Summary from CA coordination and Security working group meeting

Save this PDF as:
Size: px
Start display at page:

Download "Summary from CA coordination and Security working group meeting"

Transcription

1 Summary from CA coordination and Security working group meeting WP4 workshop

2 Security related meetings summary Certification Authorities coordination Organizationally a working group of WP6 Coordinates efforts for certification in various counties Gives guidance to new CA s now setting up Sets minimum standards for trustworthy CA s DataGrid Security coordination meeting Interested individuals concerned with security in the DataGrid at large Forum for security architecture discussions Coordination of security efforts within the WP s David Groep CA and DG security wg

3 Certification Authorities Currently 8 Certification Authorities: CERN (Pietro Martucci) INFN (Roberto Cecchini) DutchGrid/NIKHEF (David Groep) UKHEP (Andrew Sansum) CNRS datagrid-fr (Jean-Luc Archimbaud) LIP (Jorge Gomes) CESnet (Milan Sova and Daniel Kouril) Spain is preparing, Russia will start preparing David Groep CA and DG security wg

4 Certification minimal requirements Minimal requirements for certification authorities defined Non-networked machine Documented Certification Policy and Practice Statement (CP/CPS) Traceability of CPS in effect at time of signing (using OID s) CRL issuing required, lifetime between 7 and 30 days Relying parties should retrieve CRL preferably every day There will be no on-site auditing, we will crosscheck each others CP/CPS Entities should generate own key pairs (CA must not know!) Activity on recommending best-practice Grid CP/CPS in GGF (DataGrid has no manpower to get heavily involved) Drafted a list of recommended cert extensions David Groep CA and DG security wg

5 Certification Authorities in a Fabric None of the national CAs is prepared to issue host certificates to all hosts in a farm OK to apply for gatekeeper certs for LSF masters and such OK also for test bed 1 hosts with fork job manager WP4 has already a possible solution: FLIDS Automatic CRL retrieval, use the GetCerts package from cron soon to be included in WP6 distribution, now from DutchGrid CA site David Groep CA and DG security wg

6 Certification Authorities, Administrative A ca-coordination mailing is being set up by Dave Kelsey List can be used for incident reporting See also Detailed notes to be found from David Groep CA and DG security wg

7 DataGrid Security working group

8 DG Security-wg aims Identify security requirements and deliverables witin the WPs Implications of security on the DataGrid architecture (urgent) Identify lacking resources Self-organisation Extensive discussions planned for Lecce with Steve Tuecke David Groep CA and DG security wg

9 Security per Work Package (1) WP1 Will be managing the user s identities Jobs will probably run with the identity of the original user The applications don t care, as long as: Roles can be assigned to users and Quota can be associated with roles A user can have multiple roles (in different sessions), but only one cert WP2 Same issue with ownership of replicated files. Not resolved yet. David Groep CA and DG security wg

10 Security per Work Package (2) WP3 Will start using MDS-2 in PM9 Will have added GSI security, but does not use LDAP access rights No sub tree or element access control, just grid mapfile Only just started thinking about security issues for >PM9 WP4 Presented use case of job submission, GjMS, LCAS, LCMAPS & FLIDS For grid info services use WP3 framework GridGate should be relabelled NAT box No security comments on install-a-fresh-box use case David Groep CA and DG security wg

11 WP5 WP7 Security per Work Package (3) Will store files by uid/gid Will need a grid mapfile May be different form the one used by ComputeElement YAGM: Yet Another Grid Mapfile Interesting: they have three security deliverables and some committed manpower (PPARC 18 pm/3y, CERN 12 pm/3y, INFN & CNRS also) No-one in WP7 cares about security at large Only competent in network-layer security, so work might be done under ATF umbrella, formally staying in WP7 Once and for all: VPNs are a bad thing. The effort for the VPN test bed is going into a document to prove VPNs are useless DoS attacks will be the real issue in network security David Groep CA and DG security wg

12 Security per Work Package (4) WP8,10 (applications) Want less fuss with national CA s (150 counties in LHC!) sorry! Want single signon: one identity and multiple roles (1 role per session) Autorization by VO, VO decides on quota and groups Requirement common to all applications justify a common solution (CAS) Applications want to keep local site in control, but Local sites should publish their policies (abstracted) to show they are complying with the agreed MoUs Want a good USERS GUIDE WP10 has a lot of sensitive data, encryption preferred on application level anonymous ftp like areas, but restricted to any biologist David Groep CA and DG security wg

13 Policy language Obvious candidate is the work of the IRTF AAAARCH group Generic policy language currently an IRTF draft Or David Groep CA and DG security wg

