CERN, LHC & the Higgs Particle: Security in an Academic Environment

Size: px
Start display at page:

Download "CERN, LHC & the Higgs Particle: Security in an Academic Environment"

Transcription

1 CERN, LHC & the Higgs Particle: Security in an Academic Environment Dr. Stefan Lüders (CERN Computer Security Officer) 15. Berner Tagung für Informationssicherheit, November 27 th 2012

2 CERN in a Nutshell Tim Berners-Lee

3 The CERN Business Model Atom Nuclei Virus Proton Higgs? Cell m Particle Accelerator Electron Microscope Microscope The Solar System Galaxies The Observable Universe Spy Glass Telescope Radio Telescope

4 Looking into the Proton Beam Bunch Proton

5 at Very High Energies World s largest superconducting installation 1.9 K) Steer a beam of 85 kg TNT through a 3mm hole times per second

6 with Four Digital Cameras 100M data channels 1M control points

7 300 Mio. Collisions per Second Event size: ~10MB

8 24/7/200 Series Production

9 First data and 20yrs more to come!

10 Overview CERN s security footprint Operational Noise This is a people problem

11 CERN s security footprint

12 Academic Freedom at CERN CERN s Users: from 100s of universities worldwide Pupils, students, post-docs, professors, technicians, engineers, physicists, High turn-over (~10k per year) Merge of professional and private life: Social Networks, Dropbox, Gmail, LinkedIn, hostels on site, Academic Freedom in Research: No limitations and boundaries if possible Free communication & freedom to publish Difficult to change people, impossible to force them Trial of the new, no/very fast life-cycles, all-time prototypes Open campus attitude: Consider CERN being an ISP!

13 Academic Freedom at CERN CERN s Users: from 100s of universities worldwide Pupils, students, post-docs, professors, technicians, engineers, physicists, High turn-over (~10k per year) Merge of professional and private life: Social Networks, Dropbox, Gmail, LinkedIn, Academic Freedom in Research: No limitations and boundaries if possible Free communication & freedom to publish Difficult to change people, impossible to force them Trial of the new, no/very fast life-cycles, all-time prototypes Open campus attitude: I consider CERN being an ISP!

14 CERN Sectors of Operations Office Computing Security Computing Services Security Grid Computing Security Control Systems Security

15 Office Computing Footprint General network architecture for all sectors: 3 Class-B IP networks with >20 Gbps bandwidth incl. DHCP/wireless Several non-routable Class-B IP networks with >20 Gbps bandwidth >3000 switches, ~40k devices on Ethernet/DHCP/wireless networks 6k firewall openings One flat office / wireless network Visitor s laptops and office PCs on same network for a liberal (i.e. heterogeneous) user world Any type of personal/external laptops, PCs, PDAs, phones, devices,... Any type of O/S: Mac OSX, Debian, Ubuntu, Windows 98, RedHat, Any type of application, programming language, tools, Web sites,... Hundreds of Web servers for dedicated purposes ~23k user accounts

16 Computer Services Footprint 7 computer centers each with up to ~10k nodes (~64k cores, ~64k HDDs) for central computing, accelerator operations, and physics experiments Serving a multitude of services & systems Central O/S: Windows XP/7 (~6500 PCs), Windows Server , Scientific Linux 5/6, Mac OS X ~2M mails per day: 95% SPAM, 1% unidentified SPAM, 4% regular AV, file systems (AFS, DFS), disk pools (~63PB), tape stores (~15PB/yr), DBs, versioning systems, document servers, HR/FI/engineering app s, collaboration tools, PaaS virtualization service (~4k VMs), ~10k Web sites on 50 Web servers + many more for dedicated purposes CERN Internet Exchange Point (22 European ISPs + Telecom providers) incl. GRID Computing Tier-0 (~7k nodes), 11x Tier-1s, and O(100) Tier-2s

17 Control Systems Footprint Experiment: ALICE, ATLAS, CMS, LHCb, LHCf and TOTEM ALPHA (AD-5), Cast, Collaps, Compass, Dirac, Gamma Irradiation Facility, ISOLTRAP, MICE R&D, Miniball, Mistral, NA48/3, NA49, NA60, ntof, Witch, GCS, MCS, MSS, and Cryogenics System Accelerators: AB/OP, AD, CNGS, CCC, CLIC, ISOLDE, ISOLDE offline, LEIR, LHC, Linac 2, Linac 3, PS, PS Booster, REX, SM18, and SPS Safety: ACIS, AC PS1, AC PS2, AC SPS1, AC SPS2, Alarm Repeater, ARCON, ADS, CSA, SGGAZ, SFDIN, CSAM, CESAR, DSS, LACS, LASS, LASER, Radmon, RAMSES, MSAT, Radio Protection Service, Sniffer System, SUSI, TIM, and Video Surveillance Infrastructure: CV, ENS, FM, DBR, Gamma Spectroscopy, TS/CSE, and YAMS Accelerator Infrastructure: ADT, ACS, BQE, BPAWT, BDI, BIC, BLM, BOF, BPM, BOB, BSRT, BTV, BRA, CWAT, Cryo (Frigo, SM18 & Tunnel), BCTDC, BCTF, FGC, LEIR Low Level RF, LHC Beam Control System, LBDS, HC, LHC Logging Service, LTI, MKQA, APWL, BPL, OASIS, PIC, QDS/QPS, BQS, SPS BT, BQK, Vacuum System, WIC, and BWS

