Clique/Trust Solution Suitable for Level 2 Grid. Trusted Host Database Remote database of IP addresses, port ranges etc. Accessible by firewall administrators.

Slides:

Advertisements

Similar presentations

Module 13: Implementing ISA Server 2004 Enterprise Edition: Site-to-Site VPN Scenario.

Advertisements

Static Routing Exercise AFNOG 2003/ Track 2 # 1 Static Routing Exercise u Unix network interface configuration u Cisco network interface configuration.

A “Dynamic” Firewall Jon Hillier Oxford University/ eScience Centre.

Firewall Simulation Teaching Information Security Using: Visualization Tools, Case Studies, and Hands-on Exercises May 23, 2012.

Module 5: Configuring Access for Remote Clients and Networks.

Wireless and Switch Security NETS David Mitchell.

Hardware Firewalls: Advanced Feature © N. Ganesan, Ph.D.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 14: Troubleshooting Remote Connections.

Beth Johnson April 27, What is a Firewall Firewall mechanisms are used to control internet access An organization places a firewall at each external.

IST 228\Ch5\IP Routing1. 2  Review of Chapter 4 Start the router simulator. You will see the prompt "Router>". This is the user mode prompt. Change the.

1 © 2001, Cisco Systems, Inc. All rights reserved. Session Number Presentation_ID Cisco Easy VPN Solutions Applications and Implementation with Cisco IOS.

Static VS Dynamic websites. 1-What are the advantages and disadvantages? 2- Which one should you choose and why?

Windows Server 2008 Chapter 8 Last Update

Hands-On Microsoft Windows Server 2008 Chapter 8 Managing Windows Server 2008 Network Services.

MiVoice Office v MiVoice Office v6.0 is mainly a service enhancement release, rather than a user feature rich enhancement release.

Internet/Intranet firewall security – policy, architecture and transaction services Written by Ray Hunt This presentation will Examines Policies that influence.

© 2012 Cisco and/or its affiliates. All rights reserved. 1 CCNA Security 1.1 Instructional Resource Chapter 10 – Implementing the Cisco Adaptive Security.

TOSIBOX LOCK security options 1 1.

Course 201 – Administration, Content Inspection and SSL VPN

Connecting To A Remote Computer Via ‘Remote Desktop Web Connection’ Compatible With ‘Most Any’ Computer.

Redundancy DHCP and Domain Controller Dr. John P. Abraham Professor UTPA.

Module 7: Configuring TCP/IP Addressing and Name Resolution.

Scenario & Hands-on 7-1 VPN Configuration-PPTP

CS 4720 Security CS 4720 – Web & Mobile Systems. CS 4720 The Traditional Security Model The Firewall Approach “Keep the good guys in and the bad guys.

Chapter 7: Using Windows Servers to Share Information.

Damian Leibaschoff Support Escalation Engineer Microsoft Becky Ochs Program Manager Microsoft.

Internet Addressing. When your computer is on the Internet, anything you do requires data to be transmitted and received. For example, when you visit.

UK GRID Firewall Workshop Matthew J. Dovey Technical Manager Oxford e-Science Centre.

Session 10 Windows Platform Eng. Dina Alkhoudari.

what is contacts? In-contacts is an online contacts database designed from the ground up to be compatible with modern business needs.

Microsoft Internet Security and Acceleration (ISA) Server 2004 is an advanced packet checking and application-layer firewall, virtual private network.

Objectives Configure routing in Windows Server 2008 Configure Routing and Remote Access Services in Windows Server 2008 Network Address Translation 1.

TeraPaths TeraPaths: establishing end-to-end QoS paths - the user perspective Presented by Presented by Dimitrios Katramatos, BNL Dimitrios Katramatos,

The Microsoft Baseline Security Analyzer A practical look….

DHCP Security DHCP Snooping and Security David Mitchell 03/19/2008.

Module 4: Fundamentals of Communication Technologies.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Lecture 16 Page 1 Advanced Network Security Perimeter Defense in Networks: Virtual Private Networks Advanced Network Security Peter Reiher August, 2014.

Overview of Microsoft ISA Server. Introducing ISA Server New Product—Proxy Server In 1996, Netscape had begun to sell a web proxy product, which optimized.

WebServices, GridServices and Firewalls Matthew J. Dovey Technical Manager Oxford e-Science Centre

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.

Hands-On Microsoft Windows Server Implementing Microsoft Internet Information Services Microsoft Internet Information Services (IIS) –Software included.

1 Network-level Security at UVa Jim Jokl Common Solutions Group January 2006.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

Network Monitor By Zhenhong Zhao. What is the Network Monitor? The Network Monitor is a tool that gets information off of the host on the LAN. – Enumerating.

Virtual Workspaces Kate Keahey Argonne National Laboratory.

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

Network Address Translation External/ Internal/. OVERLOADING In Overloading, each computer on the private network is translated to the same IP address;

Firewall Configurations Responses from the ETF (the names have been changed to protect the innocent..)

How to Deploy and Configure the Smart Net Total Care CSPC Collector

Security fundamentals Topic 10 Securing the network perimeter.

Network Security Major Problems Network Security Major Problems Why Firewall? Why Firewall? Problems with Firewalls Problems with Firewalls What is.

Information Security Dashboard Senior Design Spring 2008 Brian Rappach.

Last update 21/01/ :05 LCG 1Maria Dimou- cern-it-gd Current LCG User Registration, VO management and Authorisation Procedures VOMS workshop

Last update 22/02/ :54 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VO Registration procedure Presented by.

Static and Dynamic Routing. Configuring RIP Specifying Outgoing Interface.

EGEE is a project funded by the European Union under contract IST R-GMA Security Stephen Hicks UK Cluster Security Middleware Security Group.

Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.

Security fundamentals

Chapter 7: Using Windows Servers

Top 5 Open Source Firewall Software for Linux User

Switch Setup Connectivity to Other locations Via MPLS/LL etc

Introducing To Networking

Remove Security Tool Recently, quite a number of staff infected by Security Tool. This is so called Rogue software. User simply click some link in the.

Outline Overview Development Tools

Chapter 27: System Security

Chapter 10: Advanced Cisco Adaptive Security Appliance

Shiv Kaushal, University of Manchester

VNet and Cross-Premises Connectivity

Presentation transcript:

Clique/Trust Solution Suitable for Level 2 Grid

Trusted Host Database Remote database of IP addresses, port ranges etc. Accessible by firewall administrators Secure access Quickly propagate changes Compatible with future developments Has access control for VO-level access restrictions

Access Method Web interface Certificate based access Access Controls GridSite !

Database Structure Updating via VO management tools (such as LeSCs VOM) Also could update via XML-based user database (in development at CLRC DL) Create static web pages accessible from the web

Changes to database Additions to a particular VOs allowed list should be moderated Removal of IP addresses should propagate as quickly as possible Firewall administrators must be prompted to inspect the web pages when changes have been made

Pros and Cons Quick solution Secure Uses existing applications May result in lengthy firewall rule tables All participating sites must be secure – no weak links Changes to the firewalls need to be made quickly Cant cope with roaming users – no DHCP etc.

Conclusions Good solution for more static Level 2 grid Bad solution for dynamic, roaming user grid – how about a VPN?