by Kate Bradshaw
Between 90 and 98% of the emails received each day by most organizations are spam. While some are nothing but a harmless nuisance, others are malicious and capable of causing substantial damage. This is just one of the ways in which Grid and other computing sites can be attacked. To increase awareness and provide security guidance, CERN has led a European Commission co-funded project entitled Integrated Site Security for Grids (ISSeG), which was completed at the end of March 2008. The final results of this 26-month project are available from the project Web site.
The ISSeG Web site provides a risk assessment tool, security recommendations and training material to help sites improve their computer security. While the project's focus has been on the security of Grid sites, the material is applicable to a wide range of computer centres, particularly those in academic or technical environments.
Integrated Site Security
The project's vision has been that Grid security, which focuses on middleware, authentication, authorisation and operation across multiple administrative domains, needs to be complemented by comprehensive site security at all participating Grid sites. To this end, the ISSeG project has created and disseminated practical expertise on the deployment of Integrated Site Security (ISS).
ISS is a practical approach to site security that integrates technical, administrative and educational security solutions, and develops them in a consistent and coordinated way. This integration ensures that policies, rules, awareness and training all evolve in step with technological or administrative developments.
Creating Practical Expertise
The project began in February 2006 and has been co-funded by the EU FP6 Programme. The consortium comprised the European Organization for Particle Physics (CERN) in Switzerland, Forschungszentrum Karlsruhe (FZK) in Germany, and the Science and Technology Facilities Council (STFC) formerly known as the Council for the Central Laboratory of the Research Councils (CCLRC) in the UK.
ISSeG created and captured raw expertise through full-scale ISS deployment at CERN and FZK including, for example, flexible and improved security for centrally managed computers, strengthened policies for controls networks and increased firewall protections. Experience gained from the two site deployments, as well as site security assessments carried out by a subcontracted company, were used to develop training materials and recommendations as to how security risks can be mitigated.
Coordinated by STFC, results were disseminated via presentations and the ISSeG Web site to help scientific communities use this integrated approach to improve their site security measures. In addition, there has been close collaboration with the security groups of the Enabling Grids for E-sciencE (EGEE) project the Operational Security Coordination Team (OSCT) and the Joint Security Policy Group (JSPG) resulting in their continuous involvement and input to help shape ISSeG development.
The ISSeG Web Site
Visitors to the Web site can download and complete a risk assessment questionnaire. They will then, via a prioritized list of threats specific to their site, receive tailored site security recommendations. A generic set of the top threats and top recommendations for Grid sites can also be viewed directly.
Training materials for general users, system administrators, software developers and managers are also available from the site, including introductory material, training presentations, security checklists and downloadable printable materials.
Acknowledging the usefulness of the content, the OSCT will take over the maintenance of the ISSeG Web site to ensure its continued availability beyond the lifetime of the ISSeG project. This agreement was formalized in a Memorandum of Understanding between ISSeG and phase three of the EGEE (Enabling Grids for E-science) project (EGEE-III), which began in May 2008.
This article is based on one published in the CERN Computer Newsletter.