18 CERN s security footprint Operational Noise

19 Phishing Targeted and untargeted Phishing attacks in English & French Spoofed login pages on trusted hoster!

20 Data Leakage Sensitivity levels are user dependent!

21 Break-Ins Unpatched oscilloscope (running Win XP SP2) Lack of input validation & sanitization Unpatched web server (running Linux)

22 Suboptimal configuration (1) CERN 2007 Crashed 17% Lack of robustness Failed 15% Passed 68%

23 CERN s security footprint Operational Noise This is a people problem

24 A small quiz. Quiz: Which URL leads you to %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d co_partnerid=2&usage=0&ru=http%3a%2f%2fwww.ebay.com&rafid=0 &encrafid=default

25 Intelligent clientele May I point out that I do not have a tail and do not feel like being treated like a circus dog. Why there are idiotic policies in place to forbid use of certain technologies? I failed to pass the security courses, the questions were so stupid, that sometimes it's difficult to answer. If you want to meet with me personally, I can teach you computer security. I fully recognise the importance of computer security at CERN. However, I am not sure that you have yet appreciated that computer security is not the raison d' être of CERN. Computer security must always be balanced with the need for CERN to carry out its experiments. I do not believe that [...] poses a strong security risk and you have not explained to us why it does.

26 CERN Security Paradigm Find balance between Academic Freedom, Operations and Computer Security Academic Freedom means Responsibility (I, as Security Officer, decline to accept that responsibility) Instead, computer security at CERN is delegated to all users of computing resources (sys admins, controls experts, secretaries, ) If they don t feel ready, they can pass that responsibility to the CERN IT department using central services. The CERN Security Team acts as facilitator and enabler: No big sticks, no heavy rules.

27 CERN Security Paradigm Find balance between Academic Freedom, Operations and Computer Security Academic Freedom means Responsibility (I, as Security Officer, decline to accept that responsibility) Instead, computer security at CERN is delegated to all users of computing resources (sys admins, controls experts, secretaries, ) If they dn t feel ready, they can pass that responsibility to the CERN IT department using central services. The CERN Security Team acts as facilitator and enabler: No big sticks, no heavy rules.

28 Change of Culture (at CERN) Security is dealt with as with Safety. CERN aims for a change of culture & a new mind set Basic awareness training to everyone, esp. newcomers Every owner of a computer account must follow online security courses every 3 years. Provisioning of static code analyzers Dedicated training on secure development (Java, C/C++, Perl, Python, PHP, web,...) Baselines & consulting Once people understand, the rest is easy: care, SLDC, use of standards,

29 Change of Culture (at CERN) Security is dealt with as with Safety. CERN aims for a change of culture & a new mind set Basic awareness training to everyone, esp. newcomers Every owner of a computer account must follow online security courses every 3 years. Provisioning of static code analyzers Dedicated training on secure development (Java, C/C++, Perl, Python, PHP, web,...) Baselines & consulting Once people understand, the rest is easy: care, SLDC, use of standards,

30 Change of Culture (Outside) We have to start sensibilization early! Being aware of risks is the first step towards mitigation Today s kids are the programmers of tomorrow Why are IT graduates still weak in security? They learn programming, O/S, DBs, for their BSc, but security just comes later in the MSc curriculum Why can software vendors still ship out insecure applications / devices? Why can I sue [car vendor] for a non-working brake but not [software vendor] for a vulnerability? Who has to do due diligence?

31 Summary CERN s Security Footprint is heterogeneous and vast However, security events happen and will continue to happen Enable users assuming responsibility. Provoke a Change-of-Mind!!!

32 Literature

CERN Computer & Grid Security

CERN Computer & Grid Security CERN Computer & Grid Security Dr. Stefan Lüders (CERN Computer Security Officer) ITU SG17 Tutorials, Geneva, September 5 th 2012 CERN in a Nutshell Tim Berners-Lee Overview CERN s security footprint Operational

More information

Integration of Virtualized Worker Nodes in Batch Systems

Integration of Virtualized Worker Nodes in Batch Systems Integration of Virtualized Worker Nodes Dr. A. Scheurer, Dr. V. Büge, O. Oberst, P. Krauß Linuxtag 2010, Berlin, Session: Cloud Computing, Talk ID: #16197 KIT University of the State of Baden-Wuerttemberg

More information

Secure Email and Web Browsing. Sébastien Dellabella Computer Security Team

Secure Email and Web Browsing. Sébastien Dellabella Computer Security Team Secure Email and Web Browsing Sébastien Dellabella Computer Security Team Overview Main attack types Consequences of a successful attack Survival guide on the wild Internet Understanding the details Examples

More information

Why. Control System Cyber Security Sucks. CERN Control Centre. CERN Computer Centre

Why. Control System Cyber Security Sucks. CERN Control Centre. CERN Computer Centre Why CERN Control Centre Control System Cyber Security Sucks CERN Computer Centre Why Control System Cyber-Security Sucks CERN Business Modell Beam Bunch Proton Why Control System Cyber-Security Sucks

More information

Standby Services or Reliance on Experts for Accelerator control?

