New version page

LIGO Cybersecurity Status

Upgrade to remove ads

This preview shows page 1-2-3-4-5 out of 16 pages.

Save
View Full Document
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 16 pages.
Access to all documents
Download any document
Ad free experience

Upgrade to remove ads
Unformatted text preview:

LIGO-G060520-03-M1LIGO CybersecurityLIGO CybersecurityStatusStatusAlbert LazzariniNSF Annual Review of LIGOLIGO Hanford ObservatoryOctober 23-25, 2006LIGO-G060520-03-M2Outline Recommendations from last review Overview of cybersecurity within LIGOLaboratory Summary of activities during the past year Engagement outside LIGO LaboratoryLIGO-G060520-03-M3Responses to recommendations from 2005LIGO ComputingDevelop, document, qualify a computing model Released the first version of the collaboration computing plancovering the era of LIGO I -- prior to Advanced LIGOoperations( ~ 2013+) Update plan to reflect accrued experience since plan’s first release Extend plan to address Advanced LIGO needsContinue working with the Open Science Grid (OSG) LIGO is an integral member of the Open Science Grid project --recently funded by NSF/DOE Resource Manager on OSG Executive Team (K. Blackburn) OSG Council representative (W. Anderson, UWM) OSG Virtual Organization(VO) Support Center (M. Ramsunder, PSU) LSC production analysis is being integrated with OSG Physics at the Information Frontier (PIF) awarded to LSC data grid institutions concurrently with OSG P. Brady (PI, UW M), ex officio memb er of OSG executive boardLIGO-G060520-03-M4OverviewThe LIGO Scientific Collaborationand the LIGO Data GridLIGO Laboratory: 4 sites*LHO, LLO: observatory sites• Caltech• Hanford Observatory (LHO)LivingstonObservatory (LLO)•MIT ••LSC - LIGO Scientific Collaboration•Not under organizational control of LIGO Laboratory•Funding provided through separate grants - NSF•Cybersecurity policy allows them to join trust relationship with laboratory via MOUsCollaboration Tier 2: 2 US sitesUWM •PSU •CardiffAEI/Golm •Birmingham•+ 3 EU sites/EULIGO-G060520-03-M5OverviewCybersecurity within LIGO Laboratory LIGO’s sole mission: gravitational wave fundamental scientific research-- principal goal: maximize scientific output Computer security for LIGO must be consistent with mission & goalsPrimary: avoid disruption of operation or corruption of dataSecondary: avoid serious embarrassment caused by defacement of LIGO publicly accessiblewebsites or the use of LIGO computers in criminal activities Designed to address no more than the specific LIGO computer security aims: Caltech provides support for LIGO’s payroll, accounting, purchasing and other major businesssystems and these are covered by Caltech policies All measures based on risk evaluation Computer security implementations must be balanced Disruptions to science caused by intrusions vs. impediments to science caused by securitymeasuresLIGO-G060520-03-M6OverviewCybersecurity within LIGO Laboratory Cybersecurity is based on a layered approach Ensure significant assets are fully protected andsecure Allow flexible access to information required to allowthe LIGO Scientific Collaboration to accomplish itsscientific mission Most stringent requirement applies to resourceslocated at the observatory sitesLIGO-G060520-03-M7OverviewObservatory Critical Systems (OCS) Cybersecurity plan identifies the key area of LIGO Laboratory ITinfrastructure that requires specific measures to ensure robustnessagainst disruption of LIGO operations from cyber attacks. Observatory Security Critical Systems Located at the observatory sites Comprises of the interferometers and data caches prior tocommitment of data to the permanent archive. Ensures that interferometer operation and control takes place in a secure environment Protects integrity of archived data Interferometer controls & data acquisition (CDS - Control & Data System) Data archival at observatories (LDAS - LIGO Data Analysis Systems) General computing components (GC) that “touch CDS & LDAS”) OCS oversight assigned to an OCS Committee that is chaired by LHOCDS lead (D. Barker) Charged with evaluating, assessing cybersecurity measures & needs with regard to theOCS infrastructure Key personnel responsible for major OCS infrastructure are members of the committee Cybersecurity personnel, CSO and CSC, attend all meetings.LIGO-G060520-03-M8OverviewCybersecurity Organization within LIGO LaboratoryLIGO-G060520-03-M9Activities during past yearNew Computer Security Officer Kent Blackburn appointed new LIGO Computer Security Officer(CSO) in September 2006 Shannon Roddy remains the Computer Security Coordinator(CSC) Internally: immediate tasks at hand: Reviewing/updating cybersecurity documents & policies; Cybersecurity Plan Update Risk Assessment Acceptable Use Policy Incident Response Procedures Patch Procedures Externally: focus on integration of cybersecurity within thelarger collaboration computing infrastructure New working group established under the LSC Computer Committee to addresscollaboration wide partnership in cybersecurity. Comprises of LIGO CSO/CSC and LSC Tier II computer security officers Also addresses LIGO certificate management under the DOE CALIGO-G060520-03-M10Activities during past yearImproved security - Observatory Critical Systems OCS committee convened bi-monthly to assign actions, monitor progressin security implementation at both observatories Intrusion Detection System installed IDS installed on server performing as an X2100 gentoo router, with a mySql datab ase and web data accesstool running on the base X2100 FC 4 server Administration traffic and system logs further secured New ADMINLAN installed, IDS datab ase and syslog server on this network Outside access to Critical Systems reduced to single point of access Dual home gateways removed. NAT router the single point of access CDS controls and non-controls network traffic separated New PCLAN created for non control systems. RAIDS, switches and tapes moved to ADMINLAN. NewTESTLAN created for offline teststands and laboratory systems Offsite network scans of OCS resulted in system reconfiguration/upgrades Ports which should not be op en were closed. Older versions of server software, e.g. ap ache, upgraded Reviewed and further restricted offsite access to the OCS Access to frameb uilder NDS restricted on a need-to-know basis. Access to testp oints removed. Sensitivewiki data is password p rotected, etc.LIGO-G060520-03-M11Activities during past yearAddressing Vulnerabilities Vulnerability Assessment In progress: assessment using NIST FISMA


Download LIGO Cybersecurity Status
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view LIGO Cybersecurity Status and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view LIGO Cybersecurity Status 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?