software maintenance –Commitments.

CERN IT Department CH-1211 Geneva 23 Switzerland t OIS Ideas for 2011 Prepare must be done work items –Warranty –Software maintenance –Commitments.
Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.

Database  A database is an organized collection of data for one or more purposes, usually in digital form. The data are typically organized to model.
Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t OIS CERN Single Sign-On Summer 2012 Updates Emmanuel.

Operating Systems & Information Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS CERN Single Sign-On Summer 2012 Updates Emmanuel.
Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.

Projects. High Performance Computing Projects Design and implement an HPC cluster with one master node and two compute nodes. (Hint: use Rocks HPC Cluster.
AI project components: Facter and Hiera

AI project components: Facter and Hiera
Windows 2000 Active Directory Service COSC 513 Yongquan Cai 03/10/2001.

Windows 2000 Active Directory Service COSC 513 Yongquan Cai 03/10/2001.
CERN IT Department CH-1211 Geneva 23 Switzerland t CF Messaging System Ivan, Omar, Sergio 14 march 2012.

CERN IT Department CH-1211 Geneva 23 Switzerland t CF Messaging System Ivan, Omar, Sergio 14 march 2012.
Operating Systems & Infrastructure Services CERN IT Department CH-1211 Geneva 23 Switzerland www.cern.ch/i t OIS OIS Feedback on Module Responsibilities.

Operating Systems & Infrastructure Services CERN IT Department CH-1211 Geneva 23 Switzerland t OIS OIS Feedback on Module Responsibilities.

Similar presentations

Ads by Google