Standby Services or Reliance on Experts for Accelerator control? Standby Services or Reliance on Experts for Accelerator control? Claude-Henri Sicard AB/CO ATC/ABOC Days 27 Plan: PS Complex Controls Standby service: case study Organisation Domain of intervention Statistics

More information

Betriebssystem-Virtualisierung auf einem Rechencluster am SCC mit heterogenem Anwendungsprofil

Betriebssystem-Virtualisierung auf einem Rechencluster am SCC mit heterogenem Anwendungsprofil Betriebssystem-Virtualisierung auf einem Rechencluster am SCC mit heterogenem Anwendungsprofil Volker Büge 1, Marcel Kunze 2, OIiver Oberst 1,2, Günter Quast 1, Armin Scheurer 1 1) Institut für Experimentelle

More information

Computing and Engineering at CERN Employment and Training Opportunities for UK Students and Graduates

Computing and Engineering at CERN Employment and Training Opportunities for UK Students and Graduates Computing and Engineering at CERN Employment and Training Opportunities for UK Students and Graduates 1. Introduction As part of its commitment to CERN, STFC works to ensure that the UK profits as it should

More information

Firewalls & Intrusion Detection

Firewalls & Intrusion Detection Firewalls & Intrusion Detection CS 594 Special Topics/Kent Law School: Computer and Network Privacy and Security: Ethical, Legal, and Technical Consideration 2007, 2008 Robert H. Sloan Security Intrusion

More information

Big Data Analytics. for the Exploitation of the CERN Accelerator Complex. Antonio Romero Marín

Big Data Analytics. for the Exploitation of the CERN Accelerator Complex. Antonio Romero Marín Big Data Analytics for the Exploitation of the CERN Accelerator Complex Antonio Romero Marín Milan 11/03/2015 Oracle Big Data and Analytics @ Work 1 What is CERN CERN - European Laboratory for Particle

More information

Shared Computing Driving Discovery: From the Large Hadron Collider to Virus Hunting. Frank Würthwein

Shared Computing Driving Discovery: From the Large Hadron Collider to Virus Hunting. Frank Würthwein Shared Computing Driving Discovery: From the Large Hadron Collider to Virus Hunting Frank Würthwein Professor of Physics University of California San Diego February 14th, 2015 The Science of the LHC The

More information

Component 4: Introduction to Information and Computer Science. Topic III: Cloud Computing. Distributed computing

Component 4: Introduction to Information and Computer Science. Topic III: Cloud Computing. Distributed computing Component 4: Introduction to Information and Computer Science Unit 10: Future of Computing Lecture 2 This material was developed by Oregon Health & Science University, funded by the Department of Health

More information

Lecture 02b Cloud Computing II

Lecture 02b Cloud Computing II Mobile Cloud Computing Lecture 02b Cloud Computing II 吳 秀 陽 Shiow-yang Wu T. Sridhar. Cloud Computing A Primer, Part 2: Infrastructure and Implementation Topics. The Internet Protocol Journal, Volume 12,

More information

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Copyright 2005, Meru Networks, Inc. This document is an unpublished work protected by the United States copyright laws and

More information

Computer Cell (Information & Communication Technology) Research Center

Computer Cell (Information & Communication Technology) Research Center Computer Cell (Information & Communication Technology) Research Center Post* (01) Deputy Manager IT 4 Year Bachelors or Masters of design, Commissioning and maintenance of Local and Wide Area Networks

More information

Beyond High Performance Computing: What Matters to CERN

Beyond High Performance Computing: What Matters to CERN Beyond High Performance Computing: What Matters to CERN Pierre VANDE VYVRE for the ALICE Collaboration ALICE Data Acquisition Project Leader CERN, Geneva, Switzerland 2 CERN CERN is the world's largest

More information

Secure Your Mobile Workplace

Secure Your Mobile Workplace Secure Your Mobile Workplace Sunny Leung Senior System Engineer Symantec 3th Dec, 2013 1 Agenda 1. The Threats 2. The Protection 3. Q&A 2 The Mobile Workplaces The Threats 4 Targeted Attacks up 42% in

More information

(Possible) HEP Use Case for NDN. Phil DeMar; Wenji Wu NDNComm (UCLA) Sept. 28, 2015

(Possible) HEP Use Case for NDN. Phil DeMar; Wenji Wu NDNComm (UCLA) Sept. 28, 2015 (Possible) HEP Use Case for NDN Phil DeMar; Wenji Wu NDNComm (UCLA) Sept. 28, 2015 Outline LHC Experiments LHC Computing Models CMS Data Federation & AAA Evolving Computing Models & NDN Summary Phil DeMar:

More information

Data sharing and Big Data in the physical sciences. 2 October 2015

Data sharing and Big Data in the physical sciences. 2 October 2015 Data sharing and Big Data in the physical sciences 2 October 2015 Content Digital curation: Data and metadata Why consider the physical sciences? Astronomy: Video Physics: LHC for example. Video The Research

