session1_2

Document Sample
session1_2 Powered By Docstoc
					Grid Security Overview

 Mike Surridge, IT Innovation Centre
      ms@it-innovation.soton.ac.uk
      Grid Security Workshop,
      NESC, 05-06 Dec 2002


             © IT Innovation Centre, 2002
                    COMMERCIAL IN CONFIDENCE




                   Overview
• Introductions
• The Grid Security Problem
  – as seen by a Comb-e-Chem chemists...
  – motivation for the Rough Guide report
• Risks and issues
  – what could go wrong with our Grid security
  – lots of questions – our job is to find answers
• Issues for discussion


                     © IT Innovation Centre, 2002
                  IT Innovation
• The IT Innovation Centre is an autonomous research
  centre, alongside the research groups and industrial
  units of the Department of Electronics and Computer
  Science at the University of Southampton
• We deliver strategies, road maps, proofs-of-concept,
  demonstrators and novel operational systems
• Our innovation capabilities are in the best traditions of
  Southampton's outstanding record of technological R&D

• We have broken new ground in
  making these capabilities
  available through a dedicated
  off-campus Centre with a
  professional service culture
                       © IT Innovation Centre, 2002
          A Culture Gap
     (A Chemist’s View of Grid Security)

• Provided the user is properly
  authenticated [and you vouch for
  them] they can access [Chemistry]
  kit via the [University] firewall.
• If they want to use [University]
  kit, they will need approval from
  Computing Services.
• If anything bad happens then [you
  Chemists] are responsible, and are
  in deep trouble...
                © IT Innovation Centre, 2002
            The Rough Guide
• Intended to raise awareness of Grid security
• Aimed at
  –   project managers and principal investigators
  –   Grid users and application developers
  –   Grid infrastructure developers
  –   computing services and Grid support teams
• Conclusions
  – operational security is a team effort
  – everyone needs to be aware of the key issues

                      © IT Innovation Centre, 2002
Security Best Practice
                   • Build security in depth
                           – like a medieval castle!
                   • Assume breaches will occur
                           – don’t rely on a single barrier
                           – design for containment
                   • Continuous security
                           – intrusion detection methods
                           – security advisories and
                             updates
                           – well-defined operating
                             protocols
                           – review, challenge and audit

       © IT Innovation Centre, 2002
           Grid Authentication
• Based on strong public-key encryption
  – unlikely that a digital signature could be faked
• But operational factors are important, e.g.
  –   is the CA procedure rigorous enough for you?
  –   are the RAs trained to operate it correctly?
  –   does the certificate profile meet your needs?
  –   could the user’s private key have been lost/stolen?
  –   what if a user’s GSI proxy were hijacked?
• And...85% of intrusions come from within

                      © IT Innovation Centre, 2002
       Grid PKI
User                                  Resource




            The CA




User                                  Resource

       © IT Innovation Centre, 2002
       Conventional PKI
        CA1                                  CAn




User                                               Resource




User                                               Resource

              © IT Innovation Centre, 2002
           Grid Authorisation
• Typically done via local account mappings
   – allowing resource owners to retain control
• Difficult to implement operationally
   – local resource access controls may not exist
   – local admin teams don’t scale with the size of Grid
• Can use role-based schemes and CAS
   – but might CAS be disabled via DoS or spoofing?
   – should outsiders defined/assigned user roles?
   – who is responsible for correct role attribution...?

                      © IT Innovation Centre, 2002
           Grid Infrastructure
• Presumably security loopholes exist(!)
  – e.g buffer overflow vulnerabilities
• Security advisory/updates (Jun-Nov’02):
  –   Apache: 5 updates
  –   Sendmail/Fetchmail: 2 updates
  –   OpenSSH/OpenSSL: 4 updates
  –   DNS: 2 updates
• What about our Grid software
  – who can provide security updates rapidly?
  – how can they be distributed rapidly?
  – who will apply them?
                     © IT Innovation Centre, 2002
           Grid Applications
• Security depends on application developers
  – need awareness of classic vulnerabilities
• Uploaded user applications
  – practically uncontainable if malicious...
  – users (and their code) must be 100% trustworthy
• Legacy applications
  – not designed for secure remote operation
  – may be full of shell escapes and system calls
• Commercial applications
  – eg. Finite Element codes with VB interpreters!

