Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

Slides:

Advertisements

Similar presentations

Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.

Advertisements

Middleware technology and software quality issues Andrew McNab Grid Security Research Fellow University of Manchester.

HIPAA: FEDERAL REGULATIONS REGARDING PATIENT SECURITY.

Acceptable Use Policy (or Fair Use): For Users of Computers and other technology.

SL21 Information Security Board Mission, Goals and Guiding Principles.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Summer IAVA1 NATIONAL INFORMATION ASSURANCE TRAINING STANDARD FOR SYSTEM ADMINISTRATORS (SA) Minimum.

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

Security Controls – What Works

Using Digital Credentials On The World-Wide Web M. Winslett.

\ Grid Security and Authentication1. David Groep Physics Data Processing group Nikhef.

© 2015 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Policies and Implementation Issues.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Session 3 – Information Security Policies

Taking Steps to Protect Privacy A presentation to Hamilton-area Physiotherapy Managers by Bob Spence Communications Co-ordinator Office of the Ontario.

Database Auditing Models Dr. Gabriel. 2 Auditing Overview Audit examines: documentation that reflects (from business or individuals); actions, practices,

Chapter 7 Database Auditing Models

Effectively Integrating Information Technology (IT) Security into the Acquisition Process Section 5: Security Controls.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

Security Awareness Norfolk State University Policies.

SEC835 Database and Web application security Information Security Architecture.

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

HIPAA PRIVACY AND SECURITY AWARENESS.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Security Baseline. Definition A preliminary assessment of a newly implemented system Serves as a starting point to measure changes in configurations and.

Privacy and Security of Protected Health Information NorthPoint Health & Wellness Center 2011.

How Hospitals Protect Your Health Information. Your Health Information Privacy Rights You can ask to see or get a copy of your medical record and other.

User Manager Pro Suite Taking Control of Your Systems Joe Vachon Sales Engineer November 8, 2007.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Federated or Not: Secure Identity Management Janemarie Duh Identity Management Systems Architect Chair, Security Working Group ITS, Lafayette College.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

Database Security and Auditing: Protecting Data Integrity and Accessibility Chapter 7 Database Auditing Models.

JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.

Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Cloud Computing Security Keep Your Head and Other Data Secure in the Cloud Lynne Pizzini, CISSP, CISM, CIPP Information Systems Security Officer Information.

Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.

Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and OSG: Common Security Policies? OSG.

State of e-Authentication in Higher Education August 20, 2004.

Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

Networked Systems Survivability CERT ® Coordination Center Software Engineering Institute Carnegie Mellon University Pittsburgh, PA © 2002 Carnegie.

Information Security IBK3IBV01 College 2 Paul J. Cornelisse.

Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005

Security Vulnerability Identification and Reduction Linda Cornwal, JRA1, Brno 20 th June 2005

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

June 6, 2006OSG - Draft VO AUP1 Open Science Grid Trust as a Foundation June 6, 2006 Keith Chadwick.

Information Security Measures Confidentiality IntegrityAccessibility Information cannot be available or disclosed to unauthorized persons, entities or.

EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.

Chapter 3 Pre-Incident Preparation Spring Incident Response & Computer Forensics.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE and JSPG activities David Kelsey CCLRC/RAL.

JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.

SEE-GRID The SEE-GRID initiative is co-funded by the European Commission under the FP6 Research Infrastructures contract no SEE-GRID.

1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.

Security Bob Cowles

Contingency Management Indiana University of Pennsylvania John P. Draganosky.

Cyber Security Issues in HEP and NP Grids Bob Cowles — SLAC NC August 2004.

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

Lecturer: Eng. Mohamed Adam Isak PH.D Researcher in CS M.Sc. and B.Sc. of Information Technology Engineering, Lecturer in University of Somalia and Mogadishu.

Grid Security Atlas Tier 2 Meeting Bob Cowles August 18, 2006 Work supported by U. S. Department of Energy contract DE-AC03-76SF00515.