More information

Worldwide attacks on SS7 network

Worldwide attacks on SS7 network Worldwide attacks on SS7 network P1 Security Hackito Ergo Sum 26 th April 2014 Pierre-Olivier Vauboin (po@p1sec.com) Alexandre De Oliveira (alex@p1sec.com) Agenda Overall telecom architecture Architecture

More information

Tier0 plans and security and backup policy proposals

Tier0 plans and security and backup policy proposals Tier0 plans and security and backup policy proposals, CERN IT-PSS CERN - IT Outline Service operational aspects Hardware set-up in 2007 Replication set-up Test plan Backup and security policies CERN Oracle

More information

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/

An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/ An Integrated CyberSecurity Approach for HEP Grids Workshop Report http://hpcrd.lbl.gov/hepcybersecurity/ 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at

More information

IPv6 on OpenStack. Feature Parity is a Tricky Question

IPv6 on OpenStack. Feature Parity is a Tricky Question IPv6 on OpenStack Feature Parity is a Tricky Question Today s Sequence Quick Review of OpenStack Is OpenStack IPv6 Ready? Case Study: CERN s use of OpenStack Takeaways Today s Sequence Quick Review of

More information

THE TESLA TEST FACILITY AS A PROTOTYPE FOR THE GLOBAL ACCELERATOR NETWORK

THE TESLA TEST FACILITY AS A PROTOTYPE FOR THE GLOBAL ACCELERATOR NETWORK THE TESLA TEST FACILITY AS A PROTOTYPE FOR THE GLOBAL ACCELERATOR NETWORK K. Rehlich, DESY, Hamburg, Germany Abstract The next generation of large accelerators facilities will be produced and operated

More information

Network Documentation Checklist

Network Documentation Checklist Network Documentation Checklist Don Krause, Creator of NetworkDNA This list has been created to provide the most elaborate overview of elements in a network that should be documented. Network Documentation

More information

How To leverage VMware solutions for Manageability & Security of Desktop. Matteo Uva Channel Manager Italy and Greece

How To leverage VMware solutions for Manageability & Security of Desktop. Matteo Uva Channel Manager Italy and Greece How To leverage VMware solutions for Manageability & Security of Desktop Matteo Uva Channel Manager Italy and Greece Agenda 1. What is VDI & How can it help my customers? 2. Building a VDI solution 3.

More information

Gigabit SSL VPN Security Router

Gigabit SSL VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is the ideal to help the SMBs increase the

More information

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK

HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK HE WAR AGAINST BEING AN INTERMEDIARY FOR ANOTHER ATTACK Prepared By: Raghda Zahran, Msc. NYIT-Jordan campus. Supervised By: Dr. Lo ai Tawalbeh. November 2006 Page 1 of 8 THE WAR AGAINST BEING AN INTERMEDIARY

More information

Big Data and Storage Management at the Large Hadron Collider

Big Data and Storage Management at the Large Hadron Collider Big Data and Storage Management at the Large Hadron Collider Dirk Duellmann CERN IT, Data & Storage Services Accelerating Science and Innovation CERN was founded 1954: 12 European States Science for Peace!

More information

THE BLUENOSE SECURITY FRAMEWORK

THE BLUENOSE SECURITY FRAMEWORK THE BLUENOSE SECURITY FRAMEWORK Bluenose Analytics, Inc. All rights reserved TABLE OF CONTENTS Bluenose Analytics, Inc. Security Whitepaper ISO 27001/27002 / 1 The Four Pillars of Our Security Program

More information

DOBUS And SBL Cloud Services Brochure

DOBUS And SBL Cloud Services Brochure 01347 812100 www.softbox.co.uk DOBUS And SBL Cloud Services Brochure enquiries@softbox.co.uk DOBUS Overview The traditional DOBUS service is a non-internet reliant, resilient, high availability trusted

More information

Integrating a heterogeneous and shared Linux cluster into grids

Integrating a heterogeneous and shared Linux cluster into grids Integrating a heterogeneous and shared Linux cluster into grids 1,2 1 1,2 1 V. Büge, U. Felzmann, C. Jung, U. Kerzel, 1 1 1 M. Kreps, G. Quast, A. Vest 1 2 DPG Frühjahrstagung March 28 31, 2006 Dortmund

More information

Computing at the HL-LHC

Computing at the HL-LHC Computing at the HL-LHC Predrag Buncic on behalf of the Trigger/DAQ/Offline/Computing Preparatory Group ALICE: Pierre Vande Vyvre, Thorsten Kollegger, Predrag Buncic; ATLAS: David Rousseau, Benedetto Gorini,

More information

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet:

Managed Hosting is a managed service provided by MN.IT. It is structured to help customers meet: Managed Hosting Service Description Version 1.10 Effective Date: 3/3/2015 Purpose This Service Description is applicable to Managed Hosting services (MH) offered by MN.IT Services (MN.IT) and described

More information

DPS HOSTED SOLUTIONS

DPS HOSTED SOLUTIONS DPS HOSTED SOLUTIONS DPS SOFTWARE 288 SOUTHBURY ROAD ENFIELD MIDDLESEX EN1 1TR DATE: OCTOBER 2009 DPS Software 2009 1 INDEX DPS HOSTED SOLUTIONS 1 INTRODUCTION 3 DPS HOSTING OVERVIEW 4 WHAT HAPPENS IF