14 Interaction between CE and SE Details: ATF (Germán) Some consensus seems to be Use GridFTP for for remote and local access to a SE Applications are prepared to refrain from local file system access (not use open(2)) Except for some scratch storage like /tmp Legacy applications should pre-declare their files To prevent rouge applications, the binaries may be signed The receiving end should verify the signature Users can make no assumptions about a local identity anywhere (gsi-ssh) David Groep CA and DG security wg

15 Firewall issues Current state on port numbers used is unclear Especially for return ports and user dynamic ports Nice to have all future access use predefined static ports, Providing secure gateways into the local fabric Like the WP4 proposal To be able to selective block malicious access David Groep CA and DG security wg

16 User mapping management for PM9 INFN: LDAP directory of users and groups generates a gridmapfile URL not yet defined Manchester: gridmapdir patch Possibly included in new Globus release by default Uid issues: most systems do 4 billion uids, but Linux = 2.2.x only 64K? David Groep CA and DG security wg

17 Future of the security working group Dave Kelsey will propose a somewhat more formal body to the PTB Should be driven by 3 named persons, to come from the three sites with committed effort (PPARC, INFN, CNRS) Lot of others should review documents and/or write a few pages for the architecture Framework for architecture given by DaveK Requirements by September/October Final Security architecture deliverable is in PM12 Detailed notes at David Groep CA and DG security wg

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr

Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Certificate Policy and Certification Practice Statement CNRS/CNRS-Projets/Datagrid-fr Version 0.3 August 2002 Online : http://www.urec.cnrs.fr/igc/doc/datagrid-fr.policy.pdf Old versions Version 0.2 :

More information

Roberto Barbera. Centralized bookkeeping and monitoring in ALICE

Roberto Barbera. Centralized bookkeeping and monitoring in ALICE Centralized bookkeeping and monitoring in ALICE CHEP INFN 2000, GRID 10.02.2000 WP6, 24.07.2001 Roberto 1 Barbera ALICE and the GRID Phase I: AliRoot production The GRID Powered by ROOT 2 How did we get

More information

GT 6.0 GSI C Security: Key Concepts

GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts GT 6.0 GSI C Security: Key Concepts Overview GSI uses public key cryptography (also known as asymmetric cryptography) as the basis for its functionality. Many of the

More information

2 Transport-level and Message-level Security

2 Transport-level and Message-level Security Globus Toolkit Version 4 Grid Security Infrastructure: A Standards Perspective The Globus Security Team 1 Version 4 updated September 12, 2005 Abstract This document provides an overview of the Grid Security

More information

GRIP:Creating Interoperability between Grids

GRIP:Creating Interoperability between Grids GRIP:Creating Interoperability between Grids Philipp Wieder, Dietmar Erwin, Roger Menday Research Centre Jülich EuroGrid Workshop Cracow, October 29, 2003 Contents Motivation Software Base at a Glance

More information

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference

Architecture and Data Flow Overview. BlackBerry Enterprise Service 10 721-08877-123 Version: 10.2. Quick Reference Architecture and Data Flow Overview BlackBerry Enterprise Service 10 721-08877-123 Version: Quick Reference Published: 2013-11-28 SWD-20131128130321045 Contents Key components of BlackBerry Enterprise

More information

Managing Credentials with

Managing Credentials with Managing Credentials with MyProxy Jim Basney National Center for Supercomputing Applications University of Illinois jbasney@ncsa.uiuc.edu http://myproxy.ncsa.uiuc.edu/ What is MyProxy? A service for managing

More information

Using Microsoft Active Directory for Checkpoint NG AI SecureClient

Using Microsoft Active Directory for Checkpoint NG AI SecureClient Using Microsoft Active Directory for Checkpoint NG AI SecureClient Dave Crowfoot www.works4me.com dave@works4me.com This is the solution that I came up with to utilize MS Active directory to authenticate

More information

Jan Astalos Department of Parallel and Distributed Computing Institute of Informatics Slovak Academy of Sciences http://www.ui.sav.

Jan Astalos Department of Parallel and Distributed Computing Institute of Informatics Slovak Academy of Sciences http://www.ui.sav. IISAS Certification Authority Jan Astalos Department of Parallel and Distributed Computing Institute of Informatics Slovak Academy of Sciences http://www.ui.sav.sk IISAS and CrossGrid Grid application

More information

INFN Testbed status report

INFN Testbed status report L. Gaido Oxford July, 2-5 2001 1 Dedicated resources (available now) Quantum Grid: 3-4 PCs in 15 sites: Bari, Bologna, Cagliari, Catania, Cnaf, Ferrara, Lecce, Legnaro, Milano, Napoli, Padova, Parma, Pisa,

More information

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0

ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 ESnet SSL CA service Certificate Policy And Certification Practice Statement Version 1.0 June 30, 2004 Table of Contents Table of Contents...2 1 Introduction...3 1.1 Overview...3 1.1.1 General Definitions...4

