Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security The Internet

GGF and Grid Security 82

An anonymous reader writes "Things are changing fast in the grid community. Our communication networks connect millions of systems and billions of individuals on the planet. These myriad systems, and the data they contain, present juicy targets for those who want to steal, damage, corrupt, or otherwise gain unlawful access to those systems."
This discussion has been archived. No new comments can be posted.

GGF and Grid Security

Comments Filter:
  • by MrIrwin ( 761231 ) on Monday May 17, 2004 @11:42AM (#9174363) Journal
    That banking systems have been computerized, and quite a few years that they make extensive use of communications.

    There are ways to protect sensitive data, such as using VPN's rather than the internet for e.g. Doctors accessing hospital records, grid computing etc. Doing everything on the open internet is neither necessary nor desirable.

    I think our software deployment capability exceeds our network architecture design capability.

  • by baudilus ( 665036 ) on Monday May 17, 2004 @11:54AM (#9174456)
    The most secure system int he world won't protect you if your employees aren't trained on how to prevent social engineers from bypassing their security systems anyway. Why spend countless hours trying to hack passwords when you can pretend to be an employee and ask for the info outright? Just take a look at The Art of Deception [amazon.com] by Kevin Mitnick. What a great book...
    • I do agree about this. Social engineering is WAY easier than actual cracking, but it requires a certain degree in sociopathy, which many people don't have. The skill of fast-talking.
    • by JimboOmega ( 112678 ) on Monday May 17, 2004 @12:53PM (#9175039)
      Well, there's two ways to look at this:

      I have found that almost every place I've worked, bypassing security is a joke. I mean, think about it. How many times have people "swiped you in", or what have you, when you forgot your badge? Even without really knowing you? And if you should have a fake badge that just "isn't working", you're in like Flynn. For me, the only exception was where they kept actual classified data. It would take some amount of serious spying (e.g., returning on multiple days, shoulder surfing, maybe even key swiping) to get in. But the fact is, most people just won't assume that you're doing something evil. So... easy! Far easier than trying to crack the software and such, if you ask me. And that's as an introverted geek. (on the flip side, I'm also "unassuming"; I don't look like I have a hidden agenda.

      Of course, the other side is that, hey, why don't we use computers to see what remains unseen by people? They're better at spotting "suspicious" behavior anyway. And if people actually were willing to accept that the computer IS right and the policy that so-and-so can't get in without a badge must be enforced... you could have a very secure system.

      For instance, take protecting classified data. If you're generic spy X, you're gonna want to sit down, and just start copying all that stuff on to the nearest media you can find. That kind of behavior is almost always not what a regular person would do...
      There are all sorts of patterns which can register as suspicious. Most security systems are smart enough to note these things, and alert people who, I would assume, should always be the second check on such a system, because some people are just eccentric.

      (I at one point was designing a security control system, and my boss was always asking me to add such things. It's amazing, but pretty obvious. If somebody needs to get a new password every other day, something is probably wrong. If somebody brand new is supposed to be given full access to every system in the place (happened! Managers just found it easier to check every box!), something is wrong).

      Anyway, that's just my $.02
      • For instance, take protecting classified data. If you're generic spy X, you're gonna want to sit down, and just start copying all that stuff on to the nearest media you can find. That kind of behavior is almost always not what a regular person would do...

        Which is why non-generic spy Y or cyborg spy Z have photographic memories- so that they can look just like a normal person while copying any data they come across in the course of a normal job based search into whatever storage media they already have ins
  • physical security (Score:1, Interesting)

    by Anonymous Coward
    didn't an ISP in NY or something have a room compromised, and 3 T1/T3 cards or something stolen?
  • by Bobdoer ( 727516 ) on Monday May 17, 2004 @12:01PM (#9174519) Homepage Journal
    What exactly are they, and why is breaking into their systems any worse that breaking into a normal system?
    • by Animats ( 122034 ) on Monday May 17, 2004 @12:25PM (#9174773) Homepage
      Is there a "grid community"? So far, "grid computing" seems to be mostly hype by people desperate to develop a new revenue stream. There are few, if any, real buyers of "grid computing" service.

      When you look at case studies [boic.com] of commercial "grid computing", what they're really talking about are dedicated clusters of machines. This is just clustering.

      If "grid computing" were saleable, ISPs would be offering off-peak compute time on their server farms, and people would be buying it. They're not.

      It's time sharing, people. And time sharing is dead.