More information

OIS. Update on Windows 7 at CERN & Remote Desktop Gateway. Operating Systems & Information Services CERN IT-OIS

OIS. Update on Windows 7 at CERN & Remote Desktop Gateway. Operating Systems & Information Services CERN IT-OIS Operating Systems & Information Services Update on Windows 7 at CERN & Remote Desktop Gateway CERN IT-OIS Tim Bell, Michal Kwiatek, Michal Budzowski, Andreas Wagner HEPiX Fall 2010 Workshop 4th November

More information

A Physics Approach to Big Data. Adam Kocoloski, PhD CTO Cloudant

A Physics Approach to Big Data. Adam Kocoloski, PhD CTO Cloudant A Physics Approach to Big Data Adam Kocoloski, PhD CTO Cloudant 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 Solenoidal Tracker at RHIC (STAR) The life of LHC data Detected by experiment Online

More information

Solution for private cloud computing

Solution for private cloud computing The CC1 system Solution for private cloud computing 1 Outline What is CC1? Features Technical details Use cases By scientist By HEP experiment System requirements and installation How to get it? 2 What

More information

Top Five Ways to Protect Your Network. A MainNerve Whitepaper

Top Five Ways to Protect Your Network. A MainNerve Whitepaper A MainNerve Whitepaper Overview The data security challenges within the business world have never been as challenging as they are today. Not only must organizations providers comply with stringent State

More information

Testing the In-Memory Column Store for in-database physics analysis. Dr. Maaike Limper

Testing the In-Memory Column Store for in-database physics analysis. Dr. Maaike Limper Testing the In-Memory Column Store for in-database physics analysis Dr. Maaike Limper About CERN CERN - European Laboratory for Particle Physics Support the research activities of 10 000 scientists from

More information

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2

DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing WHAT IS CLOUD COMPUTING? 2 DISTRIBUTED SYSTEMS [COMP9243] Lecture 9a: Cloud Computing Slide 1 Slide 3 A style of computing in which dynamically scalable and often virtualized resources are provided as a service over the Internet.

More information

PROTECTION SERVICE FOR BUSINESS WELCOME TO THE BUSINESS OF FREEDOM

PROTECTION SERVICE FOR BUSINESS WELCOME TO THE BUSINESS OF FREEDOM PROTECTION SERVICE FOR BUSINESS WELCOME TO THE BUSINESS OF FREEDOM EMPLOYEES WORK ON THE MOVE, WITH MULTIPLE DEVICES MEETING CUSTOMERS WORKING FROM HOME BUSINESS TRIP CLOUD SERVICES ARE ENABLERS OF MOBILE

More information

Batch and Cloud overview. Andrew McNab University of Manchester GridPP and LHCb

Batch and Cloud overview. Andrew McNab University of Manchester GridPP and LHCb Batch and Cloud overview Andrew McNab University of Manchester GridPP and LHCb Overview Assumptions Batch systems The Grid Pilot Frameworks DIRAC Virtual Machines Vac Vcycle Tier-2 Evolution Containers

More information

Building a Volunteer Cloud

Building a Volunteer Cloud Building a Volunteer Cloud Ben Segal, Predrag Buncic, David Garcia Quintas / CERN Daniel Lombrana Gonzalez / University of Extremadura Artem Harutyunyan / Yerevan Physics Institute Jarno Rantala / Tampere

More information

Our mission is to provide world class solutions, consulting and training on information and communication technologies.

Our mission is to provide world class solutions, consulting and training on information and communication technologies. Company Profile General Information Synapse ATS is an IT Service, Solution and Education Provider Company that helps customers to plan, design, implement, maintain and operate their IT infrastructure.

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

Building a Penetration Testing Virtual Computer Laboratory

Building a Penetration Testing Virtual Computer Laboratory Building a Penetration Testing Virtual Computer Laboratory User Guide 1 A. Table of Contents Collaborative Virtual Computer Laboratory A. Table of Contents... 2 B. Introduction... 3 C. Configure Host Network

More information

How to prevent computer viruses in 10 steps

How to prevent computer viruses in 10 steps How to prevent computer viruses in 10 steps Following on from our advice on how to keep your online data secure, we ve created a follow-up outlining how you can keep your computer itself safe. Not only

More information

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark

The self-defending network a resilient network. By Steen Pedersen Ementor, Denmark The self-defending network a resilient network By Steen Pedersen Ementor, Denmark The self-defending network - a resilient network What is required of our internal networks? Available, robust, fast and

More information

Cloud computing an insight

Cloud computing an insight Cloud computing an insight Overview IT infrastructure is changing according the fast-paced world s needs. People in the world want to stay connected with Work / Family-Friends. The data needs to be available

More information

Chapter 1: Introduction to the World of Computers

Chapter 1: Introduction to the World of Computers Chapter 1: Introduction to the World of Computers What Is a Computer and What Does It Do? Computer A programmable, electronic device that accepts data, performs operations on that data, and stores the