More information

Grid security infrastructure based on Globus Toolkit

Grid security infrastructure based on Globus Toolkit Grid security infrastructure based on Globus Toolkit Valentin Vidić vvidic@irb.hr Center for Informatics and Computing Ruder Bošković Institute Bijenička cesta 54, Zagreb, Croatia January 2006 Abstract

More information

MapCenter: An Open Grid Status Visualization Tool

MapCenter: An Open Grid Status Visualization Tool MapCenter: An Open Grid Status Visualization Tool Franck Bonnassieux Robert Harakaly Pascale Primet UREC CNRS UREC CNRS RESO INRIA ENS Lyon, France ENS Lyon, France ENS Lyon, France franck.bonnassieux@ens-lyon.fr

More information

The ENEA-EGEE site: Access to non-standard platforms

The ENEA-EGEE site: Access to non-standard platforms V INFNGrid Workshop Padova, Italy December 18-20 2006 The ENEA-EGEE site: Access to non-standard platforms C. Sciò**, G. Bracco, P. D'Angelo, L. Giammarino*, S.Migliori, A. Quintiliani, F. Simoni, S. Podda

More information

Administering the Web Server (IIS) Role of Windows Server

Administering the Web Server (IIS) Role of Windows Server Course 10972A: Administering the Web Server (IIS) Role of Windows Server Course Details Course Outline Module 1: Overview and Installing Internet Information Services In this module students will learn

More information

Using Globus Toolkit

Using Globus Toolkit Using Globus Toolkit G. Poghosyan & D. Nilsen GridKa School 11-15 September 2006 Basic Grid Services in GT Security Services GSI (Grid Security Infrastructure) Data Services GridFTP RFT (Reliable File

More information

The ENEA gateway approach providing EGEE/gLite access to unsupported platforms and operating systems

The ENEA gateway approach providing EGEE/gLite access to unsupported platforms and operating systems EU-IndiaGrid Workshop Taipei, November 2nd 2007 The ENEA gateway approach providing EGEE/gLite access to unsupported platforms and operating systems G. Bracco, S.Migliori, A. Quintiliani, A. Santoro, C.

More information

MIGRATING DESKTOP AND ROAMING ACCESS. Migrating Desktop and Roaming Access Whitepaper

MIGRATING DESKTOP AND ROAMING ACCESS. Migrating Desktop and Roaming Access Whitepaper Migrating Desktop and Roaming Access Whitepaper Poznan Supercomputing and Networking Center Noskowskiego 12/14 61-704 Poznan, POLAND 2004, April white-paper-md-ras.doc 1/11 1 Product overview In this whitepaper

More information

Concepts and Architecture of the Grid. Summary of Grid 2, Chapter 4

Concepts and Architecture of the Grid. Summary of Grid 2, Chapter 4 Concepts and Architecture of the Grid Summary of Grid 2, Chapter 4 Concepts of Grid Mantra: Coordinated resource sharing and problem solving in dynamic, multi-institutional virtual organizations Allows

More information

Implementing Secure Sockets Layer on iseries

Implementing Secure Sockets Layer on iseries Implementing Secure Sockets Layer on iseries Presented by Barbara Brown Alliance Systems & Programming, Inc. Agenda SSL Concepts Digital Certificate Manager Local Certificate Authority Server Certificates

More information

Security in OSG. Tuesday afternoon, 3:15pm. Igor Sfiligoi <isfiligoi@ucsd.edu> Member of the OSG Security team University of California San Diego

Security in OSG. Tuesday afternoon, 3:15pm. Igor Sfiligoi <isfiligoi@ucsd.edu> Member of the OSG Security team University of California San Diego Security in OSG Tuesday afternoon, 3:15pm Igor Sfiligoi Member of the OSG Security team University of California San Diego Logistical reminder It is OK to ask questions - During the

More information

(RH 7.3, gcc 2.95.2,VDT 1.1.6, EDG 1.4.3, GLUE, RLS) Tokyo BNL TAIWAN RAL 20/03/2003 20/03/2003 CERN 15/03/2003 15/03/2003 FNAL 10/04/2003 CNAF

(RH 7.3, gcc 2.95.2,VDT 1.1.6, EDG 1.4.3, GLUE, RLS) Tokyo BNL TAIWAN RAL 20/03/2003 20/03/2003 CERN 15/03/2003 15/03/2003 FNAL 10/04/2003 CNAF Our a c t i v i t i e s & c o n c e rn s E D G - L C G t r a n s i t i o n / c o n v e r g e n c e p l a n EDG s i d e : i n t e g r a t i o n o f n e w m i d d l e w a r e, t e s t b e d e v a l u a t

