wiki:SecuritySummit
Last modified 11 years ago Last modified on 05/22/2008 10:08:54 AM

This page is part of the Security Outline.

Common Security Issues at the Base and Summit Computer Facilities

Moved -- incorporated into SecurityMountain

Will be deleted

  1. Physical Security

1.1 - Power

1.1.1 - Feed from Chilean grid, UPS, generator(s)

1.1.2 - All LSST computer equipment will be kept running by UPS until generator startup. Chilean power grid has serious power issues such as power blackouts, sags, surges which have been known to last for prolonged periods

1.2 - HVAC

1.2.1 - Sizing, type & routing

1.2.2 - Water alarms under raised floor

1.2.3 - Emergency Power shut-off buttons

1.3 - Fire supression

1.3.1 - Need to selection of type (inergen or similar, if water, dry or wet pipe)

1.3.2 - Sensors located under floor and in room

1.4 - Physical Access Controls

1.4.1 - La Serena uses card based RFID system into computer room with logging

1.5 - Physical Detective Controls

1.5.1 - Video cameras around/in computer centers

1.6 - Physical Preventive Controls

1.6.1 - May use interior glass walls into computer centers.

1.7 - Physical Seismic Protection

1.7.1 - Racks should be seismically isolated as possible (hung from the ceiling).

  1. Network Security

2.1 - Connections between security domains and subdomains

2.1.1 - Other observatories within Chile LSST - CTIO - SOAR and others

2.1.2 - Camera groups (e.g. - SLAC)

2.1.3 - Telescope control group

2.1.4 - DACs (e.g. - NCSA, SDSC, Chilean DAC )

2.2 - Internal network structure

2.2.1 - Border Routers

2.2.2 - Border Firewall at Base

2.2.3 - Internal Layer 3 switches

2.2.3.1 - Functional VLAN design (trunking of VLANs between La Serena & Pachon)

2.2.3.2 - "packet filtering" and other switch-based firewall capabilities @ VLAN

2.2.4 - Intrusion Detection/Prevention? System

2.2.4.1 - Subnet Positioning

2.2.4.2 - Event scenario (NAGIOS alarms, corrective actions (ACL modifications, RESETS?)

2.2.5 - "Host Based Intrusion Detection"

2.2.5.1 - Tripwire, AIDE or other hash-based system consistency packages/HIDS

2.2.6 - System-wide log server

2.2.6.1 - syslog-ng or similar

2.2.6.2 - "splunk", "swatch" and other log record dataminers.

2.2.7 - system-wide security correlation server for event notification

2.2.7.1 - "SGUIL", "Acid/Base?" or similar combined security even display

2.2.7.2 - Integrated with NAGIOS (or similar) performance monitoring ("event notification"/"call tree")

2.2.7.3 - Network and performance monitoring (also integrated NAGIOS)

  1. Data Products
  • What products are consumed, produced, and stored
  • Their sources and destinations
  • Ensuring integrity
  1. Authentication/Authorization? requirements

4.1 - PKI (?)

4.1.1 - Advantages/disadvantages

4.1.2 - Where is the Certificate Authority

4.1.3 - What is the vetting process

4.2 - Single sign-on using PKI or other means(?)

4.3 - Determine roles - subjects (who) and objects (what they are allowed to access)

4.4 - "Remote Access" to objects

4.4.1 - Access based on role

4.4.2 - Fixed VPN tunnels between LSST and partners

4.4.3 - Transport VPN to infrastructure from other sites

4.4.4 - Two factor authentication using smart token (NIST 800-63 level 4)

4.4.5 - Authentication provided by RADIUS or DIAMETER or similar.

4.5 - "hairpinned VPN" imposes Firewall security policy on remote users.

  1. Recovery plans

5.1 - "Business Recovery Plan"

5.1.1 - Identify the "family jewels"

5.1.2 - Determine the risk

5.1.3 - Develop recovery sequence

5.2 - Disaster Recovery Plans

5.2.1 - Immediate recovery from the event

5.2.2 - Segue into the recovery

5.3 - Contingency Recovery Plans

5.3.1 - Individual procedures for recovery

5.3.2 - Procedures for incident handling (typically security incidents)

5.4 - Backup

5.4.1 - Determine objects to be backed up

5.4.2 - On-site backup procedures

5.4.3 - Off-site backup procedures

  1. Maintainability provisions (maybe outside of scope for now)
  1. Variability among instances