Open Science Grid Consortium Meeting

Providing Access to Your Data: Handling sensitive data

Spencer County Public Schools Responsible Use Policy for Technology and Related Devices Spencer County Public Schools has access to and use of the Internet.

Information Security Awareness

AUP, EDP, & Centralized Printing

Presentation transcript:

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported by U. S. Department of Energy contract DE-AC03-76SF00515

Rapidly Changing Environment Federal guidelines / mandates –FISMA, PIV, PII … Threats –Attacks for profit or national interests –Targeted, below the radar Vulnerabilities –Middleware, applications, users

Recent Events Aug 1-7 saw over 120 vulnerabilities announced (before MS announcement) Last week, record amount of PII lost This week, holes in GTK, VOMS, etc. Growing dissatisfaction with insecurely designed, poorly implemented software and improperly secured sites

Security by Design Security is your friend –Sites cannot allow insecure services –Users must be able to work in a trusted environment Requires attention in architecture, design, coding, deployment, patching –Also logging, version control and lower level dependencies (OS & middleware versions)

Grid Service Design Examples Mutually authenticate with services –Avoid rogue providers –Cut off “black hole” sites –Validate service requests Log resource allocation decisions Failover for critical services Ease of patching and recovery Remove OS & MW version dependencies

SLAC – Atlas Experience Web Server open to the world (needed?) –Only SL supported MySQL server open to Internet Google indexed userid/password –Admin privileges on MySQL New GTK + VDT rolling out – how will that affect OSG and VO middleware?

User AUP Goals Short enough for people to read and understand No requirement for “incidental use” provisions Remove burden on user of knowing use policies for all sites Site computer security personnel feel provisions are sufficient

User AUP Infrastructure Each VO is expected to have members agree to terms VO must clearly state goals and policies RPs evaluate VOs accepted to ensure acceptable goals & policies

User AUP Initially four paragraphs However, needed to pass it by some lawyers (three lawyers consulted) Added more scary language but managed to retain the essence of the Taiwan accord New AUP is seven paragraphs

AUP – Para 0 By registering with the Virtual Organization (the "VO") as a GRID user you shall be deemed to accept these conditions of use:

AUP Para 1 1. You shall only use the GRID to perform work, or transmit or store data consistent with the stated goals and policies of the VO of which you are a member and in compliance with these conditions of use.

AUP Para 2 2. You shall not use the GRID for any unlawful purposes and not (attempt to) breach or circumvent any GRID administrative or security controls. You shall respect copyright and confidentiality agreements and protect your GRID credentials (e.g. private keys, passwords), sensitive data and files.

AUP Para 3 3. You shall immediately report any known or suspected security breach or misuse of the GRID or GRID credentials to the incident reporting locations specified by the relevant VO(s) and to the relevant credential issuing authorities.

AUP Para 4 4. Use of the GRID is at your own risk. There is no guarantee that the GRID will be available at any time or that it will suit any purpose.

AUP Para 5 5. Logged information, including information provided by you for registration purposes, shall be used for administrative, operational, accounting, monitoring and security purposes only. This information may be disclosed to other organizations anywhere in the world for these purposes. Although efforts are made to maintain confidentiality, no guarantees are given.

New AUP Para 6 6. The Resource Providers, the VO and the GRID operators are entitled to regulate and terminate access for administrative, operational and security purposes and you shall immediately comply with their instructions.

AUP Para 7 7. You are liable for the consequences of any violation by you of these conditions of use.

VO Registration Define purpose Supply contact information Location of servers Certify all users have accepted grid AUP Responsive to complaints Mutual acceptance between VOs and Resource Providers

Site/Service Agreement Advertise services accurately, make limitations known. Do not try to circumvent controls. Not interfere with other resources. If problem, investigate & resolve Responsible for selecting appropriate VOs to offer resources to Take reasonable care with entrusted credentials. Participate in incident response activities.

Discussion?