More information

ARC Computing Element

ARC Computing Element NORDUGRID NORDUGRID-MANUAL-20 15/7/2015 ARC Computing Element System Administrator Guide F. Paganelli, Zs. Nagy, O. Smirnova, and various contributions from all ARC developers Contents 1 Overview 9 1.1

More information

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 9

Course Description. Course Audience. Course Outline. Course Page - Page 1 of 9 Course Page - Page 1 of 9 Administering the Web Server (IIS) Role of Windows Server M-10972 Length: 5 days Price: $2,795.00 Course Description This course provides students with the fundamental knowledge

More information

Secure Software Programming and Vulnerability Analysis

Secure Software Programming and Vulnerability Analysis Secure Software Programming and Vulnerability Analysis Christopher Kruegel chris@auto.tuwien.ac.at http://www.auto.tuwien.ac.at/~chris Operations and Denial of Service Secure Software Programming 2 Overview

More information

GridPP36 Security Report

GridPP36 Security Report GridPP36 Security Report Ian Neilson GridPP Security Officer 12/04/2016 Gridpp36, Pitlochry Slide Security Report Operational Security Policy Updates Collaborations & Projects Future Work ARGUS Ban Tests

More information

Danske Bank Group Certificate Policy

Danske Bank Group Certificate Policy Document history Version Date Remarks 1.0 19-05-2011 finalized 1.01 15-11-2012 URL updated after web page restructuring. 2 Table of Contents 1. Introduction... 4 2. Policy administration... 4 2.1 Overview...

More information

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys

Network Security: Public Key Infrastructure. Key Distribution - Secret Keys. Key Distribution - Secret Keys Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys What if

More information

Grid Engine. The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How)

Grid Engine. The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How) The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How) Grid Engine Riccardo Rotondo (riccardo.rotondo@garr.it) Consortium GARR Joint CHAIN/EPIKH School for Application Porting to Science

More information

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support

SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support SonicOS Enhanced 3.2 LDAP Integration with Microsoft Active Directory and Novell edirectory Support Document Scope This document describes the integration of SonicOS Enhanced 3.2 with Lightweight Directory

More information

Directory and File Transfer Services. Chapter 7

Directory and File Transfer Services. Chapter 7 Directory and File Transfer Services Chapter 7 Learning Objectives Explain benefits offered by centralized enterprise directory services such as LDAP over traditional authentication systems Identify major

More information

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM

TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM TEXAS AGRILIFE SERVER MANAGEMENT PROGRAM Policy Compliancy Checklist September 2014 The server management responsibilities described within are required to be performed per University, Agency or State

More information

Bugzilla ID: Bugzilla Summary:

Bugzilla ID: Bugzilla Summary: Bugzilla ID: Bugzilla Summary: CAs wishing to have their certificates included in Mozilla products must 1) Comply with the requirements of the Mozilla CA certificate policy (http://www.mozilla.org/projects/security/certs/policy/)

More information

How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG)

How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG) How to use mobilecho with Microsoft Forefront Threat Management Gateway (TMG) Introduction Understanding Forefront Threat Management Gateway (TMG) Network Topology Understanding Forefront Threat Management

More information

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft]

Cox Managed CPE Services. RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] Cox Managed CPE Services RADIUS Authentication for AnyConnect VPN Version 1.3 [Draft] September, 2015 2015 by Cox Communications. All rights reserved. No part of this document may be reproduced or transmitted

More information

University of Maryland Active Directory Policies

University of Maryland Active Directory Policies University of Maryland Active Directory Policies Purpose of this policy Scope AD Forest Forest Schema & Data Visibility Account and Group Synchronization Account Creation and Password Forest Security Principle

More information

Resource Management on Computational Grids

Resource Management on Computational Grids Univeristà Ca Foscari, Venezia http://www.dsi.unive.it Resource Management on Computational Grids Paolo Palmerini Dottorato di ricerca di Informatica (anno I, ciclo II) email: palmeri@dsi.unive.it 1/29

More information

Use of The Information Services Active Directory Service (AD) Code of Practice

Use of The Information Services Active Directory Service (AD) Code of Practice Use of The Information Services Active Directory Service (AD) Code of Practice Introduction This code of practice is intended to support the Information Security Policy of the University and should be

More information

Monitoring Message Passing Applications in the Grid

Monitoring Message Passing Applications in the Grid Monitoring Message Passing Applications in the Grid with GRM and R-GMA Norbert Podhorszki and Peter Kacsuk MTA SZTAKI, Budapest, H-1528 P.O.Box 63, Hungary pnorbert@sztaki.hu, kacsuk@sztaki.hu Abstract.

