Presentation is loading. Please wait.

Presentation is loading. Please wait.

Integrated Site Security for Grids

Published byVivian Moody Modified over 5 years ago

Similar presentations

Presentation on theme: "Integrated Site Security for Grids"— Presentation transcript:

1 Integrated Site Security for Grids
ISSeG Integrated Site Security for Grids EU-FP6 Project Brief Overview Denise Heagerty, CERN 17 April 2007 Lead partner for Work Package (WP) 4 is CCLRC. Presentation by David Jackson from CCLRC. Note, from 1st April 2007, CCLRC and PPARC will merge in to a new Research Council in the UK known as STFC. This should have no effect on the ISSeG project.

2 Integrated Site Security Concept

3 The ISSeG Process WP2 WP2 WP4 builds on the work in WP1, 2 and 3.

4 Benefits of WP2 to ISSeG Introduces requirements of other communities
Based on threat analysis Tests a methodology for site assessment Targeted for Grid sites Leading to a questionnaire for self assessment Identifies differentiating factors Leading to site security categorization Provides side benefits Defines a relationship with relevant standards Identifies security improvements due to the ISS approach

5 Methodology for deploying ISS

6 D4.1: Target audiences Who is being trained? Who wants the material?
Taken from figure 1 in D4.1. This was an example of how existing documentation (enisa ‘How to Raise Information Security Awareness’) was used and adapted for use in the project.

7 D4.1: Site and role types Time

8 Draft/Example Recommendations
R1 Broaden the use of centralized management Centrally manage accounts Centrally manage patches and system configurations Centrally manage Internet Services Small Medium Large When dealing with ~ 10 machines, this is not a big issue. When dealing with ~ 100 machines, this starts to become an issue. With over 100 machines, it is an issue. How do to capture the attention of the audience so that they wish to read about this? The relevance of the recommendation varies with the site type (size) and the individual that has responsibility/interest what is being recommended. Not interested Interested Users Management System administrators

9 D4.2: Multiple routes to recommendations

10 Draft Recommendations (1)
R1 Broaden the use of centralized management Centrally manage accounts Centrally manage patches and system configurations Centrally manage Internet Services R2 Integrate identity and resource management Provide integrated identity management Ensure resources link to the people in charge of them Define responsibilities using roles and groups R3 Manage network connectivity Restrict Intranet access to authorised devices Restrict Internet access to authorised connections Segregate networks dedicated to sensitive devices Expand the use of application gateways

11 Draft Recommendations (2)
R4 Use security mechanisms and tools Strengthen authentication and authorisation Increase the use of vulnerability assessment tools Adapt incident detection to meet evolving trends Strengthen and promote network monitoring tools Enhance spam filter tools and mailing security Extend policy enforcement R5 Strengthen administrative procedures and training Adapt training to requirements of users, developers and system administrators Integrate security training and best practices into organisational structures Maintain administrative procedures in step with evolving security needs Extend policy regulations Regulate the use and coexistence of legacy Operating Systems

12 Timelines 26 Apr Peer Review Meeting Mid May
Threat list sent for feedback to OSCT and community contacts End May Security assessment questionnaire sent for feedback to OSCT and community contacts 31 May CD1: Report on Peer Review Meeting (Final) 20 Jun Joint ISSeG/OSCT Meeting, Edinburgh 29 Jun CD2: Comparative analysis of requirements based on threats (top ten per community) 31 Jul CD3: Comparative auditing report comparing security at CERN, FZK and CCLRC CD4: Questionnaire for assessing new sites 15 Oct CD5: ~50 recommendations completed

Download ppt "Integrated Site Security for Grids"

Similar presentations

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.

Andrew McNab - Manchester HEP - 22 April 2002 EU DataGrid Testbed EU DataGrid Software releases Testbed 1 Job Lifecycle Authorisation at your site More.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
August 9, 2005 UCCSC -- 2005 IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
Slide 1 Using Models Introduced in ISA-d99.00.01 Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.

Slide 1 Using Models Introduced in ISA-d Standard: Security of Industrial Automation and Control Systems (IACS) Rahul Bhojani ISA SP99 WG4 Meeting.
Proposed mid-term Security Strategies for CERN Prepared by ad-hoc working group members: Lionel Cons, Francois Fluckiger, Denise Heagerty, Jan Iven, Jean-Michel.

Proposed mid-term Security Strategies for CERN Prepared by ad-hoc working group members: Lionel Cons, Francois Fluckiger, Denise Heagerty, Jan Iven, Jean-Michel.
Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.

Sample Security Model. Security Model Secure: Identity management & Authentication Filtering and Stateful Inspection Encryption and VPN’s Monitor: Intrusion.
1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
1 © 2014 Cloudera, Inc. All rights reserved. Preventing a Big Data Security Breach.

1 © 2014 Cloudera, Inc. All rights reserved. Preventing a Big Data Security Breach.
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
Module 11: Designing Security for Network Perimeters.

Module 11: Designing Security for Network Perimeters.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.

Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.

Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
Gabriela Macoveiu North-East RDA, Romania PP11 – WP responsible Cluster Policy Learning Platform WP3 Description Smarter Cluster Policies for South-East.

Gabriela Macoveiu North-East RDA, Romania PP11 – WP responsible Cluster Policy Learning Platform WP3 Description Smarter Cluster Policies for South-East.
1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
1 I ntegrated S ite S ecurity for G rids www.isseg.eu © Members of the ISSeG Collaboration, EU-FP6 Project 026745 ISS e G Integrated Site Security for.

1 I ntegrated S ite S ecurity for G rids © Members of the ISSeG Collaboration, EU-FP6 Project ISS e G Integrated Site Security for.
Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

Similar presentations

Ads by Google