Moving Securely Around Space: The Case of ESA

Similar documents
Continuity Cloud Virtual Firewall Guide

Maintain Your F5 Solution with Fast, Reliable Support

ITIL & Service Predictability/Modeling Plexent

CARE QUALITY COMMISSION ESSENTIAL STANDARDS OF QUALITY AND SAFETY. Outcome 10 Regulation 11 Safety and Suitability of Premises

REPORT' Meeting Date: April 19,201 2 Audit Committee

Product Overview. Version 1-12/14

A Project Management framework for Software Implementation Planning and Management

Swisscom Cloud Strategy & Services

Key Management System Framework for Cloud Storage Singa Suparman, Eng Pin Kwang Temasek Polytechnic

Contents. Presentation contents: Basic EDI dataflow in Russia. eaccounting for HR and Payroll. eaccounting in a Cloud

IBM Healthcare Home Care Monitoring

A Secure Web Services for Location Based Services in Wireless Networks*

ESA Support to ESTB Users

TELL YOUR STORY WITH MYNEWSDESK The world's leading all-in-one brand newsroom and multimedia PR platform

Category 7: Employee Commuting

Rural and Remote Broadband Access: Issues and Solutions in Australia

UTILITY SOLUTIONS. Security & Site Monitoring. Substation Automation Solutions. Protection & Control Systems. Optical Communication Networks

Free ACA SOLUTION (IRS 1094&1095 Reporting)

Important Information Call Through... 8 Internet Telephony... 6 two PBX systems Internet Calls... 3 Internet Telephony... 2

STATEMENT OF INSOLVENCY PRACTICE 3.2

Designing a Secure DNS Architecture

Thursday, March 18, :07 PM Page 1 of 16

Personal Identity Verification (PIV) Enablement Solutions

union scholars program APPLICATION DEADLINE: FEBRUARY 28 YOU CAN CHANGE THE WORLD... AND EARN MONEY FOR COLLEGE AT THE SAME TIME!

YouthWorks Youth Works (yüth- w rkz), n.

Asset set Liability Management for

Cost Benefit Analysis of the etir system Summary, limitations and recommendations

Developing Economies and Cloud Security: A Study of Africa Mathias Mujinga School of Computing, University of South Africa mujinm@unisa.ac.

WORKERS' COMPENSATION ANALYST, 1774 SENIOR WORKERS' COMPENSATION ANALYST, 1769

Payment Hub Project A Worldwide Electronic Banking System,

Who uses our services? We have a growing customer base. with institutions all around the globe.

Cisco Data Virtualization

Congressional Budget Submission. U. S. Department of Justice. FY 2009 Performance Budget. Justice Information Sharing Technology (JIST)

I would appreciate the opportunity to discuss your needs and how I can help you meet your goals.

5.3.2 APPROACH TO PERFORMANCE MANAGEMENT

CalOHI Content Management System Review

Secure User Data in Cloud Computing Using Encryption Algorithms

Advances in GNSS Equipment

Engineering Analytics Opportunity Preview Zinnov Report August 2013

Review and Analysis of Cloud Computing Quality of Experience

Sci.Int.(Lahore),26(1), ,2014 ISSN ; CODEN: SINTE 8 131

Development of Financial Management Reporting in MPLS

Data warehouse on Manpower Employment for Decision Support System

Architecture of the proposed standard

Presentation on Short-Term Certificates to the CAPSEE Conference. September 18, 2014

Enforcing Fine-grained Authorization Policies for Java Mobile Agents

Siemens IT Solutions and Services Pvt. Ltd.

