Document Sample
session1_2 Powered By Docstoc
					Grid Security Overview

 Mike Surridge, IT Innovation Centre
      Grid Security Workshop,
      NESC, 05-06 Dec 2002

             © IT Innovation Centre, 2002
                    COMMERCIAL IN CONFIDENCE

• Introductions
• The Grid Security Problem
  – as seen by a Comb-e-Chem chemists...
  – motivation for the Rough Guide report
• Risks and issues
  – what could go wrong with our Grid security
  – lots of questions – our job is to find answers
• Issues for discussion

                     © IT Innovation Centre, 2002
                  IT Innovation
• The IT Innovation Centre is an autonomous research
  centre, alongside the research groups and industrial
  units of the Department of Electronics and Computer
  Science at the University of Southampton
• We deliver strategies, road maps, proofs-of-concept,
  demonstrators and novel operational systems
• Our innovation capabilities are in the best traditions of
  Southampton's outstanding record of technological R&D

• We have broken new ground in
  making these capabilities
  available through a dedicated
  off-campus Centre with a
  professional service culture
                       © IT Innovation Centre, 2002
          A Culture Gap
     (A Chemist’s View of Grid Security)

• Provided the user is properly
  authenticated [and you vouch for
  them] they can access [Chemistry]
  kit via the [University] firewall.
• If they want to use [University]
  kit, they will need approval from
  Computing Services.
• If anything bad happens then [you
  Chemists] are responsible, and are
  in deep trouble...
                © IT Innovation Centre, 2002
            The Rough Guide
• Intended to raise awareness of Grid security
• Aimed at
  –   project managers and principal investigators
  –   Grid users and application developers
  –   Grid infrastructure developers
  –   computing services and Grid support teams
• Conclusions
  – operational security is a team effort
  – everyone needs to be aware of the key issues

                      © IT Innovation Centre, 2002
Security Best Practice
                   • Build security in depth
                           – like a medieval castle!
                   • Assume breaches will occur
                           – don’t rely on a single barrier
                           – design for containment
                   • Continuous security
                           – intrusion detection methods
                           – security advisories and
                           – well-defined operating
                           – review, challenge and audit

       © IT Innovation Centre, 2002
           Grid Authentication
• Based on strong public-key encryption
  – unlikely that a digital signature could be faked
• But operational factors are important, e.g.
  –   is the CA procedure rigorous enough for you?
  –   are the RAs trained to operate it correctly?
  –   does the certificate profile meet your needs?
  –   could the user’s private key have been lost/stolen?
  –   what if a user’s GSI proxy were hijacked?
• And...85% of intrusions come from within

                      © IT Innovation Centre, 2002
       Grid PKI
User                                  Resource

            The CA

User                                  Resource

       © IT Innovation Centre, 2002
       Conventional PKI
        CA1                                  CAn

User                                               Resource

User                                               Resource

              © IT Innovation Centre, 2002
           Grid Authorisation
• Typically done via local account mappings
   – allowing resource owners to retain control
• Difficult to implement operationally
   – local resource access controls may not exist
   – local admin teams don’t scale with the size of Grid
• Can use role-based schemes and CAS
   – but might CAS be disabled via DoS or spoofing?
   – should outsiders defined/assigned user roles?
   – who is responsible for correct role attribution...?

                      © IT Innovation Centre, 2002
           Grid Infrastructure
• Presumably security loopholes exist(!)
  – e.g buffer overflow vulnerabilities
• Security advisory/updates (Jun-Nov’02):
  –   Apache: 5 updates
  –   Sendmail/Fetchmail: 2 updates
  –   OpenSSH/OpenSSL: 4 updates
  –   DNS: 2 updates
• What about our Grid software
  – who can provide security updates rapidly?
  – how can they be distributed rapidly?
  – who will apply them?
                     © IT Innovation Centre, 2002
           Grid Applications
• Security depends on application developers
  – need awareness of classic vulnerabilities
• Uploaded user applications
  – practically uncontainable if malicious...
  – users (and their code) must be 100% trustworthy
• Legacy applications
  – not designed for secure remote operation
  – may be full of shell escapes and system calls
• Commercial applications
  – eg. Finite Element codes with VB interpreters!

                    © IT Innovation Centre, 2002
Damn Those Pesky Firewalls
     Permitted Access                                                     Managed Server
   to Restricted Services                                                   Resources

   Permitted Grid Access



     Scanning Attacks
                                                                       User Managed
     Scanning Attacks

                        © IT Innovation Centre, 2002
Firewall Management Issues

              Globus GRID

                                           GRID COMPUTE

                      Campus FIREWALL

                                                                        PGP       3rd Party     Lab
                                                NCS                               Database    Database
 Remote                                           DMZ                                   Lab
Client Site                                                                          Resources
                                        © IT Innovation Centre, 2002
  Firewall Management Issues
                                      Globus GRID



                                                                PGP             NCS
                                                               SOAP/           SERVER
              Campus FIREWALL


                                3rd Party        Lab
                                Database       Database

 Remote                                  Campus                                Lab DMZ
Client Site                              Network
                                © IT Innovation Centre, 2002
Firewalls and Containment
   Private                                                              Private
   LAN                                                   RESTRICTED        LAN

   Grid DMZ                      Generic Grid                          Grid DMZ


                                                High Security
   Grid DMZ                                                           Grid DMZ

   Private     ACCESS
   LAN                                                                     LAN

                          © IT Innovation Centre, 2002
         Intrusion Response
• Containment within and between Grid sites
  – firewalls, sandboxes, etc
• Detection using standard tools (Tripwire, etc)
  – what if a Grid account is compromised at another
  – how might we detect this?
  – can we assume all sites are equally vigilant?
• Coherent intrusion response between sites
  – need for consistent (and realistic) usage policies?
  – do we need multi-site project response plans?
  – do we need a UK E-Science/Grid CERT?
                     © IT Innovation Centre, 2002
         A Chemist’s Checklist
• Risk assessment and management
   – with computing services involvement and support
   – what are the critical resources and risks?
• Technology choices
   – taking account of advisory services, etc
   – backed up by sufficient training?
• Consistent operation and usage policies
   – including firewalls, intrusion detection, sanctions, response
• User training and awareness
• Continuous review

                          © IT Innovation Centre, 2002
• Grid technology: pretty good but not well tested
   –   need for multiple PKI and/or CA?
   –   need for operable authorisation mechanisms?
   –   need for coherent intrusion containment/detection strategy?
• Operational issues just as important
   –   risk assessment and asset management/protection?
   –   need for advisories and updates?
   –   need for coherent intrusion responses or CERT?
• People must be the key to success
   – need for awareness raising and training?
   – how to get buy-in from sys/net admin teams?
   – how to address human factors?
                          © IT Innovation Centre, 2002

Description: grid computing security