      • I agree there's loads of hype around grid computing, but I think there are some interesting problems there. It's not really the same as dedicated clustering, because often (usually?) the cluster is not dedicated. A "grid network" often consists of a scattered set of heterogeneous machines over multiple networks, controlled by many people.

        The real task is to transform that sprawling, unreliable beast into something that provides some sort of useful, dependable resource. Machines will be switched off, progr

      • The grid community is more or less just high energy physicists (I am one but not involved directly in GRID). Due to our setup, (lots of different universities in different countries working on central experiment) it means that our systems are spread across the the world. We needed some way to transfer the data around to different machines so we helped develop/create the internet. Now the next logical step for us is to develop a means to take advantage of all those machines which belong to use accross the wo
      • Grid infrastructure is not just about compute time. It will also attempt to deal with the predicted "data deluge" in the various sciences (chiefly high energy physics, but genetics are also a big producer of data). Storage requirements will increase much faster than the media technology, meaning that new distributed systems will have to be developed to store and access this in a useful way.

        Anyway, you can't expect this to leap straight from research papers into commercially viable systems right away. Reme

      • First, I'm a co-chair of a working group in the Global Grid Forum [ggf.org]. Also, I'll be speaking about Grid (In-)security at this summer's 2600 conference [the-fifth-hope.net]. At the outset, you are right to be skeptical of the power of Grid computing, and the extent to which it's different from other existing models (clustering, time sharing, distributed).

        "Grid" as a concept is mostly just a buzzword. Oracle10g is a good example.

        But Grid as a standard (under development by the GGF, OASIS and others) is something a lot more sp

        • Could tell me what is the point of "web services"? To a naive outsider, they look amazingly complex (XML Schema, anyone?) for what they give you. I'm sure I must have overlooked some vital aspect of the whole WS thing, because for the life of me I can't work out what all the fuss is about. To me, they seem like a strange thing to base a whole infrastructure around.
          • Yours is a great question! Here's an article [computerworld.com] that basically says there is no simple definition.

            The simplest I can make it is that Web services, as compared to "standard" Web pages, adds interoperability. This means that programs can actually operate with each other over the Internet. There are some other ways this can happen (distributed computing; cluster/parallel software like MPI), but Web services probably offers a more general-purpose framework. The trade-off is that WS are complex, and even dec
            • Interesting article, thanks. My favourite quote from it:

              ...low technical barriers to entry...

              I had to laugh. Web services are so ludicrously complex that unless you use loads of existing (complex and platform-specific) software, the technical barriers to entry are remarkably high! I've implemented some web services stuff from scratch, and it's really not easy at all. The WSDL standard drags in many other standards.

              Just for a laugh, I started to try to enumerate the standards referred to, directly and in

    • What exactly are they,

      Distributed groups of computers working together.

      and why is breaking into their systems any worse that breaking into a normal system?

      They have lots and lots of resources. In the same way a T1 connected Xeon server is a more attractive target than my pII with 56k dialup grid systems are much more attractive targets than almost anything else out there.

    • To answer your first question: the grid community exists through several forums and consortiums [computer.org].

      Now, question 2: The machines in today's grid testbeds are typically just cloned machines so if they get compromised they're easy enough to purge.

      The risks are many. Should such a powerful system become compromised at a high enough level (through a social or technical attack), then the potential for a brute force attack on other cryptographically secured systems is high.

      Also, due to the "webs of trust" that

    • The GRID community [old-computers.com] is long dead. Deal with it.

      Time to move on.
  • yea... how many have relevant infrastructure...
  • by drkhwk82 ( 202181 ) on Monday May 17, 2004 @12:02PM (#9174530)
    First there are resource allocation problems. The OS has to provide a sandbox with strict limits on all resources: memory, filesystem, and networking, as well as CPU time. It's fine with me if the "background compute demon" takes 25% of my processor but I don't want to take more than 10% of my memory.

    Then there's the security issue.

    But I see another problem which is even harder to solve: the tragedy of the commons. Consider a university campus, and suppose that anyone on campus can submit jobs to the Campus Grid. You come in the next morning and see that there are 10000 jobs in your grid queue, and 9800 of them are encoding random people's MP3's.

    The problem is that if you give free resources to a large anonymous community, it takes only a few of those people to suck up all the resources. So you need some way of identifying everyone who submits a job, and some way of charging for the jobs.
    • sounds like a job for the Slashdot Karma System. Mod up interesting projects and give them prescenence over less modded ones. Hilarity ensues
    • The problem is that if you give free resources to a large anonymous community, it takes only a few of those people to suck up all the resources.

