News 

Events

Press Corner

Press Releases

Press Coverage

Multimedia Corner

Partners' Spotlights

Documents

Annual Reports

Newsletter

Technical Documents

Presentations

 

openlab Phase III

Automation Controls CC

Database CC

Networking CC

Platform CC

Previous Phases

Management

Education Corner

 

Student Programme

What is it?

How to apply-2012

Students-2012

Programme-2012

About CERN openlab

What is it?

Participants

Guiding Principles

 
 
 
 

Print Version

 

 

openlab Security Workshop Presentations, 27-28 April 2004

CERN, IT Amphitheatre. Bldg. 31, 3-004

(open to people from CERN and the openlab partners)

 

Slides available from the Presentations Page

 

DAY 1                    CERN presentations

 

09:00 - 09:30        Welcome (Sverre Jarp)

                                Introduction of Participants (All)

                                Introduction to the Workshop (Sverre Jarp)

 

09:30 - 10:10        Single Sign-On across Web Services (Ernest Artiaga)

 

The current computer environment is composed by many different applications, running on different platforms, and GRID technology is going to increase this trend. Nevertheless, a mechanism for authentication and authorization is a common requirement for all these applications and, moreover, users demand this mechanism to be unique, not having to authenticate themselves for any single application, but for the whole system. This is what we call Single Sign-On. At CERN, we have investigated the feasibility of such a mechanism. Our results show that, despite the infrastructure being there (either based on PKI/Certificates or Kerberos), a number of factors prevent it from being used effectively, even for commonly used environments, such as Web Servers.

 

10:10 - 10:40        Coffee break

 

10:40 - 11:20        GRID Authentication and Authorization Issues (Akos Frohner)

 

PKI based authentication solutions are commonplace today, but are not without problems for Grid like environments (web services) spanning multiple administrative domains.  This presentation will try to answer the questions of why we use short lifetime certificates, where they help and what other problems they bring; how authorization works in our Grid services, how we manage groups (virtual organizations) and the relationship with the local OS's security model.

 

11:20 - 12:00        SPAM Fighting at CERN (Emmanuel Ormancey)

 

SPAM is a growing problem and CERN mail servers have to handle a continuously increasing amount of unsolicited mails everyday, with the associated costs they bring. This presentation will detail the different tools and techniques which the CERN mail service is using to reduce the SPAM problem, including following and anticipating the evolution of SPAM attacks and trying to avoid false positives.

 

12:00 - 13:30        Lunch

 

13:30 - 14:10        High Throughput v Security: firewalls and monitoring (Paolo Moroni and Lionel Cons)

 

High throughput is essential for effective processing of LHC data across the GRID. At the same time, CERN's network users need to be protected from the regular intrusion attempts that have become part of today's Internet. This presentation will describe the approach taken at CERN to balance challenging data requirements with commodity and affordable solutions for firewalls and network session tracking.

 

14:10 - 14:50         Vulnerability and Intrusion Detection: architecture and tools (Lionel Cons)

 

Vulnerability assessment and intrusion detection are two key activities of any computer security team. This presentation will describe the tools used at CERN (mainly based on Open Source products such as Nmap, Nessus and Snort) and how they have been integrated. Lessons learnt from this integration and possible extensions will also be presented.

     

14:50 - 15:20        Coffee break

 

15:20 - 16:00        CERN's Computer Security Challenges (Denise Heagerty)

 

Firewalls, vulnerability assessment, anti-virus and intrusion detection tools played a successful role in preventing or quickly detecting incidents at CERN until 2003. Whilst these tools still play a role, a new approach is needed for our current security challenges, which include: control systems connected to the Internet, scaling security for GRID computing, P2P and client initiated software which dynamically opens firewall access, personal use of computers, a travelling user base who need to connect their own computers to our network, social engineering and the evolution of viruses, worms and backdoors.

 

16:00 - 17:00        Further discussions. Conclusions of Day 1

 

 

 

DAY 2               Company presentations (one-on-one with CERN)

 

09:00 - 10:50        HP

 

11:00 - 12:50        IBM

 

14:00 - 15:50        Oracle

 

16:00 - 17:50        Intel

 

SJ-jft
26 April
, 2004

 

 


Last update: Thursday, 26. January 2012 13:12


Copyright CERN