Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited."— Presentation transcript:

1 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Slide 1 Randall (Randy) Cardon rec@lanl.gov Los Alamos National Laboratory, an affirmative action/equal opportunity employer, is operated by the Los Alamos National Security, LLC for the National Nuclear Security Administration of the U.S. Department of Energy under contract DE-AC52-06NA25396. By acceptance of this article, the publisher recognizes that the U.S. Government retains a nonexclusive, royalty-free license to publish or reproduce the published form of this contribution, or to allow others to do so, for U.S. Government purposes. Los Alamos National Laboratory requests that the publisher identify this article as work performed under the auspices of the U.S. Department of Energy. Los Alamos National Laboratory strongly supports academic freedom and a researcher’s right to publish; as an institution, however, the Laboratory does not endorse the viewpoint of a publication or guarantee its technical correctness. Privileged User Access for Non-US Citizens LA-UR 09-03378

2 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited

3 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Slide 3 Things I’m Glad I Didn’t Say “Everything that can be invented has been invented.” “I think there is a world market for maybe five computers.” “Get your feet off my desk, get out of here, you stink, and we're not going to buy your product.” “There is no reason for any individual to have a computer in his home” “640K ought to be enough for anybody.”

4 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Things I Wish I’d Said "However beautiful the strategy, you should occasionally look at the results.“ “Great leaders tell people what to do not how to do their jobs. They allocate resources, and give them authority.”

5 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Contact Information Randy Cardon rec@lanl.gov (505) 665-1853

6 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Multiple Tools Database for International Visits and Assignments (DIVA) Open Collaborator Enclave (OCE) Privileged User Access Request (PUAR)

7 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited DIVA The requirements were provided by Foreign Visits and Assignments. The implementation was done by LDRD

8 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited How Does DIVA Work DIVA does the following: Captures visitor and visit or assignment information as a request Routes the request for reviews and approvals Authorizes Badging Visit Requests Reviews and Approvals Badge

9 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited User Roles and Actions

10 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Review and Approval Yes Return Yes Retur n Yes No Yes Return No Yes

11 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited OCE The initial concept and design were done by ACS-PO The implementation was done by NIE

12 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited OCE Enclave Access

13 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Goals Create a network that is segmented from the Yellow for FN systems to meet HQ expectations. Meet the NAP requirements through engineered controls. Demonstrate a new model architecture for the LANL unclassified environment that provides greater data protection, access flexibility and control, and monitoring for various use profiles of LANL unclassified computing. Provide near real-time access management updates for Inter-enclave access with enforced business rules. Develop enhance surveillance to detect unauthorized access.

14 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited OCE Design OCE Control OCE Gateway Enclave Membership and Access Management Diva Net Devices Business Rules Cyber Monitoring Authentication Logs Remote Access OCE Host Yellow Network Resource SSL VPN

15 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Access Control Features User Based Authenticated Access to specific Yellow assets. OCE Control manages access control. User Role based access. — Role = Yellow Assets & Who can access them. Yellow Monitoring Key indicators are monitored for unauthorized OCE access. OCE Members can only access the OCE resources and those yellow resources that a member is authorized through roles. Jumping from authorized Yellow resources to non-authorized resources will be detected. Bypassing OCE Gateway will also be detected using this system. Remote Access Remote OCE Users see same access control polices as local.

16 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Use Cases OCE Member On-Site from OCE to Yellow/Internet Off-Site To OCE or Yellow On-Site outside OCE User Authentication Non-Auth Non OCE Member outside OCE User Authentication Any Access“Source” Central Authentication “on” Access List Non-Auth User based “roles” define access. Yellow Web Proxy Unauthenticated Access: Yellow Controls OCE “Out” IP-based Access Rules User based “roles” define access. None. “Source” Central Authentication “off” Access List Unauthorized Access User based Access Controls to Data OCE Resource Any Access OCE Firewall Access List

17 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited PUAR Requirements were developed by OCIO Implementation was done by SAE

18 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited PUAR Workflow

19 Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited Questions? “Nothing in the world can take the place of persistence. Talent will not; nothing is more common than unsuccessful men with talent. Genius will not; unrewarded genius is almost a proverb. Education will not; the world is full of educated derelicts. Persistence and determination alone are omnipotent.” Calvin Coolidge

Download ppt "Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D LANS Company Sensitive — unauthorized release or dissemination prohibited."

Similar presentations

The Union Makes Us Strong National Presidents Conference American Postal Workers Union, AFL-CIO.

The Union Makes Us Strong National Presidents Conference American Postal Workers Union, AFL-CIO.
!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.

!! Are we under attack !! Consumer devices continue to invade *Corporate enterprise – just wanting to plug in* Mobile Device Management.
Service Manager for MSPs

Service Manager for MSPs
Information Technology (IT) activities and careers. Source: www.abss.k12.nc.us/...

Information Technology (IT) activities and careers. Source:
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
CTS IT Security Enhancement Projects December 10, 2014.

CTS IT Security Enhancement Projects December 10, 2014.
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.

Attack Graphs for Proactive Digital Forensics Tara L. McQueen Delaware State University Louis P. Wilder Computational Sciences and Engineering Division.
I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.

I would like to thank Louis P. Wilder and Dr. Joseph Trien for the opportunity to work on this project and for their continued support. The Research Alliance.
Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.

Espionage Indicators Updated 08/21/13 U.S. Department of Commerce Office Of Security (OSY) Security is Everyone's Responsibility 1 Briefing.
SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.

SALSA-NetAuth SALSA-FWNA BoF Kevin Miller Duke University Internet2 Member Meeting May 2005.
2009 Architecture Plan Overview 2009 Architecture Plan Overview.

2009 Architecture Plan Overview 2009 Architecture Plan Overview.
1 7/24/09 National Nuclear Security Administration Office of Defense Nuclear Security (DNS) DNS Security Lessons Learned Program Ted Wyka Director, Security.

1 7/24/09 National Nuclear Security Administration Office of Defense Nuclear Security (DNS) DNS Security Lessons Learned Program Ted Wyka Director, Security.
Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:

Chapter 10: Data Centre and Network Security Proxies and Gateways * Firewalls * Virtual Private Network (VPN) * Security issues * * * * Objectives:
Chapter 11 Firewalls.

Chapter 11 Firewalls.
Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.

Novell iChain ® 2.x Configuration Using the Web Server Accelerator Wizard Cary Andrews Senior Software Engineer Novell, Inc.
LLNL and LANL Portal Update Cathy Aaron, Lawrence Livermore National Laboratory Katherine Norskog, Los Alamos National Laboratory Presented at InterLab.

LLNL and LANL Portal Update Cathy Aaron, Lawrence Livermore National Laboratory Katherine Norskog, Los Alamos National Laboratory Presented at InterLab.
Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Roles Based Network Access Controls James R. Clifford Los Alamos.

Operated by Los Alamos National Security, LLC for NNSA U N C L A S S I F I E D Slide 1 Roles Based Network Access Controls James R. Clifford Los Alamos.
Chapter 10 Managing the Delivery of Information Services.

Chapter 10 Managing the Delivery of Information Services.
© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company www.jblearning.com All rights reserved. Security Policies and Implementation Issues.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.

Similar presentations

Ads by Google