      That's why the people who are developing big grid projects are not giving free resources to anonymous users. These grids are the combined resources of all all the colloborators, and have controlled access to the resource pool.

  • HIPPA security (Score:2, Interesting)

    by StacyWebb ( 780561 )
    The government has actually taken a proactive role in network security with the implementation of the HIPPA act. This has been a blessing in disguise for network admins who have stessed security on their local grids. This act put into law guidelines for securing electronic transmission patient information. Going more indepth with how the information is actually retained within the system (not just the output). For the network admins this act also gave them the flexibility for instating secuity measures that
  • Jane... (Score:3, Insightful)

    by Cyclopedian ( 163375 ) on Monday May 17, 2004 @12:19PM (#9174730) Journal
    In such a vast network of billions upon billions of bits, all interconnected, would we see an AI emerge such as Jane in Orson Scott Card's Ender Series?

    I wonder what that AI would do upon emerging? Lurk around in silence? Help or harm the human race? Would it develop its own set of laws?

    Or maybe it'll end up being another ELIZA chatbot.

    "What about clueless make you want beer drown?"

    -Cyc
    • Re:Jane... (Score:5, Insightful)

      by Planesdragon ( 210349 ) <slashdot&castlesteelstone,us> on Monday May 17, 2004 @12:27PM (#9174792) Homepage Journal
      In such a vast network of billions upon billions of bits, all interconnected, would we see an AI emerge such as Jane in Orson Scott Card's Ender Series?

      No.

      What we would need for accidental AI evolution is a sufficiently large system with not only billions and billions of bits, but the ability for each individual node in that system to modify the nodes around it.

      The internet will actually be useful for EVERYTHING far before it ever sprouts an AI.
      • oh, you mean like the various MS worms?
      • Warning: geeky nitpicking follows.

        A fascinating idea of course but to be clear Card had a definite notion of soul. The network did not become aware by itself but the Buggers actually took a conscious from the ether and placed in the network in the same way they did with new queens. They did this in hope of contacting ender through the game he played in the battle school and eventually the conscious evolved to utilize the ancible to create a large galactic AI. Card did not see grid computing (on a planeta
    • If the past decade or so of web experience is any teacher, the first thing Jane would do is ask for your credit card number.
  • How, in this day and age, does Cisco leave sensitive information like their network OS source code on a computer/grid that is accessible from the outside internet?

    • Because this is the same company that sold hardware comprising the backbone of the Internet but was full of H.323, BGP, SNMP, and TCP flaws. Such flawed implementations led to dozens of different exploits being circulated. But they were able to stay ahead of the 8 ball and release patches JIT every time around.
  • by Anonymous Coward on Monday May 17, 2004 @12:34PM (#9174861)
    There can't be real security if people openly allow access to data on their devices.
    Poor GUI design, insecure appliction defaults and lack of awareness by users all contribute to poor security.

    For example just do a search for boot.ini or inbox.dbx on any p2p program to get an idea of just how many open boxes are out there.
  • Plan 9 (Score:1, Interesting)

    by Anonymous Coward
    Plan 9 is a great OS to use for gridding and provides extensive security.
    • Actually in my (admittedly biased) opinion, Inferno is better than plan 9 for this, as it can run under existing systems (e.g. Linux & Windows), and the authentication model is peer-to-peer (no auth server bottleneck). I do use Plan 9 on my desktop, but one can use Inferno with little effort to leverage the power of existing networks of computers which one would perhaps be unwilling to switch over to running Plan 9.
  • by Ratfactor ( 15886 ) on Monday May 17, 2004 @01:04PM (#9175154) Journal
    All this time I've been saying that the GGF (AuthZ-WG, OGSA-SEC [WS-SEC], CAOPS-WG [CP/CPS with CA], OGSA-AUTHZ [PERMIS, CAS, VOMS...], SA3-RG, ARRG-RG [X.509, SAML...]) needs to address OGSA, OGSI, and WSRF problems with PKI-based security!

    Yup, you know it!
  • My primer on distriuted computing [bacchae.co.uk] includes a shed load of tips for dealing with parasites, spoiler attacks and innocent errors.

If you aren't rich you should always look useful. -- Louis-Ferdinand Celine

Working...