Multilayered IT Security Requirements and Measures for the Complex Protection of Polish Domain-Specific Grid Infrastructure

详细信息    查看全文

• 作者：Bart?omiej Balcerek (18)
  Gerard Frankowski (19)
  Agnieszka Kwiecień (18)
  Norbert Meyer (19)
  Micha? Nowak (19)
  Adam Smutnicki (18)
  
• 关键词：IT security ; HPC ; Grid ; security measures ; NGI ; NGI_PL
• 刊名：Lecture Notes in Computer Science
• 出版年：2014
• 出版时间：2014
• 年：2014
• 卷：8500
• 期：1
• 页码：61-79
• 全文大小：352 KB
• 参考文献：1. 2013 TrustWave Global Security Report, http://www2.trustwave.com/rs/trustwave/images/2013-Global-Security-Report.pdf
  2. EGI Computer Security Incident Response Team, https://wiki.egi.eu/wiki/EGI_CSIRT:Main_Page
  3. European Grid Infrastructure, http://www.egi.eu
  4. National Data Storage Project, http://nds.psnc.pl
  5. Pakiti: A Patching Status Monitoring Tool, http://pakiti.sourceforge.net/
  6. Partnership for Advanced Computing in Europe, http://www.prace-ri.eu
  7. Balcerek, B., Frankowski, G., Kwiecień, A., Smutnicki, A., Teodorczyk, M.: Security Best Practices: Applying Defense-in-Depth Strategy to Protect the NGI_PL. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds.) PL-Grid 2011. LNCS, vol.?7136, pp. 128-41. Springer, Heidelberg (2012), http://dx.doi.org/10.1007/978-3-642-28267-6_10 CrossRef
  8. Balcerek, B., Kosicki, G., Smutnicki, A., Teodorczyk, M.: Zalecenia bezpieczeństwa dotycz?ce instalacji klastrów lokalnych v0.95 (2010) (in Polish)
  9. Balcerek, B., Smutnicki, A., Frankowski, G., Czarniecki, L.: Zalecenia bezpiecznej instalacji i u?ytkowania infrastruktury cloud (2013) (in Polish)
  10. Balcerek, B., Smutnicki, A., Teodorczyk, M.: Testy penetracyjne infrastruktury PL-Grid (2011) (in Polish)
  11. Balcerek, B., Szurgot, B., Uchroński, M., Waga, W.: ACARM-ng: Next Generation Correlation Framework. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds.) PL-Grid 2011. LNCS, vol.?7136, pp. 114-27. Springer, Heidelberg (2012) CrossRef
  12. Bali?, B., Har??lak, D., Radecki, M.: Procedury wdra?ania oprogramowania w infrastrukturze PL-Grid v1.2 (2010) (in Polish)
  13. Brze?niak, M., Jankowski, G., Meyer, N.: National Data Storage 2 -Secure sparing, publishing and exchanging data (2011), http://www.terena.org/activities/tf-storage/ws10/slides/20110204-nds2.pdf
  14. Erdogan, O., Frankowski, G., Nowak, M., Meyer, N., Yilmaz, E.: Security in HPC Centres (2012), http://www.prace-ri.eu/IMG/pdf/wp79.pdf
  15. Frankowski, G., Rzepka, M.: SARA -System for Inventory and Static Security Control in a Grid Infrastructure. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds.) PL-Grid 2011. LNCS, vol.?7136, pp. 102-13. Springer, Heidelberg (2012) CrossRef
  16. Kitowski, J., et al.: Polish computational research space for international scientific collaborations. In: Wyrzykowski, R., Dongarra, J., Karczewski, K., Wa?niewski, J. (eds.) PPAM 2011, Part I. LNCS, vol.?7203, pp. 317-26. Springer, Heidelberg (2012) CrossRef
  17. Krakowian, M.: Procedura rejestracji u?ytkowników v1.0.1 (2010) (in Polish)
  18. Litton, J.: Why Linux Will Never Suffer From Viruses Like Windows (2012), http://hothardware.com/Reviews/Why-Linux-Will-Never-Suffer-From-Viruses-Like-Windows
  19. Meizner, J., Radecki, M., Pawlik, M., Szepieniec, T.: Cloud services in PL-Grid and EGI infrastructures. In: Bubak, M., Tura?a, M., Wiatr, K. (eds.) CGW 2012 Proceedings, pp. 71-2. ACK CYFRONET AGH, Kraków (2012), http://dice.cyfronet.pl/publications/source/papers/023-B5-mp-c44-Szepieniec.pdf
  20. Microsoft: 10 Immutable Laws of Security, http://technet.microsoft.com/library/cc722487.aspx#EIAA
  21. OWASP: Defense in depth, https://www.owasp.org/index.php/Defense_in_depth
  22. Patriot?Technologies, Inc.: How to successfully secure a?HPC system (2011), http://blog.patriot-tech.com/blog/bid/49004/How-to-successfully-secure-a-HPC-system
  23. PL-Grid project web site, http://projekt.plgrid.pl/en
  24. Schneier, B.: Crypto-Gram Newsletter (2000), https://www.schneier.com/crypto-gram-0005.html
  25. Symantec: Internet Security Threat Report 2013 (2013), http://www.symantec.com/content/en/us/enterprise/other_resources/b-istr_main_report_v18_2012_21291018.en-us.pdf
  
• 作者单位：Bart?omiej Balcerek (18)
  Gerard Frankowski (19)
  Agnieszka Kwiecień (18)
  Norbert Meyer (19)
  Micha? Nowak (19)
  Adam Smutnicki (18)
  
  18. Wroclaw Centre for Networking and Supercomputing, Wybrze?e Wyspiańskiego 27, 50-370, Wroc?aw, Poland
  19. Poznan Supercomputing and Networking Center, ul. Noskowskiego 10, 61-704, Poznań, Poland
  
• ISSN：1611-3349

文摘

The security of the Polish Domain-Specific Grid Infrastructure relies on applying appropriate security standards and practices by five Polish HPC centres participating in the PLGrid Plus project. We review both aspects of assuring in-depth security in the Polish Domain-Specific Grid Infrastructure: the conceptually lower level of underlying HPC centres and the topmost level of the project, comprising services and applications. We describe the security model in the PLGrid Plus project as a case-study in order to provide a best-practices example to be further developed, extended or adjusted in other Research and Development (R&D) projects, where resources available for ensuring security are visibly limited. We compare the available security measures and practices with those applied in other experienced grid and networking projects, both national (e.g. PL-Grid or National Data Storage 2) and European (e.g. EGI).