                    © IT Innovation Centre, 2002
Damn Those Pesky Firewalls
     Permitted Access                                                     Managed Server
   to Restricted Services                                                   Resources

   Permitted Grid Access

                                                           New
           FIREWALL

                                                       Vulnerability




     Scanning Attacks
                                                                       User Managed
                                                                        Workstations
     Scanning Attacks




                        © IT Innovation Centre, 2002
Firewall Management Issues




                                                                       FIREWALL
              Globus GRID

                                           GRID COMPUTE
                                              SERVER




                                                                       SOAP/
                                                                       HTTPS/
                                                                        PGP
                      Campus FIREWALL




                                        GASS
                                                                       SOAP/
                                                                       HTTPS/
                                                                        PGP       3rd Party     Lab
                                                NCS                               Database    Database
                                              GATEWAY
                                               SERVER
 Remote                                           DMZ                                   Lab
Client Site                                                                          Resources
                                        © IT Innovation Centre, 2002
  Firewall Management Issues
                                      Globus GRID

                                                                                GRID
                                                                              COMPUTE
                                                                               SERVER

                                                                                    GASS

                                                               SOAP/
                                                               HTTPS/
                                                                PGP             NCS
                                                                              GATEWAY
                                                               SOAP/           SERVER
                                                               HTTPS/
              Campus FIREWALL




                                                                PGP




                                                                   FIREWALL
                                3rd Party        Lab
                                Database       Database



 Remote                                  Campus                                Lab DMZ
Client Site                              Network
                                © IT Innovation Centre, 2002
Firewalls and Containment
   Private                                                              Private
   LAN                                                   RESTRICTED        LAN
                                                           ACCESS




   Grid DMZ                      Generic Grid                          Grid DMZ
                                  Resources




                               GRID
                          INFRASTRUCTURE

                                                High Security
                                                 Resources
   Grid DMZ                                                           Grid DMZ




             RESTRICTED
   Private     ACCESS
                                                                        Private
   LAN                                                                     LAN

                          © IT Innovation Centre, 2002
         Intrusion Response
• Containment within and between Grid sites
  – firewalls, sandboxes, etc
• Detection using standard tools (Tripwire, etc)
  – what if a Grid account is compromised at another
    site?
  – how might we detect this?
  – can we assume all sites are equally vigilant?
• Coherent intrusion response between sites
  – need for consistent (and realistic) usage policies?
  – do we need multi-site project response plans?
  – do we need a UK E-Science/Grid CERT?
                     © IT Innovation Centre, 2002
         A Chemist’s Checklist
• Risk assessment and management
   – with computing services involvement and support
   – what are the critical resources and risks?
• Technology choices
   – taking account of advisory services, etc
   – backed up by sufficient training?
• Consistent operation and usage policies
   – including firewalls, intrusion detection, sanctions, response
     plans,...
• User training and awareness
• Continuous review

                          © IT Innovation Centre, 2002
                       Summary
• Grid technology: pretty good but not well tested
   –   need for multiple PKI and/or CA?
   –   need for operable authorisation mechanisms?
   –   need for coherent intrusion containment/detection strategy?
• Operational issues just as important
   –   risk assessment and asset management/protection?
   –   need for advisories and updates?
   –   need for coherent intrusion responses or CERT?
• People must be the key to success
   – need for awareness raising and training?
   – how to get buy-in from sys/net admin teams?
   – how to address human factors?
                          © IT Innovation Centre, 2002

				
DOCUMENT INFO
Description: grid computing security