Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISS e G EU-FP6 Project 026745 Overview.

Published byAlyson Barnett Modified over 8 years ago

Similar presentations

Presentation on theme: "1 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISS e G EU-FP6 Project 026745 Overview."— Presentation transcript:

1 1 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISS e G EU-FP6 Project 026745 Overview François Fluckiger CERN

2 2 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Facts and Figures  Four Partners  CERN (coordinator)  CCLRC, UK  FZK, Germany  CS-SI, France  Start: 01/02/06  Two years project  Budget: 1086 K€ 20062007 2 years

3 3 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Financial Summary: EC Contribution Partners EC Contribution Total Activity (Direct + indirect cost) Management (subcontracted audit) CERN532 00069 000 CSSI180 0002 000 (audit) FZK200 0003 000 (audit) CLRC100 000 Karin Burghauser, Severine Bergerot

4 4 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integrated Site Security for Grids  Overall aim  “Contribute to the consolidation of the European Grid infrastructure in the field of computer security”  Focus  Site Security to complement Grid security

5 5 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Origin of ISSeG  Summer 2004  Initiative from W. von Rüden for an openlab project on Site Security  Fall 2004  Discussion with industrial partners  March 2005  Proposal submitted EU-FP6 (“Specific Support Action” Instrument)

6 6 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integrated Site Security for Grids  Overall aim  “Contribute to the consolidation of the European Grid infrastructure in the field of computer security”  Focus  Site Security to complement Grid security  Project Objective: a.Create expertise b.Disseminate expertise  Key concept  Integration of all security components

7 7 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Site vs Grid Security  Grid Security  Authentication / Authorization in VOs  Traveling Data integrity  Specific security incident  Site Security  Technical Security  Policy, Regulation, Administration  Training and sensitization

8 8 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Site vs Grid Security GRID Infrastructure Site A R Site 8 H H Site C H R R GRID Security Site Security H H HH HH

9 9 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integration: The Three Dimensions Technical Infrastructure Network En-user systems Servers Mission-critical systems Policy Regulation Administration Policy formation \ enforcement User registration Rules and Regulations Training Sensitization End-users System managers Application developers

10 10 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Integrated Approach  “Actions or decisions affecting one security component should be checked against other components likely to be affected, which in turn may have to be adapted”  “Good synchronization necessary between changes affecting transversally multiple components”  Examples of poor synchronization include:  New anti-spam or virus detection measures translated with delay into end-user information / training material  New security policy published whilst technical components necessary to their enforcement are not yet fully operational Technical Infrastructure Network En-user systems Servers Mission-critical systems Policy Regulation Administration Policy formation User registration Rules/Regulations Training Sensitization End-users System managers App. developers

11 11 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Guiding principles The four ISSeG buzz words Site ISSeG is not about GRID security Integration The concept we sold The genuine scientific dimension Practical Recommendations not-theoretical, based on practical deployments Multi-disciplinary Not only HEP

12 12 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 A two stage process 1Creation of raw expertise via  Two-site real deployment  Auditing  WP1  WP2 About “Deployment at CERN and FZK”  In practice, improving site security:  A continuing process  Pre-dated ISSeG  “Deployment” in more period during which actions are focussed

13 13 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 A two stage process 1Creation of raw expertise via  Two-site real deployment  Auditing  WP1  WP2 2Translation into  Applicable recommendations  Training  WP3  WP4

14 14 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Methodology  Expertise Creation  ISS deployment at CERN  ISS adaptation and export at FZK  Comparative auditing  Expertise Dissemination  Recommendations for ISS generalization  Training and disseminations actions M1- 3 M4- 6 M7- 9 M10 -12 M13 -15 M16 -18 M19 -21 M22 -24 Deployment at CERN Deployment at FZK Recommendations for Generalization Training and Dissemination Comparative Auditing

15 15 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 WP Lead Contractors ActivityWPWork package titleLeadStartEnd SupportWP1Deployment of Integrated Site Security at CERN and FZK CERNM00M21 WP2Comparative auditing and analysis of site security CSSIM00M22 WP3Recommendations for Integrated Site Security generalization FZKM09M24 WP4Training and Expertise Dissemination CCLRCM06M24 Manage ment WP5Project ManagementCERNM00M24

