Getting Started Guy Warner NeSC Training Team - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Getting Started Guy Warner NeSC Training Team

Description:

Data encrypted with one key can only be decrypted with other. The public key is public. ... to passport or driver's license: Identity signed by a trusted ... – PowerPoint PPT presentation

Number of Views:54
Avg rating:3.0/5.0
Slides: 20
Provided by: gcw
Category:

less

Transcript and Presenter's Notes

Title: Getting Started Guy Warner NeSC Training Team


1
Getting Started Guy WarnerNeSC Training Team
Induction to Grid Computing and the National Grid
Service 10th-11th March 2005
2
Acknowledgements
Some of the slides in this presentation are based
on / motivated by
  • The presentation given by Carl Kesselman at the
    GGF Summer School 2004. This presentation may be
    found at
  • http//www.dma.unina.it/murli/GridSummerSchool200
    4/curriculum.htm
  • Lectures given by Richard Sinott and John Watt at
    the University of Glasgow. These lectures may be
    found at
  • http//csperkins.org/teaching/2004-2005/gc5/
  • The presentation given by Simone Campana of CERN
    at First Latinamerican Grid Workshop, Merida,
    Venezuela. This presentation may be found at
  • http//agenda.cern.ch/fullAgenda.php?idaa044965

3
The Problem
  • QuestionHow does a user securely access the
    Resource without having an account on the
    machines in between or even on the Resource?
  • QuestionHow does the Resource know who a user
    is and that they are allowed access?

4
Overview
Security
Authentication
Grid SecurityInfrastructure
Encryption Data Integrity
Authorization
5
Approaches to Security 1
The Poor Security House
6
Approaches to Security 2
The Paranoid Security House
7
Approaches to Security 3
The Realistic Security House
8
Approaches to Grid Security
  • The Poor Security Approach
  • Use unencrypted communications.
  • No or poor (easily guessed) identification means.
  • Private identification (key) left in publicly
    available location.
  • The Paranoid Security Approach
  • Dont use any communications (no network at all).
  • Dont leave computer unattended.
  • The Realistic Security Approach
  • Encrypt all sensitive communications
  • Use difficult to break identification means.
  • Keep identification secure at all times (e.g.
    encrypted on a memory stick).
  • Only allow access to trusted users.

9
The Risks of Poor User Security
  • Launch attacks to other sites
  • Large distributed farms of machines, perfect for
    launching a Distributed Denial of Service attack.
  • Illegal or inappropriate data distribution and
    access sensitive information
  • Massive distributed storage capacity ideal for
    example, for swapping movies.
  • Damage caused by viruses, worms etc.
  • Highly connected infrastructure means worms
    spread faster than on the internet in general.

10
Authentication and Authorization
Mongolian Yak Inspector
  • Authentication
  • Are you who you claim to be?
  • Authorisation
  • Do you have access to the resource you are
    connecting to?

11
The Trust Model
slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
12
Public Private Key
Alice
Bob
Life Savings
Life Savings
Life Savings
13
Public Key Infrastructure (PKI)
  • PKI allows you to know that a given key belongs
    to a given user.
  • PKI builds off of asymmetric encryption
  • Each entity has two keys public and private.
  • Data encrypted with one key can only be decrypted
    with other.
  • The public key is public.
  • The private key is known only to the entity.
  • The public key is given to the world encapsulated
    in a X.509 certificate.

slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
14
Certificates
  • Similar to passport or drivers license Identity
    signed by a trusted party

slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
15
Certificate Authorities
  • A small set of trusted entities known as
    Certificate Authorities (CAs) are established to
    sign certificates
  • A Certificate Authority is an entity that exists
    only to sign user certificates
  • Users authenticate themselves to CA, for example
    by use of their Passport or Identity Card.
  • The CA signs its own certificate which is
    distributed in a secure manner.

slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
16
Delegation and Certificates
  • Delegation The act of giving an organization,
    person or service the right to act on your
    behalf.
  • For example A user delegates their
    authentication to a service to allow programs to
    run on remote sites.

17
User Authorisation to Access Resource
slide based on presentation given by Carl
Kesselman at GGF Summer School 2004
18
User Responsibilities
  • Keep your private key secure.
  • Do not loan your certificate to anyone.
  • Report to your local/regional contact if your
    certificate has been compromised.
  • Do not launch a delegation service for longer
    than your current task needs.

If your certificate or delegated service is used
by someone other than you, it cannot be proven
that it was not you.
19
Summary
20
The Practical
  • In your information pack is a sheet containing
    the details for logging on to your workstation
    and the passwords needed for logging on to your
    account on lab-07 the server to be used in this
    tutorial.
  • Login to your workstation
  • Use the putty program (on your desktop) to
    connect to lab-07
  • Open a browser window to http//homepages.nesc.ac.
    uk/gcw/NGS/GSI.html
  • Follow the instructions from there.
Write a Comment
User Comments (0)
About PowerShow.com