More information

My FreeScan Vulnerabilities Report

My FreeScan Vulnerabilities Report Page 1 of 6 My FreeScan Vulnerabilities Report Print Help For 66.40.6.179 on Feb 07, 008 Thank you for trying FreeScan. Below you'll find the complete results of your scan, including whether or not the

More information

Network monitoring in DataGRID project

Network monitoring in DataGRID project Network monitoring in DataGRID project Franck Bonnassieux (CNRS) franck.bonnassieux@ens-lyon.fr 1st SCAMPI Workshop 27 Jan. 2003 DataGRID Network Monitoring Outline DataGRID network Specificity of Grid

More information

Configuring Digital Certificates

Configuring Digital Certificates CHAPTER 36 This chapter describes how to configure digital certificates and includes the following sections: Information About Digital Certificates, page 36-1 Licensing Requirements for Digital Certificates,

More information

Chapter 2 Editor s Note:

Chapter 2 Editor s Note: [Editor s Note: The following content was excerpted from the free ebook The Tips and Tricks Guide to Securing Windows Server 2003 (Realtimepublishers.com) written by Roberta Bragg and available at http://www.netiq.com/offers/ebooks.]

More information

Security + Certification (ITSY 1076) Syllabus

Security + Certification (ITSY 1076) Syllabus Security + Certification (ITSY 1076) Syllabus Course: ITSY 1076 Security+ 40 hours Course Description: This course is targeted toward an Information Technology (IT) professional who has networking and

More information

Authorization Strategies for Virtualized Environments in Grid Computing Systems

Authorization Strategies for Virtualized Environments in Grid Computing Systems Authorization Strategies for Virtualized Environments in Grid Computing Systems Xinming Ou Anna Squicciarini Sebastien Goasguen Elisa Bertino Purdue University Abstract The development of adequate security

More information

MS 10972A Administering the Web Server (IIS) Role of Windows Server

MS 10972A Administering the Web Server (IIS) Role of Windows Server MS 10972A Administering the Web Server (IIS) Role of Windows Server Description: Days: 5 Prerequisites: This course provides students with the fundamental knowledge and skills to configure and manage Internet

More information

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1

Industrial Network Security for SCADA, Automation, Process Control and PLC Systems. Contents. 1 An Introduction to Industrial Network Security 1 Industrial Network Security for SCADA, Automation, Process Control and PLC Systems Contents 1 An Introduction to Industrial Network Security 1 1.1 Course overview 1 1.2 The evolution of networking 1 1.3

More information

Analisi di un servizio SRM: StoRM

Analisi di un servizio SRM: StoRM 27 November 2007 General Parallel File System (GPFS) The StoRM service Deployment configuration Authorization and ACLs Conclusions. Definition of terms Definition of terms 1/2 Distributed File System The

More information

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series

User Guide Supplement. S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series User Guide Supplement S/MIME Support Package for BlackBerry Smartphones BlackBerry Pearl 8100 Series SWD-292878-0324093908-001 Contents Certificates...3 Certificate basics...3 Certificate status...5 Certificate

More information

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1

Compiled By: Chris Presland v1.0. 29 th September. Revision History Phil Underwood v1.1 Compiled By: Chris Presland v1.0 Date 29 th September Revision History Phil Underwood v1.1 This document describes how to integrate Checkpoint VPN with SecurEnvoy twofactor Authentication solution called

More information

10972-Administering the Web Server (IIS) Role of Windows Server

10972-Administering the Web Server (IIS) Role of Windows Server Course Outline 10972-Administering the Web Server (IIS) Role of Windows Server Duration: 5 days (30 hours) Target Audience: This course is intended for IT Professionals already experienced in general Windows

More information

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1

Brocade Engineering. PKI Tutorial. Jim Kleinsteiber. February 6, 2002. Page 1 PKI Tutorial Jim Kleinsteiber February 6, 2002 Page 1 Outline Public Key Cryptography Refresher Course Public / Private Key Pair Public-Key Is it really yours? Digital Certificate Certificate Authority

More information

Plateforme de Calcul pour les Sciences du Vivant. SRB & glite. V. Breton. http://clrpcsv.in2p3.fr

Plateforme de Calcul pour les Sciences du Vivant. SRB & glite. V. Breton. http://clrpcsv.in2p3.fr SRB & glite V. Breton http://clrpcsv.in2p3.fr Introduction Goal: evaluation of existing technologies for data and tools integration and deployment Data and tools integration should be addressed using web

More information

TRUST RELATIONSHIPS AND SINGLE SIGN-ON IN GRID BASED DATA WAREHOUSES

TRUST RELATIONSHIPS AND SINGLE SIGN-ON IN GRID BASED DATA WAREHOUSES TRUST RELATIONSHIPS AND SINGLE SIGN-ON IN GRID BASED DATA WAREHOUSES Xiaoyu Li a and Maree Pather b a Department of Information Technology, Nelson Mandela Metropolitan University b Department of Applied

