Presentation is loading. Please wait.

Presentation is loading. Please wait.

Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 1 Application Level Gateway Securing services using.

Published byBrice Newton Modified over 8 years ago

Similar presentations

Presentation on theme: "Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 1 Application Level Gateway Securing services using."— Presentation transcript:

1 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 1 Application Level Gateway Securing services using a Proxy Thijs Metsch (German Aerospace Center – DLR e.V.) OGF19, 30.01.2007, FI-RG Meeting

2 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 2 Outline Structure of the presentation ALG Design of an ALG Usage of the ALG Demonstration Introduction Security concepts Look-out Classification Conclusions Questions (RFT)

3 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 3 Security concepts Idea and strategy Federal Office for Information Security (BSI)(BSI) suggests a packet filter – Application-Level-Gateway (ALG) – packet filer (PAP) concept A ALG (or proxy) prevents direct communication between the partners. But he accepts requests and forwards them to the destination Possible to control the direction of data flow

4 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 4 Packet filter Application Level Gateways / Proxy Advantages for this concept Forms a basis for a high security level Simple to extends with e.g. IDS, virus scanners Usage of security issues on servers can be prevented Security concepts (2) Duties of the components Traffic Management Load balancing Primary filter Logging Validation of traffic Accounting Support for Non blocking buffered I/O

5 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 5 Application Level Gateway Design for a Web Service Proxy Framework Validation & Mapping Unit GRAM Support RFT Support Own Services User authentication Consumer Listener Fetcher Supplier Cache Sender Polling Bidirectional communication … …

6 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 6 Realization Advantages of plug-in based design Create a Proxy which understands SOAP and supports Web- and Grid services. Technical details Decision based upon information in SOAP messages Validation in specialized plug-ins (e.g. with help of a schema) Load balancing by coupling of several proxies Advantages of a plug-in based design Easy to extend Simple integration of (new) communication protocols Support for in-house developed services.

7 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 7 Usage of the ALG Solutions for several strategies Using an ALG as Web Service Proxy Authentication of users with the help of GSI No knowledge about what is actually going on Validation of all actions taken by users Knowledge about all operations can be gained (Accounting, Logging) Increases latency Usage as a “firewall opener” Support for non-blocking buffered I/O (RFT/GridFTP) Can become complicated Usage is based upon desired security level

8 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 8 Job Demo ALG in use Globus Container ALGCog Desktop Demo

9 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 9 Submitted directly to globus container Submitted through an ALG Submitted directly to globus container

10 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 10 Classification of the ALG Advantages and disadvantages Advantages Less LOC in ALG means less bugs Filter and delete content in requests Force early and strong authentication Logging and Accounting Block some attacks (with help of an IDS) No modification of client and servers Disadvantages Complexity in configuration and maintenance of the ALG Downsizes maximal throughput Higher latencies Still an ALG would one be a part of a security concept

11 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 11 Conclusions Current status and future work Proven remedy (e.g. in IBM Websphere Web Service Gateway, Xtradyne WS-DBC, Visonys Airlock or other HTTP/Email Proxies) Usage of modern technologies Java and Axis (Which means support for Tomcat and Globus Toolkit) Available for OGSA/WSRF-based Grids Prototype has been implemented Future work Support of virtual organizations Integration of firewall hardware (for port opening) Integration of IDS, VPN-Tunnels and Virus scanners

12 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 12 Questions & Suggestions? Further references „Globus Toolkit Version 4: Software for Service- Orientated Systems“, Ian Foster „Globus Firewall Requirements“, Von Welch „Firewall Issues Overview“, Open Grid Forum „Konzeption von Sicherheitsgateways“, Bundesamt für Sicherheit in der Informationstechnik “Simple Object Access Protocol”, W3 Konsortium

13 Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 13 Support for RFT (Reliable File Transfer) ALG as an firewall opener 1. Detect an RFT request with the help of the SOAP message 2. Handoff to a RFT plug-in for further validation 3. Open firewall for participants 4. or alter request; start own gridFTP server; act as cache Mapping Module RFT Plug-In validate XML Schema 1 2 3

Download ppt "Securing Grid Services – OGF19 > Thijs Metsch > securing_grid_services_ogf19.ppt > 25.01.2007 Slide 1 Application Level Gateway Securing services using."

Similar presentations

Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.

Supporting further and higher education Grid Security: Present and Future Alan Robiette, JISC Development Group.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
FIREWALLS Chapter 11.

FIREWALLS Chapter 11.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.

Firewalls : usage Data encryption Access control : usage restriction on some protocols/ports/services Authentication : only authorized users and hosts.
CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.

CSCI 530 Lab Firewalls. Overview Firewalls Capabilities Limitations What are we limiting with a firewall? General Network Security Strategies Packet Filtering.
GridFTP: File Transfer Protocol in Grid Computing Networks

GridFTP: File Transfer Protocol in Grid Computing Networks
Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,

Holding slide prior to starting show. Supporting Collaborative Working of Construction Industry Consortia via the Grid - P. Burnap, L. Joita, J.S. Pahwa,
Security Firewall Firewall design principle. Firewall Characteristics.

Security Firewall Firewall design principle. Firewall Characteristics.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
Firewall Configuration Strategies

Firewall Configuration Strategies
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.

A Security Pattern for a Virtual Private Network Ajoy Kumar and Eduardo B. Fernandez Dept. of Computer Science and Eng. Florida Atlantic University Boca.
Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © 2009. Chapter 1, pp 19-28. For educational use only.

Slides for Grid Computing: Techniques and Applications by Barry Wilkinson, Chapman & Hall/CRC press, © Chapter 1, pp For educational use only.
1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.

1-2.1 Grid computing infrastructure software Brief introduction to Globus © 2010 B. Wilkinson/Clayton Ferner. Spring 2010 Grid computing course. Modification.
4b.1 Grid Computing Software Components of Globus 4.0 ITCS 4010 Grid Computing, 2005, UNC-Charlotte, B. Wilkinson, slides 4b.

4b.1 Grid Computing Software Components of Globus 4.0 ITCS 4010 Grid Computing, 2005, UNC-Charlotte, B. Wilkinson, slides 4b.
Java Server Team 8. Overview What is a Java Server? History Architecture Advantages Disadvantages Current Technologies Conclusion.

Java Server Team 8. Overview What is a Java Server? History Architecture Advantages Disadvantages Current Technologies Conclusion.
FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.
Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Firewalls Presented By Hareesh Pattipati. Outline Introduction Firewall Environments Type of Firewalls Future of Firewalls Conclusion.

Similar presentations

Ads by Google