Remember you can apply online. It s quick and easy. Go to Title. Forename(s) Surname. Sex. Male Date of birth D

M.1 Emergency Response Continuity of Operations Plan

Job Description. Programme Leader & Subject Matter Expert

PLUG AND PLAY SERVER LOAD BALANCING AND GLOBAL SERVER LOAD BALANCING FOR TACTICAL NETWORKS

Adverse Selection and Moral Hazard in a Model With 2 States of the World

EVALUATING EFFICIENCY OF SERVICE SUPPLY CHAIN USING DEA (CASE STUDY: AIR AGENCY)

From Access to Education, Health and Innovation

QUANTITATIVE METHODS CLASSES WEEK SEVEN

Scalable Transactions for Web Applications in the Cloud using Customized CloudTPS

Title: Patient Safety Improvements through Real-Time Inventory Management

User-Perceived Quality of Service in Hybrid Broadcast and Telecommunication Networks

Dolphin Management 6. a u. h r. e D oc. n Sec. t GPS

STUDENT. Achieve More! AT A GLANCE BECOME A CWI. I fee. Learn More: OPPORTUNITIES TO

Planning and Managing Copper Cable Maintenance through Cost- Benefit Modeling

Keynote Speech Collaborative Web Services and Peer-to-Peer Grids

C H A P T E R 1 Writing Reports with SAS

Increasing Net Debt as a percentage of Average Equalized ValuaOon

Mainframe Integration

Why An Event App... Before You Start... Try A Few Apps... Event Management Features... Generate Revenue... Vendors & Questions to Ask...

Combinatorial Analysis of Network Security

SCHOOLS' PPP : PROJECT MANAGEMENT

FACULTY SALARIES FALL NKU CUPA Data Compared To Published National Data

Enterprise Resource Planning (ERP) Systems

Managing Risk with Composite Information Systems

Keywords Cloud Computing, Service level agreement, cloud provider, business level policies, performance objectives.

IHE IT Infrastructure (ITI) Technical Framework Supplement. Cross-Enterprise Document Workflow (XDW) Trial Implementation

a m e s y s AMESYS INTELLIGENCE SOLUTIONS C RITIC A L SYSTEM ARCHITEC T SERVICES PROVIDED C O N T A C T S

Our Company. 14 years active in ECM concepts Microsoft competence in ERP integration International projects

Resource Management and Audit Scrutiny Panel. Apologies for absence were received from Councillors Child, Gilchrist, Maginnis and O Donnell.

This page is left blank intentionally.

Information Management Strategy: Exploiting Big data and Advanced Analytics

Fleet vehicles opportunities for carbon management

Meerkats: A Power-Aware, Self-Managing Wireless Camera Network for Wide Area Monitoring

Non-Emergency Health Transport

Entry Voice Mail for HiPath Systems. User Manual for Your Telephone

FEASIBILITY STUDY OF JUST IN TIME INVENTORY MANAGEMENT ON CONSTRUCTION PROJECT

Parallel and Distributed Programming. Performance Metrics

by John Donald, Lecturer, School of Accounting, Economics and Finance, Deakin University, Australia

5 2 index. e e. Prime numbers. Prime factors and factor trees. Powers. worked example 10. base. power

Cookie Policy- May 5, 2014

Lift Selection Guide

The example is taken from Sect. 1.2 of Vol. 1 of the CPN book.

OWNER S GUIDE TRANE SPLIT AC AIR CONDITIONER INTERACTIVE REMOTE SPLIT AC WITH

Revolutionising Rehabilitation RAPt BUSINESS PLAN

UNIVERSITY OF NAIROBI SCHOOL OF COMPUTING & INFORMATICS IMPROVING APPLICATION OF KNOWLEDGE MANAGEMENT SYSTEMS IN ORGANIZATIONS:

Results from the AutoLaundry News. In-Bay Automatic Survey

Transcription:

Moving Scurly Around Spac: Th Cas of ESA Prpard By: Andra Baldi, Jos Frnandz Balsiro, Marco Incollingo Tommaso Parrinllo, Cristiano Silvagni, Stfano Zatti Europan Spac Agncy Andra.Baldi@sa.int

