Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.

Published byGervais Morgan Modified over 8 years ago

Similar presentations

Presentation on theme: "CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division."— Presentation transcript:

1 CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division

2 CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, 20022 Motivations Long outstanding requests to access CERN resources (Dfs files, protected Web sites, controls, etc…) –From external labs –From private ISP’s (e.g. while in hotel rooms) ADSL “explosion” Securing the infrastructure –E.g. NICE, Afs passwords in clear using ftp/telnet –Complementing other measures such as secure mail, restricting ports in firewall, etc… Costs of ACB

3 CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, 20023 What is a VPN? “Virtual Private Network” Is a technology that can be used to access any resource that has been restricted to the CERN Intranet when you are using a computer outside CERN Using an ISPUsing an ISP thru a VPN

4 CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, 20024 How it works … A “remote” computer can connect to the internet using an arbitrary Internet Service Provider (ISP) and have an IP Address in the internet. The “tunnel” allows sending confidential data securely over the internet and reach the “safe” intranet The computer acts as if it was on the intranet

5 CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, 20025 Pilot Proposal Establish a VPN pilot service –Based on same technology than ACB –Restricted to managed computers on CERN Linux machines and NICE 2000 Requirements –A NICE username with a secure password –An explicit registration Pilot success criteria's –User needs satisfied –Scalability –Reasonable security checks can be implemented

6 CERN - European Organization for Nuclear Research Security Considerations

7 CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, 20027 Why are VPNs a security risk? Infected Computers –Viruses/worms/backdoors hidden on the VPN client machine will have full access to the CERN site –VPN client can be a launching pad for site wide disruption at Internet data rates –Home computers are a target for intruders and viruses Weak/Discovered passwords –Passwords can be guessed (if too trivial), cracked (from encrypted form) or “found” by others (files, paper, …) –Compromised VPN accounts can be used to launch attacks from anywhere as if inside the CERN firewall

8 CERN - European Organization for Nuclear Research F. Hemmer & D. Heagerty/ITFOCUS - June 13, 20028 What can be done to limit VPN security risks? Protect the computer –Anti-virus updated at least daily (for Windows PCs) –Operating system and installed applications kept secure for all known security holes –System restricted to only run essential applications games, music and freely copied software are targets for viruses Protect the account & password –Require registration (no default access) –Verify that VPN passwords cannot be cracked –Require at least 128 bit encryption –Limit unsuccessful login attempts

9 CERN - European Organization for Nuclear Research More information on http://cern.ch/vpnhttp://cern.ch/vpn

Download ppt "CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division."

Similar presentations

Computer networks Fundamentals of Information Technology Session 6.

Computer networks Fundamentals of Information Technology Session 6.
Computer Security set of slides 10 Dr Alexei Vernitski.

Computer Security set of slides 10 Dr Alexei Vernitski.
VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.

VCE IT Theory Slideshows By Mark Kelly McKinnon Secondary College Vceit.com Intranet, Internet, VPN.
Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.

Networks. User access and levels Most network security involves users having different levels of user access to the network. The network manager will.
Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Security Tools Jeffy Mwakalinga.
Module 5: Configuring Access for Remote Clients and Networks.

Module 5: Configuring Access for Remote Clients and Networks.
Network Security Philadelphia UniversityAhmad Al-Ghoul 2010-20111 Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.

Network Security Philadelphia UniversityAhmad Al-Ghoul Module 11 Exploring Secure Topologies  MModified by :Ahmad Al Ghoul  PPhiladelphia.
OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or 415.514-3333 UCSF Campus VPN.

OAAIS Enterprise Information Security Security Awareness, Training & Education (SATE) Program or UCSF Campus VPN.
Chapter 12 Network Security.

Chapter 12 Network Security.
Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.

Information Security 1 Information Security: Demo of Some Security Tools Jeffy Mwakalinga.
Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.

Web Servers Security: What You Should Know. The World Wide Web (WWW) is one of the best ways to develop an e-commerce business presence and interact with.
INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.

INTRANET SECURITY Catherine Alexis CMPT 585 Computer and Data Security Dr Stefan Robila.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.

1 Lecture 20: Firewalls motivation ingredients –packet filters –application gateways –bastion hosts and DMZ example firewall design using firewalls – virtual.
Fermilab VPN Service What is a VPN ?.

Fermilab VPN Service What is a VPN ?.
Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.

Faten Yahya Ismael.  It is technology creates a network that is physically public, but virtually it’s private.  A virtual private network (VPN) is a.
Virtual Private Network

Virtual Private Network
© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.

© 2007 Cisco Systems, Inc. All rights reserved.ISCW-Mod3_L7 1 Network Security 2 Module 6 – Configure Remote Access VPN.
Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Getting Connected to NGS while on the Road… Donna V. Shaw, NGS Convocation.

Similar presentations

Ads by Google