Advertisement

Security Best Practices: Applying Defense-in-Depth Strategy to Protect the NGI_PL

  • Bartłomiej Balcerek
  • Gerard Frankowski
  • Agnieszka Kwiecień
  • Adam Smutnicki
  • Marcin Teodorczyk
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7136)

Abstract

The role of security in modern IT systems is continuously growing. Large infrastructures have to be protected against sophisticated attacks on organizational, technical and logical levels. Achieving sufficient security level becomes even more difficult for distributed and, often, heterogeneous environments that involve valuable assets and data – like grids. The main goal of the work described within this paper is to provide maximum level of protection against network attackers to the PL-Grid – Polish National Grid Initiative – infrastructure.

Keywords

IT security attack defense-in-depth procedures penetration tests static analysis PKI NGI NGI_PL 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    National Data Storage Project, http://nds.psnc.pl
  2. 2.
    Research projects of WCNS, http://www.wcss.wroc.pl//english/r.php
  3. 3.
    Liferay portal multiple vulnerabilities. Secunia Advisory SA28742 (February 2008), http://secunia.com/advisories/28742
  4. 4.
    Liferay portal script insertion and jsp code execution vulnerabilities. Secunia Advisory SA38088 (January 2010), http://secunia.com/advisories/38088
  5. 5.
    Adamski, M., Frankowski, G., Jerzak, M., Stokłosa, D., Rzepka, M.: Defense in depth strategy – a use case scenario of security a virtual laboratory (2011)Google Scholar
  6. 6.
    Balcerek, B., Kosicki, G., Smutnicki, A., Teodorczyk, M.: Zalecenia bezpieczeństwa dotyczące instalacji klastrów lokalnych v0.95 (2010)Google Scholar
  7. 7.
    Balcerek, B., Szurgot, B., Uchroński, M., Waga, W.: ACARM-ng – Next Generation Correlation Framework. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds.) PL-Grid 2011. LNCS, vol. 7136, pp. 114–127. Springer, Heidelberg (2012)Google Scholar
  8. 8.
    Brzeźniak, M., Jankowski, G., Meyer, N.: National Data Storage 2 – Secure sparing, publishing and exchanging data (February 2011), http://www.terena.org/activities/tf-storage/ws10/slides/20110204-nds2.pdf
  9. 9.
    Center for Internet Security, http://www.cisecurity.org/
  10. 10.
    Domeny.pl, CertytfikatySSL.pl: Bezpieczeństwo zakupów w polskich serwisach internetowych, p. 10 (2011), https://certyfikatyssl.pl/resources/bezpieczenstwo_zakupow_w_polskich_e-sklepach_raport.pdf
  11. 11.
    EUGridPMA (2010), http://www.eugridpma.org
  12. 12.
    EuGridPMA: Authentication Profile for Classic X.509 Public Key Certification Authorities with secured infrastructure (2010)Google Scholar
  13. 13.
    Franklin, J., Paxson, V., Perrig, A., Savage, S.: An inquiry into the nature and causes of the wealth of internet miscreants, p. 12Google Scholar
  14. 14.
    Frankowski, G., Rzepka, M.: SARA – System for Inventory and Static Security Control in a Grid Infrastructure. In: Bubak, M., Szepieniec, T., Wiatr, K. (eds.) PL-Grid 2011. LNCS, vol. 7136, pp. 102–113. Springer, Heidelberg (2012)Google Scholar
  15. 15.
    Herman, S., Lambert, S., Ostwald, T., Shostack, A.: Thread modeling – uncover security design flaws using the STRIDE approach. MSDN Magazine (November 2006)Google Scholar
  16. 16.
    Howard, M., LeBlanc, D.: Writing secure code, p. 347. Microsoft Press (2002)Google Scholar
  17. 17.
    IGTF: IGTF One Statement Certificate Policies (2011), http://www.eugridpma.org/guidelines/1scp
  18. 18.
    IGTF: International Grid Trust Federation, version 1.1 (2011), http://www.igtf.net/new-doc/IGTF-Federation-20051005-1-igtf.pdf
  19. 19.
    Institute for Security and Open Methodologies, http://www.isecom.org/osstmm/
  20. 20.
    Jain, N., Swaminathan, B.: Agile overview – embrace uncertainty, http://www.slideshare.net/nashjain/agile-overview
  21. 21.
    Krakowian, M.: Procedura rejestracji użytkowników v1.0.1 (2010)Google Scholar
  22. 22.
    Kuczyński, T., Nowak, T.: Conference i3, badania poziomu bezpieczeństwa portalu dostępowego do infrastruktury PL-Grid (December 2010)Google Scholar
  23. 23.
    McConnell, S.: Code Complete – A Practical Handbook of Software Construction, 2nd edn. Microsoft Press (2004)Google Scholar
  24. 24.
    Meier, J., Mackman, A., Dunner, M., Vasireddy, S., Escamilla, R., Murukan, A.: Improving web application security: Threats and countermeasures. MSDN Magazine (June 2003)Google Scholar
  25. 25.
    Odlyzko, A.: Economics, psychology and sociology of security (2003)Google Scholar
  26. 26.
    United States Government Accountability Office. Information assurance – national partnership offers benefits, but faces considerable challenges. Tech. rep. (March 2006)Google Scholar
  27. 27.
    Open Information Systems Security Group, http://www.oissg.org/issaf/
  28. 28.
    PL-Grid: Introduction to PL-Grid project, http://www.plgrid.pl/en/project/introduction
  29. 29.
    Polish Grid CA (2010), http://www.man.poznan.pl/plgrid-ca/
  30. 30.
  31. 31.
    PricewaterhouseCoopers: Information security breaches survey 2010 – technical report, p. 2, http://www.infosec.co.uk/files/isbs_2010_technical_report_single_pages.pdf
  32. 32.
    National Institute of Standards and Technology: Standards for Security Categorization of Federal Information and Information Systems (February 2004)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Bartłomiej Balcerek
    • 1
  • Gerard Frankowski
    • 2
  • Agnieszka Kwiecień
    • 1
  • Adam Smutnicki
    • 1
  • Marcin Teodorczyk
    • 1
  1. 1.WCSSWrocław University of TechnologyPoland
  2. 2.Poznań Supercomputing and Networking CenterInstitute of Bioorganic Chemistry of the Polish Academy of SciencesPoland

Personalised recommendations