ESA Scnario Esa main locations: 6 main sits in Europ, many offics/stations worldwid intrconnctd via MPLS IP VPN with Commrcial ISP connctd to th Intrnt with Commrcial and Acadmic ISP Vry high staff mobility among ESA sits and offics in Europ High mobility also in USA and worldwid Establishmnts Offics Washington Houston ESA ground stations Ground stations usd by ESA Arian downrang stations CDN Kourou Natal Maspalomas Ascnsion Villafranca Librvill Malindi Brussls ESA Paris Toulous ESTEC (Noordwijk) Moscow Kiruna Rdu EAC Cologn ESOC (Darmstadt) ESRIN (Frascati) Fucino Prth Trna Confrnc 2006 2

ESA Missions ESA missions pr yar: ~ 13.000 ESA missions days: ~ 43.000 Trna Confrnc 2006 3

Scurity and Mobility Mobility is a crucial rquirmnt for ESA staff. Scur mobility is a ky rquirmnt for ESA IT. ESA Intrnal mobility: within th sam stablishmnt among diffrnt ESA stablishmnts ESA Extrnal mobility: Evrywhr Off Sit Trna Confrnc 2006 4

ESA Scurity Policy ESA scurity Policy: Establishd 1998 Implmntation btwn 1998-2000 In continuous volution and rissud rgularly to addrss nw challngs: Mobility & Rmot accss & Wirlss srvics Nw scurity thrats & bst scurity practic ESACERT stablishd ESA Scurity Offic bing stablishd: to nsur indpndnc of th scurity function to issu th policy Trna Confrnc 2006 5

Esa Scurity Zons Untrustd: Intrnt Smi Trustd: ESA DMZs ESA Extrnal ntworks Trustd: ESA Intrnal ntworks ESA Rstrictd ntworks Trna Confrnc 2006 6

Nw ESA Mobility Srvics Mor flxibility for collaboration: Extrnal visitors shall b abl to work whil at ESA Nw accss mchanism for rmot accss Incras Srvic Lvls & Managability Easy fault dtction/isolation/fixing Dcras th lad tim for upgrad/xtnsions Incras th lvl of scurity of th WLAN: Scur authntication mchanisms and data privacy Managmnt of rogu accss points and ad hoc ntworks Scurity policy nforcmnt Trna Confrnc 2006 7

Intrnal Mobility via WLAN Multipl SSIDs &WLANs on th sam accss point WPA and 802.1x/PEAP: compatibility issus with clint supplicants/os! CAR for Visitors WLAN Cntral WLAN managmnt and control Additional monitoring and support tools Trna Confrnc 2006 8

Scurity Policy: WLAN Wirlss LAN Srvic Provision and Installation Th provision, installation, configuration and managmnt of any Wirlss Ntwork Dvic is undr xclusiv control and rsponsibility of Information Systm Dpartmnt. As for any othr ntwork quipmnt, wirlss accss points connctd to th sit LAN must b procurd, installd, and configurd at th appropriat lvl of Scurity xclusivly by th Information Systm Dpartmnt. For no rason Wirlss Accss point shall b switchd on, or connctd to th sit LAN without prior approval from of Information Systm Dpartmnt. Illgal Accss point discovrd by th Wirlss IDS will b immdiatly switchd off, disconnctd from th LAN and markd as rogu accss point.... It is strictly forbiddn to mak us of any wirlss dvic (including wirlss cards) to build and crat ad hoc or privat wirlss ntworks. Thos ntworks, if not proprly configurd, intrfr with th Corporat Wirlss LAN Srvics, dgrading thir prformanc and availability. Privat wirlss ntworks can b also usd to bridg two xisting ntworks providing illgal accss to unauthorizd usrs... Trna Confrnc 2006 9

