Slashdot Mirror

← Back to Stories (view on slashdot.org)

GGF and Grid Security

Posted by Hemos on from the watching-the-machines-that-watch-us dept.

An anonymous reader writes "Things are changing fast in the grid community. Our communication networks connect millions of systems and billions of individuals on the planet. These myriad systems, and the data they contain, present juicy targets for those who want to steal, damage, corrupt, or otherwise gain unlawful access to those systems."

16 of 82 comments (clear)

  1. It has been some time........ by MrIrwin · · Score: 4, Insightful
    That banking systems have been computerized, and quite a few years that they make extensive use of communications.

    There are ways to protect sensitive data, such as using VPN's rather than the internet for e.g. Doctors accessing hospital records, grid computing etc. Doing everything on the open internet is neither necessary nor desirable.

    I think our software deployment capability exceeds our network architecture design capability.

    --

    And if you thought that was boring you obviously havn't read my Journal ;-)

    1. Re:It has been some time........ by millahtime · · Score: 3, Informative

      The Military has also been doing it for some time. To communicate with subcontractors, to communicate with it's other sites. They are another big organization that has been doing it for many years.

      --
      Evolution or ID?
    2. Re:It has been some time........ by AllanLembo · · Score: 2, Funny

      ...such as using VPN's rather than the internet...

      Would that not be a just a PN?

  2. Social Engineering? by baudilus · · Score: 5, Insightful

    The most secure system int he world won't protect you if your employees aren't trained on how to prevent social engineers from bypassing their security systems anyway. Why spend countless hours trying to hack passwords when you can pretend to be an employee and ask for the info outright? Just take a look at The Art of Deception by Kevin Mitnick. What a great book...

    1. Re:Social Engineering? by JimboOmega · · Score: 5, Interesting

      Well, there's two ways to look at this:

      I have found that almost every place I've worked, bypassing security is a joke. I mean, think about it. How many times have people "swiped you in", or what have you, when you forgot your badge? Even without really knowing you? And if you should have a fake badge that just "isn't working", you're in like Flynn. For me, the only exception was where they kept actual classified data. It would take some amount of serious spying (e.g., returning on multiple days, shoulder surfing, maybe even key swiping) to get in. But the fact is, most people just won't assume that you're doing something evil. So... easy! Far easier than trying to crack the software and such, if you ask me. And that's as an introverted geek. (on the flip side, I'm also "unassuming"; I don't look like I have a hidden agenda.

      Of course, the other side is that, hey, why don't we use computers to see what remains unseen by people? They're better at spotting "suspicious" behavior anyway. And if people actually were willing to accept that the computer IS right and the policy that so-and-so can't get in without a badge must be enforced... you could have a very secure system.

      For instance, take protecting classified data. If you're generic spy X, you're gonna want to sit down, and just start copying all that stuff on to the nearest media you can find. That kind of behavior is almost always not what a regular person would do...
      There are all sorts of patterns which can register as suspicious. Most security systems are smart enough to note these things, and alert people who, I would assume, should always be the second check on such a system, because some people are just eccentric.

      (I at one point was designing a security control system, and my boss was always asking me to add such things. It's amazing, but pretty obvious. If somebody needs to get a new password every other day, something is probably wrong. If somebody brand new is supposed to be given full access to every system in the place (happened! Managers just found it easier to check every box!), something is wrong).

      Anyway, that's just my $.02

  3. What is the grid community? by Bobdoer · · Score: 3, Interesting

    What exactly are they, and why is breaking into their systems any worse that breaking into a normal system?

    --
    EVERYDAY IS CATURDAY
  4. Security challenges with grid computing by drkhwk82 · · Score: 5, Interesting

    First there are resource allocation problems. The OS has to provide a sandbox with strict limits on all resources: memory, filesystem, and networking, as well as CPU time. It's fine with me if the "background compute demon" takes 25% of my processor but I don't want to take more than 10% of my memory.

    Then there's the security issue.

    But I see another problem which is even harder to solve: the tragedy of the commons. Consider a university campus, and suppose that anyone on campus can submit jobs to the Campus Grid. You come in the next morning and see that there are 10000 jobs in your grid queue, and 9800 of them are encoding random people's MP3's.

    The problem is that if you give free resources to a large anonymous community, it takes only a few of those people to suck up all the resources. So you need some way of identifying everyone who submits a job, and some way of charging for the jobs.