More information

Faking Extended Validation SSL Certificates in Internet Explorer 7

Faking Extended Validation SSL Certificates in Internet Explorer 7 Page 1 of 11 Faking Extended Validation SSL Certificates in Internet Explorer 7 June 7 th 2007, V1.1 Martin Christinat, CTO, christinat@.ch Abstract Extended Validation (EV) SSL certificates are a new

More information

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual

Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123. Instructor Manual Troubleshooting BlackBerry Enterprise Service 10 version 10.1.1 726-08745-123 Instructor Manual Published: 2013-07-02 SWD-20130702091645092 Contents Advance preparation...7 Required materials...7 Topics

More information

Cyber Essentials. Test Specification

Cyber Essentials. Test Specification Cyber Essentials Test Specification Contents Scope of the Audit...2 Assumptions...3 Success Criteria...3 External systems...4 Required tests...4 Test Details...4 Internal systems...7 Tester pre-requisites...8

More information

DIGIPASS Authentication for Check Point Security Gateways

DIGIPASS Authentication for Check Point Security Gateways DIGIPASS Authentication for Check Point Security Gateways With IDENTIKEY Server 2009 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 38 Disclaimer Disclaimer of Warranties and

More information

Cyber Essentials Questionnaire

Cyber Essentials Questionnaire Cyber Essentials Questionnaire Introduction The Cyber Essentials scheme is recommended for organisations looking for a base level Cyber security test where IT is a business enabler rather than a core deliverable.

More information

What Are They, and What Are They Doing in My Browser?

What Are They, and What Are They Doing in My Browser? Digital Certificates, p.1 07/29/02 Digital Certificates What Are They, and What Are They Doing in My Browser? By Judith V. Boettcher and Amanda Powell Digital certificates provide a means to authenticate

More information

Extranet Access Management Web Access Control for New Business Services

Extranet Access Management Web Access Control for New Business Services Extranet Access Management Web Access Control for New Business Services An Evidian White Paper Increase your revenue and the ROI for your Web portals Summary Increase Revenue Secure Web Access Control

More information

globus online Integrating with Globus Online Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory

globus online Integrating with Globus Online Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory globus online Integrating with Globus Online Steve Tuecke Computation Institute University of Chicago and Argonne National Laboratory Types of integration Resource integration Connect campus, project,

More information

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016

National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy. Version 1.1. February 2, 2016 National Identity Exchange Federation (NIEF) Trustmark Signing Certificate Policy Version 1.1 February 2, 2016 Copyright 2016, Georgia Tech Research Institute Table of Contents TABLE OF CONTENTS I 1 INTRODUCTION

More information

Introduction to the MISD Web FTP Client

Introduction to the MISD Web FTP Client Introduction to the MISD Web FTP Client What is FTP? FTP stands for File Transfer Protocol. It is an Internet service that allows users to copy files to or from computers which hold collections of files.

More information

Advanced Administration

Advanced Administration BlackBerry Enterprise Service 10 BlackBerry Device Service Version: 10.2 Advanced Administration Guide Published: 2014-09-10 SWD-20140909133530796 Contents 1 Introduction...11 About this guide...12 What

More information

Ram Dantu. VOIP: Are We Secured?

Ram Dantu. VOIP: Are We Secured? Ram Dantu Professor, Computer Science and Engineering Director, Center for Information and Computer Security University of North Texas rdantu@unt.edu www.cse.unt.edu/~rdantu VOIP: Are We Secured? 04/09/2012

More information

Implementing Secure Sockets Layer (SSL) on i

Implementing Secure Sockets Layer (SSL) on i Implementing Secure Sockets Layer (SSL) on i Presented by Barbara Brown Alliance Systems & Programming, Inc. Agenda SSL Concepts History of SSL Digital Certificate Manager Local Certificate Authority Server

More information

Grid and Cloud Computing at LRZ Dr. Helmut Heller, Group Leader Distributed Resources Group

Grid and Cloud Computing at LRZ Dr. Helmut Heller, Group Leader Distributed Resources Group Grid and Cloud Computing at LRZ Dr. Helmut Heller, Group Leader Distributed Resources Group Overview Grid: http://www.grid.lrz.de What is Grid computing? Advantages of Grid computing (why you should use

More information

Integrating a heterogeneous and shared Linux cluster into grids

Integrating a heterogeneous and shared Linux cluster into grids Integrating a heterogeneous and shared Linux cluster into grids 1,2 1 1,2 1 V. Büge, U. Felzmann, C. Jung, U. Kerzel, 1 1 1 M. Kreps, G. Quast, A. Vest 1 2 DPG Frühjahrstagung March 28 31, 2006 Dortmund

More information

Network Security Policy De Montfort University January 2006

Network Security Policy De Montfort University January 2006 Network Security Policy De Montfort University January 2006 Page 1 of 18 Contents 1 INTRODUCTION 1.1 Background... 1.2 Purpose and Scope... 1.3 Validity... 1.4 Assumptions... 1.5 Definitions... 1.6 References..

