Update on Security Issues - PowerPoint PPT Presentation

About This Presentation
Title:

Update on Security Issues

Description:

Update on Security Issues LCLS Ebeam Security Update Covering work of Network, Systems, and EPICS teams, and contributions from SCCS teams Gunther will cover Photon ... – PowerPoint PPT presentation

Number of Views:231
Avg rating:3.0/5.0
Slides: 11
Provided by: hami45
Category:

less

Transcript and Presenter's Notes

Title: Update on Security Issues


1
Update on Security Issues
  • LCLS Ebeam Security Update
  • Covering work of Network, Systems, and EPICS
    teams, and contributions from SCCS teams
  • Gunther will cover Photon Cyber Security
  • Integrated with SLAC Security Plan
  • Delivered Systems
  • Network Architecture
  • Computer Security
  • Whats Next

2
Cyber Security Protection Program (CSPP)
  • Integrated with SLAC Cyber Security Plan
  • MCC enclave was extended for LCLS Ebeam Control
    System
  • SCCS security team interfaces with DOE
  • MCC is represented on security committee
  • Interact with SCCS teams to build and maintain
    production control system
  • DOE site visits and responded to STE review
  • SCCS daily and quarterly security scans
  • CSPP Annual Review of MCC enclave (early 2009)
  • Implemented original design of LCLS networks
  • Plan to upgrade enclave while supporting legacy
    control system for Minimum Maintenance State of
    Linac (CID-S19) PEP

3
Delivered Systems
  • Production systems to support ebeam
  • injector through edump
  • MPS/PPS/HVAC in photon section
  • Network upgrade at MCC for gigabit traffic to
    support digitized video
  • LINUX RHEL4 Servers and OPI
  • Main Control Center (MCC)
  • Control Room new layout with 5 dual-head Linux
    OPI, multiple dual-head Sun Ray OPI, multiple
    overhead displays, and locations for laptop on
    public subnets or wireless.
  • Foyer space for Sun Ray laptop work areas
  • Debugging in the field with sunray and wireless

4
(No Transcript)
5
Network Architecture (1)
  • Production nodes reside on production networks
    isolated from SLAC Networks
  • Accelerator subnets Channel Access, Instruments,
    Utilities, Video, Sunray Terminal
  • Private network for some subsystems BPM, LLRF,
    Torroid, ADS
  • Unrouted traffic
  • Monitor traffic and manage switch via accelerator
    network
  • LCLSDMZ is the edge of LCLS networks
  • only access to LCLS from the rest of SLAC
  • All nodes are SLAC-only
  • Wireless is on a separate network tunnel into
    SLAC

6
Network Architecture (2)
  • Traffic routing LCLS integration with previous
    MCC SLAC networks
  • Filtering Firewall to control traffic
  • Read only access from DMZ nodes
  • SCCS services provided from nodes on DMZ
  • saIOC router is tightly controlled with acls for
    a 64-node IP range
  • Use SCCS team for security and network management
  • Security and networking advised on DMZ
    architecture
  • Networking manages switches and brings them
    online
  • Use central network monitoring package and alerts

7
LCLS Ebeam Computer Security (1)
  • LCLS LINUX servers workstations
  • 32-bit RHEL4 (64-bit DELL 1950/2950)
  • standalone configuration, system disk mirroring,
    console service, UPS management, failover
    procedure, automated system resource monitoring,
    watchdog for production applications, etc to
    ensure the systems are reliable and robust
  • Yum patching
  • Synchronize MCC patch repository with SCCS
    repository
  • Monitor when patches are needed
  • Schedule downtime to patch on ROD days
  • Can fallback to old system
  • production applications uses production NFS
  • Authenticate with local accounts and use SSH v2
    keys

8
LCLS Ebeam Computer Security (2)
  • Operator Interfaces (OPI)
  • Standalone linux workstations in control room
    dual 24 monitor
  • Linux-based sunray
  • Sunray 2fs clients in control room for Overhead
    displays and dual-monitor workstations
  • Sunray 2fs clients (cow) and laptops for
    debugging in the field
  • Provide readonly access from offices via
    PVGateway with CA Security
  • Login to production servers for read/write access
  • Wireless is outside SLAC tunnel with
    ICA/Citrix/SSH/VPN/RDP
  • EPICS IOCs
  • IOCs and RTEMS use MCC NFS
  • CA Security is applied in multiple systems
  • VMS control system
  • Minimizing usage while we migrate last functions

9
Other Status
  • Omnilocks on computer room
  • Moved network core into locked computer room
  • slcIOC bridge
  • Injector through BSY devices use this bridge
  • Injector and BC2/L3 commissioning
  • Upcoming run through BSY
  • Undulator beamline edump are EPICS only
  • MCC Oracle is patched by SCCS Oracle experts
  • Electronic logbooks operations and physics

10
Whats next
  • Data Transfer between ebeam and photon sections
  • Security
  • Review filtering firewall to give readonly access
    to control system
  • Review MCC Enclaves CSPP and implement
    improvements
  • Computing Infrastructure
  • Short term access to SCCS Oracle until we move to
    MCC Oracle
  • Review all SCCS dependencies and migrate where
    needed
  • Support S20-BSY Linac Upgrade with existing
    network/computing architecture
  • Migrating away from physics elog to DOE compliant
    elog
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Update on Security Issues" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!