    1. Re:Security challenges with grid computing by acshelp · · Score: 2, Interesting

      sounds like a job for the Slashdot Karma System. Mod up interesting projects and give them prescenence over less modded ones. Hilarity ensues

    2. Re:Security challenges with grid computing by Xpilot · · Score: 2, Informative

      The problem is that if you give free resources to a large anonymous community, it takes only a few of those people to suck up all the resources.

      That's why the people who are developing big grid projects are not giving free resources to anonymous users. These grids are the combined resources of all all the colloborators, and have controlled access to the resource pool.

      --
      "Backups are for wimps. Real men upload their data to an FTP site and have everyone else mirror it." -- Linus Torvalds
  5. HIPPA security by StacyWebb · · Score: 2, Interesting

    The government has actually taken a proactive role in network security with the implementation of the HIPPA act. This has been a blessing in disguise for network admins who have stessed security on their local grids. This act put into law guidelines for securing electronic transmission patient information. Going more indepth with how the information is actually retained within the system (not just the output). For the network admins this act also gave them the flexibility for instating secuity measures that the management may have deemed not revelant earlier.

    --
    A bunch of Tech Stuff
  6. Jane... by Cyclopedian · · Score: 2, Insightful

    In such a vast network of billions upon billions of bits, all interconnected, would we see an AI emerge such as Jane in Orson Scott Card's Ender Series?

    I wonder what that AI would do upon emerging? Lurk around in silence? Help or harm the human race? Would it develop its own set of laws?

    Or maybe it'll end up being another ELIZA chatbot.

    "What about clueless make you want beer drown?"

    -Cyc

    --
    /.'s 10 Millionth
    1. Re:Jane... by Planesdragon · · Score: 4, Insightful

      In such a vast network of billions upon billions of bits, all interconnected, would we see an AI emerge such as Jane in Orson Scott Card's Ender Series?

      No.

      What we would need for accidental AI evolution is a sufficiently large system with not only billions and billions of bits, but the ability for each individual node in that system to modify the nodes around it.

      The internet will actually be useful for EVERYTHING far before it ever sprouts an AI.

  7. Mod parent up - there is no "grid computing" by Animats · · Score: 3, Insightful
    Is there a "grid community"? So far, "grid computing" seems to be mostly hype by people desperate to develop a new revenue stream. There are few, if any, real buyers of "grid computing" service.

    When you look at case studies of commercial "grid computing", what they're really talking about are dedicated clusters of machines. This is just clustering.

    If "grid computing" were saleable, ISPs would be offering off-peak compute time on their server farms, and people would be buying it. They're not.

    It's time sharing, people. And time sharing is dead.

    1. Re:Mod parent up - there is no "grid computing" by rpeppe · · Score: 2, Informative
      I agree there's loads of hype around grid computing, but I think there are some interesting problems there. It's not really the same as dedicated clustering, because often (usually?) the cluster is not dedicated. A "grid network" often consists of a scattered set of heterogeneous machines over multiple networks, controlled by many people.

      The real task is to transform that sprawling, unreliable beast into something that provides some sort of useful, dependable resource. Machines will be switched off, programs will crash or hang unexpectedly, people will write malicious apps, and through all of that, there is still the possibility of getting some useful work done.

      In my personal view, the real failing of the "Grid Computing community" is to try to solve too many problems at once. But what the heck, it gets lots of papers published.

      If "grid computing" were saleable, ISPs would be offering off-peak compute time on their server farms, and people would be buying it. They're not.

      Most people don't have problems that are suitable for grid compute-farm processing, particularly over WANs. Most companies that do have such problems wouldn't want to make the data that's being processed available to arbitrary client nodes. Neither of these things mean that grid computing is dead.

  8. What use is security when you have an open invite? by Anonymous Coward · · Score: 3, Insightful

    There can't be real security if people openly allow access to data on their devices.
    Poor GUI design, insecure appliction defaults and lack of awareness by users all contribute to poor security.

    For example just do a search for boot.ini or inbox.dbx on any p2p program to get an idea of just how many open boxes are out there.

  9. Looks like I was right... by Ratfactor · · Score: 4, Funny

    All this time I've been saying that the GGF (AuthZ-WG, OGSA-SEC [WS-SEC], CAOPS-WG [CP/CPS with CA], OGSA-AUTHZ [PERMIS, CAS, VOMS...], SA3-RG, ARRG-RG [X.509, SAML...]) needs to address OGSA, OGSI, and WSRF problems with PKI-based security!

    Yup, you know it!