|
openlab
Security Workshop Presentations, 27-28 April 2004
CERN,
IT Amphitheatre. Bldg. 31, 3-004
(open to people from CERN and the openlab partners)
Slides available from the
Presentations Page
DAY 1
CERN presentations
09:00 - 09:30
Welcome (Sverre Jarp)
Introduction of
Participants (All)
Introduction to the
Workshop (Sverre Jarp)
09:30 - 10:10
Single Sign-On across Web Services (Ernest Artiaga)
The current
computer environment is composed by many different
applications, running on different platforms, and GRID
technology is going to increase this trend. Nevertheless, a
mechanism for authentication and authorization is a common
requirement for all these applications and, moreover, users
demand this mechanism to be unique, not having to
authenticate themselves for any single application, but for
the whole system. This is what we call Single Sign-On. At
CERN, we have investigated the feasibility of such a
mechanism. Our results show that, despite the infrastructure
being there (either based on PKI/Certificates or Kerberos), a
number of factors prevent it from being used effectively,
even for commonly used environments, such as Web Servers.
10:10 - 10:40
Coffee break
10:40 - 11:20
GRID Authentication and Authorization Issues (Akos
Frohner)
PKI based
authentication solutions are commonplace today, but are not
without problems for Grid like environments (web services)
spanning multiple administrative domains. This presentation
will try to answer the questions of why we use short lifetime
certificates, where they help and what other problems they
bring; how authorization works in our Grid services, how we
manage groups (virtual organizations) and the relationship
with the local OS's security model.
11:20 - 12:00
SPAM
Fighting at CERN (Emmanuel Ormancey)
SPAM is a
growing problem and CERN mail servers have to handle a
continuously increasing amount of unsolicited mails everyday,
with the associated costs they bring. This presentation will
detail the different tools and techniques which the CERN mail
service is using to reduce the SPAM problem, including
following and anticipating the evolution of SPAM attacks and
trying to avoid false positives.
12:00 - 13:30
Lunch
13:30 - 14:10 High Throughput
v Security: firewalls and monitoring (Paolo Moroni and
Lionel Cons)
High
throughput is essential for effective processing of LHC data
across the GRID. At the same time, CERN's network users need
to be protected from the regular intrusion attempts that have
become part of today's Internet. This presentation will
describe the approach taken at CERN to balance challenging
data requirements with commodity and affordable solutions for
firewalls and network session tracking.
14:10 - 14:50 Vulnerability and Intrusion Detection: architecture
and tools (Lionel Cons)
Vulnerability
assessment and intrusion detection are two key activities of
any computer security team. This presentation will describe
the tools used at CERN (mainly based on Open Source products
such as Nmap, Nessus and Snort) and how they have been
integrated. Lessons learnt from this integration and possible
extensions will also be presented.
14:50 - 15:20
Coffee break
15:20 - 16:00 CERN's Computer Security
Challenges (Denise Heagerty)
Firewalls,
vulnerability assessment, anti-virus and intrusion detection
tools played a successful role in preventing or quickly
detecting incidents at CERN until 2003. Whilst these tools
still play a role, a new approach is needed for our current
security challenges, which include: control systems connected
to the Internet, scaling security for GRID computing, P2P and
client initiated software which dynamically opens firewall
access, personal use of computers, a travelling user base who
need to connect their own computers to our network, social
engineering and the evolution of viruses, worms and
backdoors.
16:00 - 17:00
Further discussions. Conclusions of Day 1
DAY 2
Company presentations (one-on-one with
CERN)
09:00 - 10:50
HP
11:00 - 12:50
IBM
14:00 - 15:50
Oracle
16:00 - 17:50
Intel
SJ-jft
26 April, 2004
|