ESA Scurity Modl for Intrnal Mobility Trna Confrnc 2006 10

WLAN Managmnt & IDS Trna Confrnc 2006 11

Extrnal Mobility Accss to ESA systm from outsid of ESA prmiss: From hom (tl workrs) Whil travling on mission (hotls, airports, partnrs) from th middl of nowhr (Launch Campaign) Who: (now ovr 1500 usrs) Occasional: ~ 50 % Rgular: ~ 30-40 % Road Warriors ~ 10 % Trna Confrnc 2006 12

ESA Extrnal Mobility Srvics Extrnal Mobility Srvics outsourcd and packagd into Mobility Packs: MP1: SSL basd Wb Clint accss MP2: MP1 + PC IPSEC clint MP3: MP2 + Dial-In srvics Common Authntication Layr: Dual Factor strong authntication via RSA ScurID Trna Confrnc 2006 13

ESA Extrnal Mobility : Today Systm Viw Trna Confrnc 2006 14

Scurity Policy for Extrnal Traffic from rmot VPN clints to ESA Intrnal Srvics Ntworks Traffic from rmot VPN clints to Extrnal Ntworks (onc connctd to th ESA Intrnal Srvics Ntworks) Mobility Trna Confrnc 2006 15

Scurity Masurs WEB Clint Accss: Cntralizd SSL gatway. Prform Clint Scurity Scan: looks for dangrous opn ports, chck for antivirus, chck for running procsss Allow port forwarding: for mail & applications only if scurity scan is succssful Easy accss, no softwar dploymnt is rquird VPN clint Cntralizd IPSEC basd on Nortl Contivity. On singl tunnl btwn th clint PC and th ESA IP VPN box 3DES Encryption Trna Confrnc 2006 16

Control & Managmnt Masurs Rmot accss accounts ar continuously bing monitord in ordr to dtct any indication of misus Rmot accss bst practics ar providd to ESA usrs to avoid pitfalls Srvic Managmnt procdurs ar in plac to support th rmot usr via a singl hlp dsk Trna Confrnc 2006 17

Nw Mobility Rquirmnts: Public WiFi & GPRS/UMTS Managd off th shlf Srvics with SLA Singl stop billing Singl support srvic Singl usr intrfac to mobil usrs High scurity Authntication Data Privacy High availability: 24x7 Intgration with xisting mobility packs Flxibl cost modl for: Intnsiv usrs Occasional usrs Trna Confrnc 2006 18

Nw Srvics on-going Pilot Layrd on Mobility Packs 1,2,3 Sam scurity modl RSA ScurID as authntication SSL/IPSEC for IP scurity layr Nw accss mchanisms: WiFi Hotspots GPRS/UMTS Trna Confrnc 2006 19

ESA Mobility Solutions: Tomorrow Systm Viw Trna Confrnc 2006 20

Conclusion Scur mobility rquirs that scurity is plannd ahad and volv as srvic togthr with mobility Scurity Policy nds to b in plac, proprly communicatd and nforcd with top managmnt support. Us of industry standards is a ky factor for a succssful dploymnt A good balanc of tchnical and managrial skills ar rquird to build a solution that satisfy usr xpctation and scurity bst practic Trna Confrnc 2006 21

Many thanks ESA collagus who hav contributd in this work: Jos.Frnandz.Balsiro@sa.int, Marco.Incollingo@sa.int, Tommaso.Parrinllo@sa.int, Cristiano.Silvagni@sa.int, Stfano.Zatti@sa.int TERENA staff for th xcllnt organization and th support givn TERENA audinc for bing hr today listning. Trna Confrnc 2006 22

Background Slids Trna Confrnc 2006 23

Accss Point Managmnt Trna Confrnc 2006 24

AP Information Trna Confrnc 2006 25

AP Rporting Trna Confrnc 2006 26

Clints Associations Trna Confrnc 2006 27

WLAN IDS Trna Confrnc 2006 28

WLAN IDS Trna Confrnc 2006 29

ESA Extrnal Mobility : Usr Viw Trna Confrnc 2006 30

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information