More information

WEDI/AFEHCT Internet Encryption Interoperability Pilot

WEDI/AFEHCT Internet Encryption Interoperability Pilot WEDI/AFEHCT Internet Encryption Interoperability Pilot WEDI Board Meeting September 26, 2000 - Phoenix Hyatt Kepa Zubeldia, M.D. Vice President, Technology ENVOY Corporation Why a Pilot HIPAA NPRM Technology

More information

Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013

Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013 Presenting Mongoose A New Approach to Traffic Capture (patent pending) presented by Ron McLeod and Ashraf Abu Sharekh January 2013 Outline Genesis - why we built it, where and when did the idea begin Issues

More information

FIREWALL POLICY November 2006 TNS POL - 008

FIREWALL POLICY November 2006 TNS POL - 008 FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and

More information

GSI Credential Management with MyProxy

GSI Credential Management with MyProxy GSI Credential Management with MyProxy GGF8 Production Grid Management RG Workshop June 26, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://myproxy.ncsa.uiuc.edu/ MyProxy Online repository of encrypted GSI

More information

Release Notes for Version 1.5.207

Release Notes for Version 1.5.207 Release Notes for Version 1.5.207 Created: March 9, 2015 Table of Contents What s New... 3 Fixes... 3 System Requirements... 3 Stonesoft Appliances... 3 Build Version... 4 Product Binary Checksums... 4

More information

Managing Remote Access

Managing Remote Access VMWARE TECHNICAL NOTE VMware ACE Managing Remote Access This technical note explains how to use VMware ACE to manage remote access through VPN to a corporate network. This document contains the following

More information

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications

Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS QUARTER 2 NETWORKING AND OPERATING SYSTEMS ESSENTIALS. Module 1 - Office Applications NETWORK ENGINEERING TRACK Linux Technologies QUARTER 1 DESKTOP APPLICATIONS - ESSENTIALS Module 1 - Office Applications This subject enables users to acquire the necessary knowledge and skills to use Office

More information

OIS. Update on Windows 7 at CERN & Remote Desktop Gateway. Operating Systems & Information Services CERN IT-OIS

OIS. Update on Windows 7 at CERN & Remote Desktop Gateway. Operating Systems & Information Services CERN IT-OIS Operating Systems & Information Services Update on Windows 7 at CERN & Remote Desktop Gateway CERN IT-OIS Tim Bell, Michal Kwiatek, Michal Budzowski, Andreas Wagner HEPiX Fall 2010 Workshop 4th November

More information

Security Digital Certificate Manager

Security Digital Certificate Manager System i Security Digital Certificate Manager Version 5 Release 4 System i Security Digital Certificate Manager Version 5 Release 4 Note Before using this information and the product it supports, be sure

More information

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN

INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456. Aristotle University of Thessaloniki PKI (www.pki.auth.gr) WHOM IT MAY CONCERN Title INDEPENDENT AUDIT REPORT BASED ON THE REQUIREMENTS OF ETSI TS 101 456 Customer Aristotle University of Thessaloniki PKI (www.pki.auth.gr) To WHOM IT MAY CONCERN Date 18 March 2011 Independent Audit

More information

Information. Questions will be answered at the end. Please submit questions to Erick Mendoza using the chat function.

Information. Questions will be answered at the end. Please submit questions to Erick Mendoza using the chat function. Information Questions will be answered at the end. Please submit questions to Erick Mendoza using the chat function. Securing Niagara, Part 2 Java 1.7.0.25 Update Announcement Review basic hardening steps

More information

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE

INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE INTEGRATE SALESFORCE.COM SINGLE SIGN-ON WITH THIRD-PARTY SINGLE SIGN-ON USING SENTRY A GUIDE TO SUCCESSFUL USE CASE Legal Marks No portion of this document may be reproduced or copied in any form, or by

More information

CAC/PIV PKI Solution Installation Survey & Checklist

CAC/PIV PKI Solution Installation Survey & Checklist CAC/PIV PKI Solution Installation Survey & Checklist Konica Minolta CAC/PIV Solution Revision: 1.3 Date: 10/19/09 1 Document Overview This document must be completed and used as a checklist or questionnaire

More information

Release Version 4.1 The 2X Software Server Based Computing Guide

Release Version 4.1 The 2X Software Server Based Computing Guide Release Version 4.1 The 2X Software Server Based Computing Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless

More information

On and off premises technologies Which is best for you?