16 16 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Involvement of partners in WPs  All partners involved in all Activity WPs CERNCSSIFZKCCLRCTotal Activities WP1 / Deployment 9812241135 WP2 / Comparative Auditing 5122221 WP3 / Recommendations 3110115 WP4 / Training and Dissemination 5131120 Total 'specific activities' 111263915191  Effort in person.months, EU-funded and unfunded

17 17 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 WP1.1: Deployment at CERN T1.1.1 Articulation of the CERN ISS strategy  CERN ISS strategy document (February 2006) T1.1.2 Production of the implementation plan  CERN ISS implementation plan document (March 2006)  Public version (April 2006) T1.1.3 Deployment and documentation of expertise 1  Intermediate deployment report (October 2006)  Public version (November 2006) T1.1.4 Deployment and documentation of expertise 2  Final deployment report (June 2007)  Public version (July 2007)

18 18 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 CERN Security Strategy Defined by 5 Strategic directions: S1Centralise management of resources S2Integrate management of resources via databases S3 Enhance network connectivity management S4Integrate and evolve security mechanisms and tools S5 Integrate Security Training, Best Practices and Administrative Procedures

19 19 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Admin Mngr Tech. Mngr Partner 1 Project Board Admin Mngr Tech. Mngr Partner 2 Tech. Mngr Admin Mngr Partner 3 Tech. Mngr Admin Mngr Partner 4 Technical Board Management Structure Project Technical Coordinator Project Coordinator Project Office

20 20 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISSeG Project Board members Partner representatives Administrative ManagerTechnical Manager CERNFrederic HemmerLionel Cons CS SIJean-François Mussotbc FZKUrsula EptingBruno Hoeft / Ursula Epting CCLRCDavid Jackson Project representatives Project CoordinatorProject Technical Coordinator CERNFrancois FluckigerDenise Heagerty  Initial appointments

21 21 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Project Board Technical Board Management Structure Project Technical Coordinator Project Coordinator Project Office Confidentiality Review Board Liaison Officers EGEE LCG Other

22 22 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Restricted and Public Deliverables  Most deliverables will have two versions  Restricted:  For EU and their designated reviewers  Public:  Delivered one month after the restricted version (usually, a stripped-down version)  No public deliverable will be released without the agreement of the Confidentiality Board

23 M01M02M03M04M05M06M07M08M09M10M11M12M13M14M15M16M17M18M19M20M21M22M23 D1.1.1D1.1.2 rD1.1.4 p WP1.1 D1.1.3 r D1.2.4 pD1.2.1D1.2.2 r WP1.2 D1.2.3 r WP2 D2.1D2.2 rD2.3D2.4 p M24 D3.1 D3.2 rD3.4r WP3 WP4 D4.1D4.2 WP5 D5.1D5.3D5.6 /5.7 D1.1.2 pD1.1.3 pD1.1.4 r D1.2.4r D5.2D5.4 D2.4 r D1.2.3 pD1.2.2 p D3.2 pD3.3 pD3.4 pD3.3 r D5.5 r,p D1.1.2 r Restricted deliverable D4.6D4.7 D4.5 D4.4 D4.3 D2.2.1 D4.5.1

24 M01M02M03M04M05M06M07M08M09M10M11M12M13M14M15M16M17M18M19M20M21M22M23 D1.1.1D1.1.2 rD1.1.4 p WP1.1 D1.1.3 r D1.2.4 pD1.2.1D1.2.2 r WP1.2 D1.2.3 r WP2 D2.1D2.2 rD2.3D2.4 p M24 D3.1 D3.2 rD3.4r WP3 WP4 D4.1D4.2 WP5 D5.1D5.3D5.6 /5.7 D1.1.2 pD1.1.3 pD1.1.4 r D1.2.4r D5.2D5.4 D2.4 r D1.2.3 pD1.2.2 p D3.2 pD3.3 pD3.4 pD3.3 r D5.5 r,p D1.1.2 r Restricted deliverable D4.6D4.7 D4.5D4.5.1 D4.4 D4.3 D2.2.1 D4.5.1

