Collaboration Network Enclave at PNNL - PowerPoint PPT Presentation

1 / 10
About This Presentation
Title:

Collaboration Network Enclave at PNNL

Description:

Collaboration Network Enclave at PNNL – PowerPoint PPT presentation

Number of Views:39
Avg rating:3.0/5.0
Slides: 11
Provided by: hpcr
Category:

less

Transcript and Presenter's Notes

Title: Collaboration Network Enclave at PNNL


1
Collaboration Network Enclave at PNNL
HEP Cybersecurity Workshop Tim Carlson March
11, 2005
2
Outline
  • Background
  • Bandwidth Plans
  • Enclave Design Goals
  • PNNL Security Enclaves
  • Enclave Architecture
  • Collaboration Network Enclave
  • Collaboration Network Enclave
  • Host-Based and Network Security
  • Configuration Control
  • Access Control
  • GFS Filesystem

3
PNNL Internet Connectivity Current and Planned
Regional Internet and PNWGP Peers
Internet2
OC-192
Pacific NW Gigapop
GigE (Jul 2005)
10GigE (Spring 2006)
10GigE (Spring 2006)
OC-12
PNNL Switches Seattle
OC-3
ESnet
GigE (Jul 2005)
6 x 10 Gbps Lambdas (May 2005)
OC-12
PNNL
4
PNNL Network Enclaves
  • Enclaves enable tailoring of cyber security
    policy to meet mission-specific objectives
  • Enclave design goals
  • Scale to support multiple enclaves
  • Avoid replication of services
  • Every enclave should have critical resources
    needed to operate
  • Backup and shared services in a common area
  • Provide mechanisms for secure access to
    applications between enclaves

5
Enclave Diagram
6
Collaboration Network Enclave
PNWGP
Enterprise Services
7
Collaboration Network EnclaveLayered Security
Components
  • Host-based security
  • Host-based firewall (iptables) controlled by
    PNNL Firewall team
  • Intrusion Prevention System (PSAD)
  • File integrity checking (Tripwire)
  • Configuration Control/Auditing
  • Centralized configuration control (cfengine and
    Redhat Satellite)
  • Active vulnerability scanning (Nessus)
  • Centralized system logging (Syslog)
  • Center for Internet Security (CIS) benchmarks
  • Big Brother

8
Collaboration Network EnclaveLayered Security
Components (continued)
  • Network Security
  • Passive sensor (Securify, Snort)
  • MAC address registration
  • Physical building/room security
  • Access Control/Authentication
  • Formal, centralized account management processes
  • Centralized Kerberos 5 authentication
  • SecurID authentication for remote access
    (one-time password and two-factor authentication)

9
Storage ConnectivityOpen Source Global File
System
  • Allows multiple systems to direct attach to
    storage
  • No data transfer necessary between servers
  • Data is immediately available when write
    operations complete
  • Filesystem journals are synched through GFS
    daemons on each system

10
Thank You
Collaboration Network Project TeamJohn McCoy
(Program Director)Shaun OLeary (Team Lead)
Tim Carlson tim_at_pnl.gov 509-376-3423
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Collaboration Network Enclave at PNNL" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!