Upload
others
View
2
Download
0
Embed Size (px)
Citation preview
Trusted CI Webinar Series
Today’s webinar topic is “The Security Program at LSST” with NCSA’s Alex
Withers. Our host is Jeannette Dopheide.
The meeting will begin shortly. Participants are muted. Click the Chat button to
open the chat view and ask a question.
This meeting will be recorded.
The Trusted CI Webinar Series is supported by National Science Foundation grant #1547272.
The views and conclusions contained herein are those of the authors and should not be interpreted as necessarily representing the official policies or endorsements, either expressed or implied, of the NSF.
Cyber Security at the Large Synoptic Survey Telescope
Alex WithersCCoE Webinar June 25th, 2018
•
••
••
•
Large Synoptic Survey Telescope• Scientific goals:
• Probe the nature of dark matter and dark energy• Cataloging the Solar System, particularly
near-Earth asteroids and Kuiper belt objects• Observing transient optical events• Mapping the Milky Way: exploring structure and
formation• More information: www.lsst.org
LSST Data• Recall that LSST data is the deliverable…• Data eventually released to the public• LSST’s Information Classification Policy outlines the
information categories and gives examples.• Sites that provide access to LSST data (i.e. NCSA) need
to follow LSST’s security policy w.r.t. to that data.• Identity management plays a very important role here.
•
•
•
•
•
•
Lots of data, lots of software
02C.06.02Data Access Services
02C.07.01, 02C.06.03Processing Middleware
02C.07.02Infrastructure Services
(System Administration, Operations, Security)
02C.08.03Long-Haul
Communications
Physical Plant (included in above)
02C.07.04.02Base Site
Application Layer (LDM-151)• Scientific Layer• Pipelines constructed from reusable, standard “parts”, i.e. Application Framework• Data Products representations standardized• Metadata extendable without schema change• Object-oriented, python, C++ Custom Software
Middleware Layer (LDM-152)• Portability to clusters, grid, other• Provide standard services so applications behave consistently (e.g. provenance)• Preserve performance (<1% overhead) • Custom Software on top of Open Source, Off-the-shelf
Software
Infrastructure Layer (LDM-129)•Distributed Platform•Different sites specialized for real-time alerting, data release production, peta-scale data
access•Off-the-shelf, Commercial Hardware & Software, Custom Integration
02C.06.01Science Data Archive
(Images, Alerts, Catalogs)
02C.01.02.01, 02C.02.01.04, 02C.03, 02C.04
Alert, SDQA, Calibration, Data Release
Productions/Pipelines 02C.03.05, 02C.04.07
Application Framework
02C.05Science User Interface
and Analysis Tools
02C.07.04.01Archive Site
02C.01.02.02 - 03SDQA and
Science Pipeline Toolkits
•LSST security program consists of:• Master security plan• Incident response plan• Information classification policy• Acceptable Use Policy• Security plans for each of LSST’s subsystems: camera, telescope,
data management, etc.
•Previously mentioned documents governed by LSST’s Change Control Board.
•Derived from these documents:• Web-based risk assessment tables per subsystem• Security requirements documents• Incident response and handling playbook
••
••
•••
…•
Scope and Scale of Security Plan• LSST comprised of many partner institutions: SLAC,
Caltech, NOAO, NCSA, Princeton, UW, etc.• These institutions have their own security programs and
handle their own incidents.• Where does that leave our security plan?
• Identifying of legal and regulatory concerns.• Outlines overall roles and responsibilities.• Protecting LSST data.• Areas not covered by an institution's own security plan.
