File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015.

Slides:



Advertisements
Similar presentations
Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.
Advertisements

Internet Protocol Security (IP Sec)
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.
HPSS Update Jason Hick Mass Storage Group NERSC User Group Meeting September 17, 2007.
Grid Security. Typical Grid Scenario Users Resources.
Password?. Project CLASP: Common Login and Access rights across Services Plan
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.
ORNL is managed by UT-Battelle for the US Department of Energy Globus: Proxy Lifetime Endpoint Lifetime Oak Ridge Leadership Computing Facility.
© 2013 Jones and Bartlett Learning, LLC, an Ascend Learning Company All rights reserved. Security Strategies in Linux Platforms and.
Cs490ns-cotter1 SSH / SSL Supplementary material.
Russ Housley IETF Chair Founder, Vigil Security, LLC 8 June 2009 NIST Key Management Workshop Key Management in Internet Security Protocols.
Directory and File Transfer Services Chapter 7. Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP.
Secure Connections to NERSC Systems Using the Secure Shell (SSH) Jed Donnelley 6/21/1999.
National Energy Research Scientific Computing Center (NERSC) Computer Security – The New Threats Stephen Lau NERSC Center Division, LBNL June 24, 2004.
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Remote Access Chapter 4. Learning Objectives Understand implications of IEEE 802.1x and how it is used Understand VPN technology and its uses for securing.
Secure Shell for Computer Science Nick Czebiniak Sung-Ho Maeung.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Identification and Authentication University of Sunderland COM380 Harry R. Erwin, PhD.
Secure Shell Mike Griffiths & Deniz Savas CiCS Dept Sheffield University November 2005.
AE6382 Secure Shell Usually referred to as ssh, the name refers to both a program and a protocol. The program ssh is one of the most useful networking.
Directory and File transfer Services By Jothi. Two key resources Lightweight Directory Access Protocol (LDAP) File Transfer protocol Secure file transfer.
National Computational Science National Center for Supercomputing Applications National Computational Science NCSA-IPG Collaboration Projects Overview.
Module 9: Fundamentals of Securing Network Communication.
1 Securing Data and Communication. 2 Module - Securing Data and Communication ♦ Overview Data and communication over public networks like Internet can.
CSCE 815 Network Security Lecture 26 SSH and SSH Implementation April 24, 2003.
Network access security methods Unit objective Explain the methods of ensuring network access security Explain methods of user authentication.
CSE 543 Computer Security: Risks of PKI - Josh Schiffman & Archana Viswanath Ten Risks of PKI: What You're not Being Told about Public Key Infrastructure.
Public / Private Keys was a big year… DES: Adopted as an encryption standard by the US government. It was an open standard. The NSA calls it “One.
OV Copyright © 2005 Element K Content LLC. All rights reserved. Hardening Internetwork Devices and Services  Harden Internetwork Connection Devices.
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
Scientific Computing Division File Transfers from/to SCD Supercomputers Siddhartha S Ghosh Consulting Services Group SCD/NCAR.
ORAFACT The Secure Shell. ORAFACT Secure Shell Replaces unencrypted utilities rlogin and telnet rsh rcp Automates X11 authentication Supports tunneling.
Secure Authentication A Brief Overview PacNOG I Workshop June 22, 2005 Nadi, Fiji Hervey Allen.
Phil Hurvitz Securing UNIX Servers with the Secure.
National Computational Science National Center for Supercomputing Applications National Computational Science GSI Online Credential Retrieval Requirements.
1 SSH / SSL Supplementary material. 2 Secure Shell (SSH) One of the primary goals of the ARPANET was remote access Several different connections allowed.
Team 6 Decrypting Encryption Jeffrey Vordick, Charles Sheefel, and Shyam Rasaily.
Need for Security Control access to servicesControl access to services Ensure confidentialityEnsure confidentiality Guard against attacksGuard against.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Office of Science U.S. Department of Energy Grid Security at NERSC/LBL Presented by Steve Chan Network, Security and Servers
CPS Computer Security Tutorial on Creating Certificates SSH Kerberos CPS 290Page 1.
©Richard L. Goldman Public Key Policies for Windows 2000 ©Richard Goldman December 5, 2001.
JLAB Password Security Ian Bird Jefferson Lab HEPiX-SLAC 6 Oct 1999.
SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.
1 Example security systems n Kerberos n Secure shell.
Chapter 7: Using Network Clients The Complete Guide To Linux System Administration.
Secure services Unit-IV CHAP-1
Tutorial on Creating Certificates SSH Kerberos
Grid Security.
Remote Access Lecture 2.
FTP - File Transfer Protocol
Getting SSH to Work Between Computers
Tutorial on Creating Certificates SSH Kerberos
Lab 7 - Topics Establishing SSH Connection Install SSH Configure SSH
Presentation transcript:

File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015

NUG Meeting June 21, 2015 Clear Text Passwords Clear Text Passwords pose significant security risk –Major source of security compromises NERSC policy to eliminate clear text passwords NERSC does not allow clear text shell sessions –Current primary exposure for NERSC is in file transfer

NUG Meeting June 21, 2015 Clear Text Password Goals and Challenges Goals –Eliminate all clear text password access to NERSC –Continue to allow outbound ftp to non-NERSC sites Challenges –Unlike telnet/ssh, no universal cross-platform solution –Many solutions still in development phase

NUG Meeting June 21, 2015 File Transfer Options Use scp or sftp scp –Works with SSHv1 and SSHv2 –Data stream encrypted (performance hit) sftp –Works with SSHv2 –Data stream encrypted (performance hit) –Similar interface to ftp

NUG Meeting June 21, 2015 File Transfer Options If performance becomes an issue try ftp with ssh tunneling ftp with ssh tunneling –Works with SSHv1 and SSHv2 –Data stream unencrypted (no performance hit) –Caveats Requires set up Potential port collision failures

NUG Meeting June 21, 2015 Availability sftp, ssh, scp available on: –Seaborg –Crays –Newton - Symbolic Mathematics and Statistics Server –Escher – Visualization Server –PDSF

NUG Meeting June 21, 2015 File Transfer to HPSS sftp, ssh, scp not available to HPSS Possible future solution of gsi_ftp –Not production ready Allow use of current clients without transmitting easily sniffed passwords –

NUG Meeting June 21, 2015 Key Points to Remember Protect your private keys –Don’t put them on publicly accessible systems Put a passphrase on your keys –Ssh-keygen allows you to generate a key with no passphrase –DO NOT do this Don’t telnet from home to work and then SSH into NERSC –Defeats the use of SSH

NUG Meeting June 21, 2015 NERSC PKI Infrastructure DOE Science Grid Certificate Authority –ESNet –Establishes identity Site Registration Authorities / Managers –Site authorization Current state –ESnet has working CA –NERSC has a prototype RA

NUG Meeting June 21, 2015 NERSC PKI Infrastructure Key points –ESNet verifies certificates –NERSC provides authorization Still need to go through NERSC authorization process Certificate interoperability with NIM Even if certificate issued by another organization

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.