25 25 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Procedure for deliverables Confidential documents Work Packages Management Communication Public Documents World CreateReleaseReview Restricted version EU CreateRelease Review Change Public version EU

26 26 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Synergies with other EU projects BioInfoG. ISSeG ETICS 6DISS BELIEF BalticGrid IceAge

27 27 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for success We will be judged on our capability to  Demonstrate we do not duplicate EGEE’s Job  Address also non-HEP disciplines  Produce quality deliverables and dissemination material with real substance

28 28 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for progress Description of qualitative and quantitative criteria and achievements to assess the progress of the project and measure its success DateDeliverable Generalization of Central Management of on-site computers Generalize mechanisms for centrally managing on-site computersM06D1.1.3r D5.1 Increase the number of centrally managed computers at CERN beyond 5000 M06D1.1.3r D5.1 Increase the number of centrally managed computers at FZK beyond 2000 M08D1.2.3r D5.1 Automatic and customized configuration of on-site systems Put in place a pilot version of the system for centralized management of computers supporting customized configuration M06D1.1.3r D5.1 Test the pilot service over more than 50 computers at CERNM06D1.1.3r D5.1 Integration of computer account management facilities Put in place a system for synchronization and integration between computer accounts and personnel administrative data. M06D1.1.3r D5.1 As a measure of the usefulness and success of the system, detect at least 100 accounts to be closed due to policy violations at CERN M06D1.1.3r D5.1 As a measure of the usefulness and success of the system, detect at least 50 accounts to be closed due to policy violations at FZK M08D1.2.3r D5.1

29 29 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for progress Intrusion Detection Put in place a test Intrusion Detection System (IDS) by correlating host-based and network-based recorded data. M12D1.1.4p D5.2 Have deployed the test system on at least 6 host computers and 2 network devices at CERN. M12D1.1.4p D5.2 Protection of mission-critical systems Set up a Gateway system to access mission-critical devices (such a control systems). M06D1.1.3r D5.1 Provide access to mission-critical devices via a Gateway system to at least 50 users at CERN. M06D1.1.3r D5.1 Improvement of authentication mechanisms Evaluate comparatively alternatives for improving user authentication. M12D1.1.4p D1.2.4p D5.2 Having evaluated at least 3 differing technologies.M12D1.1.4p D1.2.4p D5.2 Improvement of user knowledge and awareness of computer security Create a quiz for evaluating and measuring the average knowledge of users on security principles, best practices, rules and policies. M03D5.1 Run the quiz at the beginning of the project at FZK, CCLRC and CERN and derive metrics on user awareness and knowledge of computer security. M03D5.1 Run the quiz at the end of the project at FZK, CCLRC and CERN. Analyze the results and compare them to those of the first evaluation. M22D5.5p

30 30 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Criteria for progress Dissemination via web site Release the first version of the education and dissemination web-site M12D4.2 Measure the achieved hit rate of the site after 3 months. Having attained at least 1000 hit after 3 months M15D5.3 Having attained at least 100 access of educational material after 3 months M15D5.3 Comparative auditing of security mechanisms Release first version of comparative auditing report M06D2.2r Having identified and documented at least 20 security items significant for comparing auditing results. M06D2.2r D5.1 Recommendations for ISS generalization Release intermediate report on ISS generalization M15D3.1 Having drafted at least 5 recommendations in the intermediate report. M15D3.1 D5.5p Dissemination beyond the audience of the project partners Having been invited by organizations or projects external to the consortium to give at least 10 public presentations on ISS M24D5.5p

31 31 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Risk Analysis  The most difficult aspects As perceived by the Project Coordinator  Involve scientific disciplines in requirements and dissemination (whom, how?)  Write clear, convincing, practical, useful recommendations  Meet our educational objectives (quantitative)

32 32 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 Beyond ISS e G  ISSeG is a two-year project  Too short to achieve wide-scale ISS generalization  Sufficient to create the conditions for it  methods  recommendations  training all validated by the two deployments  ISS generalization … … may be the subject of a second phase

Download ppt "1 I ntegrated S ite S ecurity for G rids cern.ch/isseg François Fluckiger IT seminar -EU Projects 13 March 2006 ISS e G EU-FP6 Project 026745 Overview."