On and off premises technologies Which is best for you? On and off premises technologies Which is best for you? We don t mind what you buy, as long as it is YELLOW! Warren Sealey and Paul-Christian Garpe On Premises or in the cloud? 1 Agenda Why Symantec? Email

More information

Network Security: Public Key Infrastructure

Network Security: Public Key Infrastructure Network Security: Public Key Infrastructure Guevara Noubir Northeastern University noubir@ccs.neu.edu CSG254: Network Security Slides adapted from Radia Perlman s slides Key Distribution - Secret Keys

More information

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0

EUCIP - IT Administrator. Module 5 IT Security. Version 2.0 EUCIP - IT Administrator Module 5 IT Security Version 2.0 Module 5 Goals Module 5 Module 5, IT Security, requires the candidate to be familiar with the various ways of protecting data both in a single

More information

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3

Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability. Version 1.0.3 Test Plan for Department of Defense (DoD) Public Key Infrastructure (PKI) Interagency/Partner Interoperability Version 1.0.3 Prepared for: Department of Defense (DoD) PKI August 27, 2008 Page 1 Table of

More information

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication

DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication DIGIPASS KEY series and smart card series for Juniper SSL VPN Authentication Certificate Based 2010 Integration VASCO Data Security. Guideline All rights reserved. Page 1 of 31 Disclaimer Disclaimer of

More information

Internet Services & Protocols

Internet Services & Protocols Department of Computer Science Institute for System Architecture, Chair for Computer Networks Internet Services & Protocols Internet (In)Security Dr.-Ing. Stephan Groß Room: INF 3099 E-Mail: stephan.gross@tu-dresden.de

More information

Instruments in Grid: the New Instrument Element

Instruments in Grid: the New Instrument Element Instruments in Grid: the New Instrument Element C. Vuerli (1,2), G. Taffoni (1,2), I. Coretti (1), F. Pasian (1,2), P. Santin (1), M. Pucillo (1) (1) INAF Astronomical Observatory of Trieste (2) INAF Informative

More information

Updates from the EUGridPMA. David Groep, Nov 7 nd, 2008

Updates from the EUGridPMA. David Groep, Nov 7 nd, 2008 Updates from the EUGridPMA David Groep, Nov 7 nd, 2008 Updates Today Towards EMEA coverage Autonomous growth Updates AuthZ Operations WG Repository issues TAGPMA La Plata meeting Nov 2008-2 Geographical

More information

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication

Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication Configuring the Cisco ISA500 for Active Directory/LDAP and RADIUS Authentication This application note describes how to authenticate users on a Cisco ISA500 Series security appliance. It includes these

More information

Case Study for Layer 3 Authentication and Encryption

Case Study for Layer 3 Authentication and Encryption CHAPTER 2 Case Study for Layer 3 Authentication and Encryption This chapter explains the basic tasks for configuring a multi-service, extranet Virtual Private Network (VPN) between a Cisco Secure VPN Client

More information

Rsync-enabled NAS Hardware Compatibility List

Rsync-enabled NAS Hardware Compatibility List WHITEPAPER BackupAssist Version 5.1 www.backupassist.com Cortex I.T. Labs 2001-2008 2 Contents Introduction... 3 Hardware Setup Instructions... 3 QNAP TS-409... 3 Netgear ReadyNas NV+... 5 Drobo rev1...

More information

Certificate Management

Certificate Management Certificate Management This guide provides information on...... Configuring the GO!Enterprise MDM server to use a Microsoft Active Directory Certificate Authority... Using Certificates from Outside Sources...

More information

IP Office Technical Tip

IP Office Technical Tip IP Office Technical Tip Tip no: 119 Release Date: 20 Jan 2006 Region: GLOBAL Overview Avaya IP Office Compact Contact Center (CCC) Security Modifications Post Windows 2003 SP1 In Microsoft Windows Server

More information

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology.

CCM 4350 Week 11. Security Architecture and Engineering. Guest Lecturer: Mr Louis Slabbert School of Science and Technology. CCM 4350 Week 11 Security Architecture and Engineering Guest Lecturer: Mr Louis Slabbert School of Science and Technology CCM4350_CNSec 1 Web Server Security The Web is the most visible part of the net

More information

Building A Secure Microsoft Exchange Continuity Appliance

Building A Secure Microsoft Exchange Continuity Appliance Building A Secure Microsoft Exchange Continuity Appliance Teneros, Inc. 215 Castro Street, 3rd Floor Mountain View, California 94041-1203 USA p 650.641.7400 f 650.641.7401 ON AVAILABLE ACCESSIBLE Building

More information

Recommendations for Static Firewall Configuration in D-Grid

Recommendations for Static Firewall Configuration in D-Grid D-Grid Integrationsprojekt (DGI-2) Fachgebiet 3-3 Firewalls Recommendations for Static Firewall Configuration in D-Grid Version 1.5, 21. Mai 2008 D-Grid Integrationsprojekt (DGI-2) Autoren: Gian Luca Volpato

More information