Presentation is loading. Please wait.

Presentation is loading. Please wait.

File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015."— Presentation transcript:

1 File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015

2 NUG Meeting June 21, 2015 Clear Text Passwords Clear Text Passwords pose significant security risk –Major source of security compromises NERSC policy to eliminate clear text passwords NERSC does not allow clear text shell sessions –Current primary exposure for NERSC is in file transfer

3 NUG Meeting June 21, 2015 Clear Text Password Goals and Challenges Goals –Eliminate all clear text password access to NERSC –Continue to allow outbound ftp to non-NERSC sites Challenges –Unlike telnet/ssh, no universal cross-platform solution –Many solutions still in development phase

4 NUG Meeting June 21, 2015 File Transfer Options Use scp or sftp http://hpcf.nersc.gov/help/access/ssh.html scp –Works with SSHv1 and SSHv2 –Data stream encrypted (performance hit) sftp –Works with SSHv2 –Data stream encrypted (performance hit) –Similar interface to ftp

5 NUG Meeting June 21, 2015 File Transfer Options If performance becomes an issue try ftp with ssh tunneling http://hpcf.nersc.gov/help/access/ssh.html ftp with ssh tunneling –Works with SSHv1 and SSHv2 –Data stream unencrypted (no performance hit) –Caveats Requires set up Potential port collision failures

6 NUG Meeting June 21, 2015 Availability sftp, ssh, scp available on: –Seaborg –Crays –Newton - Symbolic Mathematics and Statistics Server –Escher – Visualization Server –PDSF

7 NUG Meeting June 21, 2015 File Transfer to HPSS sftp, ssh, scp not available to HPSS Possible future solution of gsi_ftp –Not production ready Allow use of current clients without transmitting easily sniffed passwords –http://hpcf.nersc.gov/storage/hpss/ftp_nopass.htmlhttp://hpcf.nersc.gov/storage/hpss/ftp_nopass.html

8 NUG Meeting June 21, 2015 Key Points to Remember Protect your private keys –Don’t put them on publicly accessible systems Put a passphrase on your keys –Ssh-keygen allows you to generate a key with no passphrase –DO NOT do this Don’t telnet from home to work and then SSH into NERSC –Defeats the use of SSH

9 NUG Meeting June 21, 2015 NERSC PKI Infrastructure DOE Science Grid Certificate Authority –ESNet –Establishes identity Site Registration Authorities / Managers –Site authorization Current state –ESnet has working CA –NERSC has a prototype RA

10 NUG Meeting June 21, 2015 NERSC PKI Infrastructure Key points –ESNet verifies certificates –NERSC provides authorization Still need to go through NERSC authorization process Certificate interoperability with NIM Even if certificate issued by another organization

Download ppt "File Transfer and Use of Clear Text Passwords Update NERSC Users Group Meeting Stephen Lau NERSC June 21, 2015."

Similar presentations

Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.

Secure Internet Solutions Geoff Huston Chief Scientist, Internet Telstra.
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.

Cryptography Chapter 7 Part 4 Pages 833 to 874. PKI Public Key Infrastructure Framework for Public Key Cryptography and for Secret key exchange.
Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.

Cross Platform Single Sign On using client certificates Emmanuel Ormancey, Alberto Pace Internet Services group CERN, Information Technology department.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.

Password? CLASP Project Update C5 Meeting, 16 June 2000 Denise Heagerty, IT/IS.
HPSS Update Jason Hick Mass Storage Group NERSC User Group Meeting September 17, 2007.

HPSS Update Jason Hick Mass Storage Group NERSC User Group Meeting September 17, 2007.
Grid Security. Typical Grid Scenario Users Resources.

Grid Security. Typical Grid Scenario Users Resources.
Password?. Project CLASP: Common Login and Access rights across Services Plan

Password?. Project CLASP: Common Login and Access rights across Services Plan
Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.

Public Key Infrastructure (PKI) Providing secure communications and authentication over an open network.
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.

Security+ Guide to Network Security Fundamentals, Third Edition Chapter 12 Applying Cryptography.
Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.

Secure Data Transmission James Matheke Information Security Architect Ohio Department of Job and Family Services.
Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.

Introduction to PKI Seminar What is PKI? Robert Brentrup July 13, 2004.
File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.

File Transfer Methods : A Security Perspective. What is FTP FTP refers to the File Transfer Protocol, one of the protocols within the TCP/IP protocol.
Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.

Office of Science U.S. Department of Energy Grids and Portals at NERSC Presented by Steve Chan.
Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.

Telnet/SSH Tim Jansen, Mike Stanislawski. TELNET is short for Terminal Network Enables the establishment of a connection to a remote system, so that the.
SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.

SSH : The Secure Shell By Rachana Maheswari CS265 Spring 2003.
Copyright © 1995-2003 Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.

Copyright © Clifford Neuman - UNIVERSITY OF SOUTHERN CALIFORNIA - INFORMATION SCIENCES INSTITUTE CSci530: Computer Security Systems Authentication.
Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.

Identity Management and PKI Credentialing at UTHSC-H Bill Weems Academic Technology University of Texas Health Science Center at Houston.
John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.

John Degenhart Joseph Allen.  What is FTP?  Communication over Control connection  Communication over Data Connection  File Type  Data Structure.

Similar presentations

Ads by Google