More information

FIREWALL POLICY November 2006 TNS POL - 008

FIREWALL POLICY November 2006 TNS POL - 008 FIREWALL POLICY November 2006 TNS POL - 008 Introduction Network Security Services (NSS), a department of Technology and Network Services, operates a firewall to enhance security between the Internet and

More information

at the Advanced Photon Source Debby Quock, ANL Advanced Photon Source ICALEPCS 2007 Control System Cyber-Security Workshop

at the Advanced Photon Source Debby Quock, ANL Advanced Photon Source ICALEPCS 2007 Control System Cyber-Security Workshop Control System Cyber Security Measures at the Advanced Photon Source Debby Quock, ANL Advanced Photon Source ICALEPCS 2007 Control System Cyber-Security Workshop Introduction Advanced Photon Source (APS)

More information

12 Security Camera System Best Practices - Cyber Safe

12 Security Camera System Best Practices - Cyber Safe 12 Security Camera System Best Practices - Cyber Safe Dean Drako, President and CEO, Eagle Eye Networks Website version of white paper Dean Drako video introduction for cyber security white paper Introduction

More information

FCC 1309180800 JGU WBS_v0034.xlsm

FCC 1309180800 JGU WBS_v0034.xlsm 1 Accelerators 1.1 Hadron injectors 1.1.1 Overall design parameters 1.1.1.1 Performance and gap of existing injector chain 1.1.1.2 Performance and gap of existing injector chain 1.1.1.3 Baseline parameters

More information

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.

VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware. VMware Virtual Desktop Infrastructure (VDI) - The Best Strategy for Managing Desktop Environments Mike Coleman, VMware (mcoleman@vmware.com) Copyright 2008 EMC Corporation. All rights reserved. Agenda

More information

Section 1.0 Co-location and Virtual Machines

Section 1.0 Co-location and Virtual Machines ITS Co-location and Virtual Machine Customer Questionnaire This form is for both Co-locations and Virtual Machines. If you are requesting a Virtual Machine, answer sections 1 and 3 of this questionnaire

More information

ITEC 495 Capstone Project Ideas

ITEC 495 Capstone Project Ideas ITEC 495 Capstone Project Ideas Open Source Content Filtering OpenDNS A 25 person architectural firm with one single location needs to implement a low cost, secure, easy to deploy and administer web content

More information

Perspective on secure network for control systems in SPring-8

Perspective on secure network for control systems in SPring-8 Perspective on secure network for control systems in SPring-8 Toru Ohata, M. Ishii, T. Fukui* and R. Tanaka JASRI/SPring-8, Japan *RIKEN/SPring-8, Japan Contents Network architecture Requirement and design

More information

Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for:

Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for: Peter Hirsch Cloud computing is a marketing term for technologies that provide servers, outside of the firewall, for: Computation Software Applications Data access Storage services.that do not require

More information

Promoting Network Security (A Service Provider Perspective)

Promoting Network Security (A Service Provider Perspective) Promoting Network Security (A Service Provider Perspective) Prevention is the Foundation H S Gupta DGM (Technical) Data Networks, BSNL hsgupta@bsnl.co.in DNW, BSNL 1 Agenda Importance of Network Security

More information

Desktop Virtualization @ U-M. September 28, 2011 Ryan Henyard ITS Desktop Infrastructure

Desktop Virtualization @ U-M. September 28, 2011 Ryan Henyard ITS Desktop Infrastructure Desktop Virtualization @ U-M September 28, 2011 Ryan Henyard ITS Desktop Infrastructure Overview Introduction to Desktop Virtualization MyDesktop Service How We Got There Use Cases Takeaways Future Plans

More information

TABLE OF CONTENTS NETWORK SECURITY 2...1

TABLE OF CONTENTS NETWORK SECURITY 2...1 Network Security 2 This document is the exclusive property of Cisco Systems, Inc. Permission is granted to print and copy this document for non-commercial distribution and exclusive use by instructors

More information

Complete Patch Management

Complete Patch Management Complete Management Targeted, Reliable and Cost-efficient In- Depth CSI Corporate Software Inspector Empower your IT-Operations and Security Teams with the most reliable Vulnerability & Management solution

More information

Gigabit Multi-Homing VPN Security Router

Gigabit Multi-Homing VPN Security Router As Internet becomes essential for business, the crucial solution to prevent your Internet connection from failure is to have more than one connection. PLANET is a ideal to help the SMBs increase the broadband

More information

Research, recommend, and assist in implementing identity automation solution.

Research, recommend, and assist in implementing identity automation solution. Stephen Hargrove PO Box 592241 San Antonio, TX 78259 210-239-9763 stephen@stephenhargrove.com EXPERIENCE Information Security Officer Manager, Information Security Administration, UTHSCSA; San Antonio,

More information

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro)

Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) Global Cyber Range (GCR) Empowering the Cybersecurity Professional (CyPro) NICE Conference 2014 CYBERSECURITY RESILIENCE A THREE TIERED SOLUTION NIST Framework for Improving Critical Infrastructure Cybersecurity

More information

Customized Cloud Solution

Customized Cloud Solution Customized Cloud Solution (Overall Cloud Performance Expectations) Last Updated: June 5, 2012 Prepared by: Polleo Systems, Inc. Notice of Confidentiality: The enclosed material is proprietary to Polleo