Change Control and Risk• LSST’s change control board authorizes security
related changes• Policies, procedures, training, etc.• LSST Project Manager has final authority
• Residual risk is accepted by the Project Manager• Risk is documented using a simple risk assessment
table method:
•Technologies need to cover authn/z needs within the context of jupyterhub, web portals and RESTful APIs
• IAM system goals include:• Identify members of US/Chilean astronomy community• Identify named individuals and delegates with data rights (L2)• Manage collaborative groups within LSST (L3)• Access to applications/services• Admin/staff roles
• InCommon/COFRe authentication with eduPersonAffiliation•LDAP+Kerberos across NCSA, Chile and Tuscon
• User/group management with in-house NCSA software (CoManage-like)
• Duo for 2-factor
•LSST applications using CILogon (www.cilogon.org)•SciTokens (scitokens.org): authorization with OAuth2.0 and JWTs
•
Identity Linking
− External identities (University, GitHub, etc.) linked to individual’s LSST identity– Established during initial enrollment and managed
by user− Group memberships based on LSST identity
– LDAP queries using LSST IDs and external IDs
••
••••
L2 Data Rights (Proposed)
− National professional astronomical community– Use eduPersonAffiliation when available
• No "astronomy department" affiliation• "Member" is close enough?
– Use American Astronomical Society membership directory?• i.e. orcid
– Otherwise will require manual review/approval
L2 Data Rights (Proposed)
− Named individuals from international partners– Lookup existing LSST accounts– Email-based invitations
− A limited number of designated additional individuals (post-docs, grad students) per named individual– Named individuals can invite/grant others (from same
institution)− Periodic re-validation / review
Recall...
••
•••••
Host-level security• Host-based firewalls• Configuration management with puppet• Endpoint security: ossec, anti-virus, etc.• User accounts centrally managed: LDAP, Kerberos,
sssd, Duo• System logs collected• Administrative privileges tied to specific user accounts
• i.e. no root login, sudo only, require two-factor
Network-level security• Network filtering (SDN whitelists, firewalls)
• Ingress and egress filtering• Remote access with SSH, VPN and HTTPS
• Two-factor authentication required• Bro IDS at perimeter• Management/operation tasks take place on
out-of-band networks
Data-level security• Risk assessment tables capture systems and storage
containing sensitive data• Data labeled as per the information classification
policy• Unintended release of this kind of data is documented
as a severe risk• Filesystems support for authn/z• Burden mainly falls on the application providing access
to the data
Physical-level security• Physical security present a weak point for bypassing
security controls• Policies enforced by software can mitigate these risks
• USB keys, portable storage• Dangerous for non-networked systems
• Physical security• Wireless devices, APs, and physical network ports
• Visitors who BYOD forced into visitor enclave
LSST Security Operations
● Operations managed from completely separate network● Permanent VPN tunnel from NCSA security management network to Chile
observation site management network● VM Infrastructure
○ High availability○ Host non-Bro security services
● Two Bro clusters: one production, one development/testing○ 40 GB network → 100 GB network○ Network taps aggregated, large flows shunted
Offsite Bastion
PfSense
PfSense
VM Infrastructure
Tap Aggregation
Bro ClusterProduction
Bro ClusterTest
Network Taps
WANIPsec VPN Tunnel, BGP Advertised
Cyber Security Mgmt/LOM Networks
PfSense
PfSense
@NCSA Sec Infrastructure
LSST Data and Operations100 GB links x2
Conclusion
• LSST has a working security plan covering existing and planned operations
• Future challenges:• Ensure LSST users and staff know what is expected
• Awareness and education is key• Enabling access to data in a secure manner• Securing the core of LSST’s operations
• Accomplishing our security goals helps LSST achieve its mission
Thanks!
− Contacts:– [email protected]– https://security.ncsa.illinois.edu/
− Acknowledgements– Jim Basney, NCSA (LSST IaM project, cilogon and
SciTokens)
Questions?Please take our survey
About the Trusted CI Webinar seriesTo view presentations, join the discuss mailing list, or submit requests to
present, visit:
https://trustedci.org/webinars
The next webinar is July 23rd at 11am Eastern.
Topic: RSARC: Trustworthy Computing Over Protected Datasets
Speaker: Mayank Varia