Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure...
-
Upload
kelley-brown -
Category
Documents
-
view
214 -
download
0
description
Transcript of Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure...
![Page 1: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/1.jpg)
Computing Facilities
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF
SINDESSecure INformation DElivery
System
CERN IT/CF-ASI
![Page 2: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/2.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF Outline
• What is SINDES• Weak points• How to improve
![Page 3: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/3.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF What is SINDES
• Main purpose:– CA - manage the certificates– Store & deliver confidential information
![Page 4: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/4.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF SINDES – Certificate Authority
CA functionality:• Create certificates• Sign certificates
• Confirm identities• Revoke certificates
![Page 5: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/5.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF SINDES – Storage & delivery
Storage centre• Upload secret files• Store passwords
• Deliver files in a secure way
![Page 6: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/6.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF What is SINDES
• Main purpose:– CA - manage the certificates– Store & deliver confidential information
• Architecture based on OpenSSL x509 standard, Apache with mod_ssl and mod_rewrite
• Automated certification process – client has defined time window to ask for a certificate
![Page 7: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/7.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF Outline
• What is SINDES• Weak points• How to improve
![Page 8: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/8.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF Weak points of SINDES
• Usability– No delete file feature– Only two target types:
• cluster • host
today also subcluster type needed– No mechanism to move a machine between
clusters– No view file feature; fetch file to client only– No file versioning
![Page 9: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/9.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF Weak points of SINDES
• Security issues:– Only one SINDES system user
• anybody with the access may tamper any file stored with SIDNES
• no user information in log files– No privileges granularity
![Page 10: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/10.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF Weak points of SINDES
• On the one hand:– System in production serving more than 8.000
hosts at CERN– A number of crucial applications relying on
SINDES CA functionality to authenticate (i.e. Lemon, CDB, CluMan)
• On the other hand:– Limited functionality– Room for improvement in security aspect
![Page 11: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/11.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF Outline
• What is SINDES• Weak points• How to improve
![Page 12: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/12.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF How to improve SINDES
• Ways of improvement– Enhance the usability and security in the current
version of the system– Find and adopt a new tool, keep the functionality
• Freeware tools: i.e. wallet by Russ Allbery http://www.eyrie.org/~eagle/software/wallet/
– Write a completely new tool
• We have 1 year manpower starting from the 1st October 2010
![Page 13: Computing Facilities CERN IT Department CH-1211 Geneva 23 Switzerland t CF SINDES Secure INformation…](https://reader036.fdocuments.in/reader036/viewer/2022070616/5a4d1c137f8b9ab0599f82f3/html5/thumbnails/13.jpg)
CERN IT Department
CH-1211 Geneva 23
Switzerlandwww.cern.ch/
it
CF Thank you
We would be glad to receive any feedback from You!