More information

Eduroam wireless network Apple Mac OSX 10.4

Eduroam wireless network Apple Mac OSX 10.4 Eduroam wireless network Apple Mac OSX 0.4 How to configure laptop computers to connect to the eduroam wireless network Contents university for the creative arts Contents Introduction Prerequisites Instructions

More information

irods at CC-IN2P3: managing petabytes of data

irods at CC-IN2P3: managing petabytes of data Centre de Calcul de l Institut National de Physique Nucléaire et de Physique des Particules irods at CC-IN2P3: managing petabytes of data Jean-Yves Nief Pascal Calvat Yonny Cardenas Quentin Le Boulc h

More information

The shortest path to cellular communications: Cellular Development Platform

The shortest path to cellular communications: Cellular Development Platform The shortest path to cellular communications: Cellular Development Platform Multi-Tech Overview 40 years focused on Machine-to-Machine (M2M) Communications 80+ patents 20+ million devices, thousands of

More information

Multifunctional Broadband Router User Guide. Copyright Statement

Multifunctional Broadband Router User Guide. Copyright Statement Copyright Statement is the registered trademark of Shenzhen Tenda Technology Co., Ltd. Other trademark or trade name mentioned herein are the trademark or registered trademark of above company. Copyright

More information

High Availability Databases based on Oracle 10g RAC on Linux

High Availability Databases based on Oracle 10g RAC on Linux High Availability Databases based on Oracle 10g RAC on Linux WLCG Tier2 Tutorials, CERN, June 2006 Luca Canali, CERN IT Outline Goals Architecture of an HA DB Service Deployment at the CERN Physics Database

More information

INDEPENDENT TECHNOLOGY SPECIALISTS IN EDUCATION

INDEPENDENT TECHNOLOGY SPECIALISTS IN EDUCATION INDEPENDENT TECHNOLOGY SPECIALISTS IN EDUCATION CONSIDERATIONS FOR DEVELOPING AND DEPLOYING A MOBILE LEARNING STRATEGY Many schools we are working with are looking to extend their use of tablet technology,

More information

Cisco Security Agent (CSA) Network Admission Control (NAC)

Cisco Security Agent (CSA) Network Admission Control (NAC) Cisco Security Agent (CSA) Network Admission Control (NAC) Pascal Delprat Security Consultant Cisco France Vincent Bieri Marketing Manager, Security EMEA Technology Marketing Organisation 1 Agenda CSA

More information

LHCb Software Installation Tools. Stuart K. Paterson Ganga Workshop (Tuesday 14th June) 1

LHCb Software Installation Tools. Stuart K. Paterson Ganga Workshop (Tuesday 14th June) 1 LHCb Software Installation Tools Stuart K. Paterson Ganga Workshop (Tuesday 14th June) 1 Contents Introduction Current Situation in LHCb From Source Pacman Distribution Software Distribution Tool DIRAC

More information

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements

Connecting to the Internet. LAN Hardware Requirements. Computer Requirements. LAN Configuration Requirements Connecting to the Internet LAN Hardware Requirements Computer Requirements LAN Configuration Requirements Installation Performed by Time Warner Cable Technician Connecting via Ethernet Connecting via USB

More information

Best Practice Guide CLEO Remote Access Services

Best Practice Guide CLEO Remote Access Services Best Practice Guide CLEO Remote Access Services A Guide to Preparing Your School Network & Remote Users PCs V 5.0 Published: October 2007 Please refer to www.cleo.net.uk for the most recently published

More information

MSP Center Plus Features Checklist

MSP Center Plus Features Checklist Features Checklist Your evaluation is not complete until you check out top vendors and the price. Here is a list prepared based customer queries. Features General Easy web interface with admin, technician,

More information

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit.

This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. The hidden risks of mobile applications This session was presented by Jim Stickley of TraceSecurity on Wednesday, October 23 rd at the Cyber Security Summit. To learn more about TraceSecurity visit www.tracesecurity.com

More information

(Scale Out NAS System)

(Scale Out NAS System) For Unlimited Capacity & Performance Clustered NAS System (Scale Out NAS System) Copyright 2010 by Netclips, Ltd. All rights reserved -0- 1 2 3 4 5 NAS Storage Trend Scale-Out NAS Solution Scaleway Advantages

More information

On the Deficiencies of Active Network Discovery Systems

On the Deficiencies of Active Network Discovery Systems On the Deficiencies of Active Network Discovery Systems Ofir Arkin Chief Technology Officer Insightix Copyright 2012 - All Rights Reserved. This material is proprietary of Insightix. Any unauthorized

More information

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1

Computer Security CS 426 Lecture 36. CS426 Fall 2010/Lecture 36 1 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls CS426 Fall 2010/Lecture 36 1 Announcements There will be a quiz on Wed There will be a guest lecture on Friday, by Prof. Chris Clifton

More information

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India

CLOUD COMPUTING. DAV University, Jalandhar, Punjab, India. DAV University, Jalandhar, Punjab, India CLOUD COMPUTING 1 Er. Simar Preet Singh, 2 Er. Anshu Joshi 1 Assistant Professor, Computer Science & Engineering, DAV University, Jalandhar, Punjab, India 2 Research Scholar, Computer Science & Engineering,