Similar presentations

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.

HIPAA Security Presentation to The American Hospital Association Dianne Faup Office of HIPAA Standards November 5, 2003.
Researchers nights 2010- Information Day- 12-11-2009-Colette RENIER Research Executive Agency FP7-PEOPLE-2010-NIGHT INFORMATION DAY Brussels, 12 November.

Researchers nights Information Day Colette RENIER Research Executive Agency FP7-PEOPLE-2010-NIGHT INFORMATION DAY Brussels, 12 November.
ICAO Seminar on Aeronautical spectrum management (Cairo, 7 – 17 June 2006) SAFIRE Spectrum and Frequency Information Resource (presented by Eurocontrol)

ICAO Seminar on Aeronautical spectrum management (Cairo, 7 – 17 June 2006) SAFIRE Spectrum and Frequency Information Resource (presented by Eurocontrol)
1 st Review Meeting, Brussels 5/12/12 – Technical progress (P. Paganelli, Bluegreen) www.i-cargo.eu iCargo 1st Review Meeting Brussels 5/12/12 Technical.

1 st Review Meeting, Brussels 5/12/12 – Technical progress (P. Paganelli, Bluegreen) iCargo 1st Review Meeting Brussels 5/12/12 Technical.
Dr. Julian Lo Consulting Director ITIL v3 Expert

Dr. Julian Lo Consulting Director ITIL v3 Expert
Security Controls – What Works

Security Controls – What Works
CENTRAL EUROPE PROGRAMME 2007-2013 SUCCESS FACTORS FOR PROJECT DEVELOPMENT: focus on activities and partnership JTS CENTRAL EUROPE PROGRAMME.

CENTRAL EUROPE PROGRAMME SUCCESS FACTORS FOR PROJECT DEVELOPMENT: focus on activities and partnership JTS CENTRAL EUROPE PROGRAMME.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
EC Review – 01/03/2002 – G. Zaquine – Quality Assurance – WP12 – CS-SI – n° 1 DataGrid Quality Assurance Gabriel Zaquine Quality Engineer - WP12 – CS-SI.

EC Review – 01/03/2002 – G. Zaquine – Quality Assurance – WP12 – CS-SI – n° 1 DataGrid Quality Assurance Gabriel Zaquine Quality Engineer - WP12 – CS-SI.
EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.

EVALUATION AND QUALITY ASSURANCE STRATEGY PRESENTED BY DR SHYAM PATIAR.
Oversight CHAPTER SIXTEEN Student Version Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.

Oversight CHAPTER SIXTEEN Student Version Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.

Information Security Compliance System Owner Training Richard Gadsden Information Security Office Office of the CIO – Information Services Sharon Knowles.
LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.

LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.
1 Framework Programme 7 Guide for Applicants

1 Framework Programme 7 Guide for Applicants
SESAR Single European Sky Air traffic management Research

SESAR Single European Sky Air traffic management Research
The Preparatory Phase Proposal a first draft to be discussed.

The Preparatory Phase Proposal a first draft to be discussed.
S L H C – P P Management Tools Kick-off Meeting April 8 th, 2008 Mar CAPEANS CERN This project has received funding from the European.

S L H C – P P Management Tools Kick-off Meeting April 8 th, 2008 Mar CAPEANS CERN This project has received funding from the European.
SLHC-PP Admin News Admin guide Time sheets Effort Web Pages 1 st Deliverable Report SLHC-PP Steering Committee Meeting CERN, July 3 rd, 2008.

SLHC-PP Admin News Admin guide Time sheets Effort Web Pages 1 st Deliverable Report SLHC-PP Steering Committee Meeting CERN, July 3 rd, 2008.
Security Policy Evaluation Using Balanced Scorecards Mohamad El Osta MBA 737 April 29, 2008.

Security Policy Evaluation Using Balanced Scorecards Mohamad El Osta MBA 737 April 29, 2008.
Chapter 6 of the Executive Guide manual Technology.

Chapter 6 of the Executive Guide manual Technology.

Similar presentations

Ads by Google