More information

Minimum Computer System Requirements

Minimum Computer System Requirements Minimum Computer System Requirements http://ualr.edu/blackboard/welcome/system- requirements/ The following minimum hardware and software requirements are necessary in order to access an online class through

More information

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3

CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 CLEO ~Remote Access Services Remote Desktop Access User guide CLEO Remote Access Services CLEO Remote Desktop Access User Guide v1.3 August 2007 page 1 of 16 CLEO 2007 CLEO Remote Access Services 3SGD

More information

SOCIETIC SOCiety as Infrastructure for E-Science via technology, innovation and creativity

SOCIETIC SOCiety as Infrastructure for E-Science via technology, innovation and creativity SOCIETIC SOCiety as Infrastructure for E-Science via technology, innovation and creativity Deliverable no. D3.1 Deliverable name Dissemination level WP no. 3 WP name Operational Platform for Experimental

More information

Gigabit Content Security Router

Gigabit Content Security Router Gigabit Content Security Router As becomes essential for business, the crucial solution to prevent your connection from failure is to have more than one connection. PLANET is the Gigabit Content Security

More information

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect

Security in the Sauce Labs Cloud. Practices and protocols used in Sauce s infrastructure and Sauce Connect Security in the Sauce Labs Cloud Practices and protocols used in Sauce s infrastructure and Sauce Connect Table of Contents page 2 page 4 page 6 page 8 page 9 page 10 page 11 Overview I. Sauce Labs Data

More information

Windows Server 2003 End of Support. What does it mean? What are my options?

Windows Server 2003 End of Support. What does it mean? What are my options? Windows Server 2003 End of Support What does it mean? What are my options? Windows Server 2003 End of Life- Why Care? The next big vulnerability (Heartbleed/Shellshock) is looming No more patches from

More information

Design and Configuration of a Network Security and Forensics Lab

Design and Configuration of a Network Security and Forensics Lab Design and Configuration of a Network Security and Forensics Lab Billy Harris Billy-Harris@utc.edu Joseph Kizza Joseph-Kizza@utc.edu Mike Ward Mike-Ward@utc.edu ABSTRACT This paper describes the design

More information

INTRODUCTION TO CLOUD MANAGEMENT

INTRODUCTION TO CLOUD MANAGEMENT CONFIGURING AND MANAGING A PRIVATE CLOUD WITH ORACLE ENTERPRISE MANAGER 12C Kai Yu, Dell Inc. INTRODUCTION TO CLOUD MANAGEMENT Oracle cloud supports several types of resource service models: Infrastructure

More information

DIVISION OF ENGINEERING COMPUTING SERVICES DECS SERVICE DESK. Fall & Spring: Monday Thursday 8am to 9pm. Summer & Breaks:

DIVISION OF ENGINEERING COMPUTING SERVICES DECS SERVICE DESK. Fall & Spring: Monday Thursday 8am to 9pm. Summer & Breaks: DECS Community IT Michigan State University College of Engineering DIVISION OF ENGINEERING COMPUTING SERVICES DECS SERVICE DESK For all questions and requests visit www.egr.msu.edu/decs or 1325EB, e mail

More information

Cyber Threats in Physical Security Understanding and Mitigating the Risk

Cyber Threats in Physical Security Understanding and Mitigating the Risk Cyber Threats in Physical Security Understanding and Mitigating the Risk Synopsis Over the last few years, many industrial control systems, including security solutions, have adopted digital technology.

More information

CHAPTER 2 THEORETICAL FOUNDATION

CHAPTER 2 THEORETICAL FOUNDATION CHAPTER 2 THEORETICAL FOUNDATION 2.1 Theoretical Foundation Cloud computing has become the recent trends in nowadays computing technology world. In order to understand the concept of cloud, people should

More information

Enhancing Your Network Security

Enhancing Your Network Security Enhancing Your Network Security Rainer Singer SE Manager Central Europe October 2013 Infoblox Overview & Business Update Founded in 1999 Headquartered in Santa Clara, CA with global operations in 25 countries

More information

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011)

Host Hardening. OS Vulnerability test. CERT Report on systems vulnerabilities. (March 21, 2011) Host Hardening (March 21, 2011) Abdou Illia Spring 2011 CERT Report on systems vulnerabilities Source: CERT Report @ http://www.kb.cert.org/vuls/bymetric 2 OS Vulnerability test Source: http://www.omninerd.com/articles/2006_operating_system_vulnerabilit

More information

Running in 2011 - Luminosity. Mike Lamont Verena Kain

Running in 2011 - Luminosity. Mike Lamont Verena Kain Running in 2011 - Luminosity Mike Lamont Verena Kain Presentations Many thanks to all the speakers! Experiments expectations Massi Ferro-Luzzi Pushing the limits: beam Elias Métral Pushing the limits:

More information

Cathode Ray Tube. Introduction. Functional principle

Cathode Ray Tube. Introduction. Functional principle Introduction The Cathode Ray Tube or Braun s Tube was invented by the German physicist Karl Ferdinand Braun in 897 and is today used in computer monitors, TV sets and oscilloscope tubes. The path of the

More information