[ISN] Guarding the Grid

[InfoSec News]

http://www.computerworld.com/securitytopics/security/story/0,10801,97815,00.html

by Jaikumar Vijayan 
NOVEMBER 29, 2004 
COMPUTERWORLD

Deploying a grid infrastructure can help companies dramatically
improve hardware utilization rates and boost computing power. But the
massive resource aggregation and wider end-user access enabled by
grids also have the potential to magnify security risks, implementers
say.

As a result, companies that are implementing grid technologies need to
pay special attention to issues such as user authentication,
authorization and access control, as well as auditing and data
integrity -- both when data is in storage and while it's in transit.

Ensuring that adequate measures are in place for responding to the
effects of worms and viruses, which can be amplified in a grid setup,
is also crucial in grid computing, IT managers say.

Most of the problems that users have to deal with in a grid
environment are similar to the ones they face in nongrid environments,
says John Hurley, senior manager for distributed software and systems
integration at The Boeing Co.'s mathematics and computing technology
group in Seattle. "But [they] take on much greater significance in a
grid environment because of the fundamental premise of grids --
access, sharing and collaborative computing," he notes.

Grid computing creates the "potential for gateways into an
environment" where none existed before, says Hurley.


More Power, More Risk

A grid installation harnesses the combined power of numerous servers
and PCs to run applications and services as one large system. Grids
have been used for years to run compute-intensive applications in
academic and research organizations. The improved resource utilization
and power delivered by grids have also begun to attract the attention
of corporate America. A survey of 550 database professionals, released
in January by Santa Cruz, Calif.-based Evans Data Corp., showed that
one in five companies is planning to deploy grids during the next two
years.

The potential severity of grid-related security problems depends
largely on the context in which grids are being used, says Dane Skow,
deputy computer security executive at the Fermi National Accelerator
Laboratory in Batavia, Ill. "When you talk to people about grids, they
have different scenarios in mind -- everything from clusters in the
same room run by the same infrastructure team to global
power-grid-like infrastructures," says Skow.

Research grids, for instance, typically provide access to users from
multiple organizations and security domains. Fermi operates a grid for
high-energy physics applications that's accessed by more than 5,000
users in some 80 organizations -- several of which are in Europe.

User access, authentication and authorization in such an environment
can be a big challenge, given the fact that there's no single identity
authority, says Skow, who is also part of the security group at the
Global Grid Forum, a Lemont, Ill.-based organization with members from
more than 400 vendors and user companies.

In contrast, a grid being run by a private-sector company typically
uses internal resources and is accessed by users whose identities are
already stored in an internal directory. As a result, it's easier to
get a grip on identity management in a company grid than it is with
grids in a research setting, Skow says.


Central Management Needed

Regardless of the manner in which grids are being used, there is "more
of a requirement for a centrally managed ID infrastructure, whether it
is PKI-based or Kerberos-based," says Clifford Neuman, associate
director at the University of Southern California's Information
Sciences Institute in Marina del Rey, Calif.

What's also required is a way to authenticate the clients and servers
that are attached in a grid configuration, he notes. Because of the
wider access enabled in a grid environment, it becomes crucial to
ensure that data flowing through the network comes from a trusted
source and not an imposter.

There are several methods currently available to do this, Neuman says.  
In a public-key infrastructure environment, for instance, servers and
clients could mutually authenticate each other using digital
certificates issued by a trusted authority. In a Kerberos setup, the
same thing could be accomplished via encrypted keys stored in advance
on a Kerberos authentication server, he suggests. Other methods
include the use of Secure Sockets Layer technology to authenticate
servers by clients before starting an encrypted session.

Companies that are deploying grids also must protect data during
transmission on the network via encryption, says Jikku Venkat, chief
technology officer at United Devices Inc., an Austin-based vendor of
technologies for aggregating computing resources into clusters and
grids. In addition, companies must put mechanisms in place to
guarantee that the data isn't tampered with in any manner while it
traverses the grid, according to Venkat.

Both measures are needed because anyone connected to the grid could
access, modify or delete data flowing through it, either accidentally
or maliciously, Venkat says.

United Devices attaches checksums to data before it's encrypted and
then verifies that the checksum is the same when the message is being
decrypted to ensure that nothing has been tampered with, Venkat
explains. "We also recommend that only digitally signed code modules
are permitted on a grid. If it is not signed, don't run it on a grid,"  
he says.

There are also certain security concerns that get "amplified" in grid
architectures, says Lee Cooper, chairman of the Enterprise Grid
Alliance, a San Ramon, Calif.-based consortium of vendors and users.

One obvious example is the threat from worms and viruses. The same
highly automated and efficient manner in which resources are allocated
on a grid could be used by a malicious attacker to his advantage,
Hurley warns. As a result, "keeping all grid resources fully patched
and configured securely begs for some sort of centralized solution,"  
Cooper says.

Good incident-response mechanisms should help minimize the impact of
such attacks in case one occurs, Hurley says.


Careful With Policies

Another crucial area with security implications is policy
reconciliation on a grid, according to Skow.

Because grids can run different applications at different times,
companies should have a clear understanding of the various policies --
such as user access restrictions or the authentication requirements --
that are attached to each application, Skow says.

"There needs to be some consistent and congruent way to mediate those
rules. And it has to be done in a very significant way" before
companies can take full advantage of grids, Hurley says.

Addressing grid security may not involve new technologies, but because
of the increased potential vulnerability, protective measures become
more urgent.

Grid architectures in the enterprise face the same security issues
that one sees in a nongrid environment, so "clearly, these need to be
addressed," Cooper points out.

But, he adds, "the same tools and technologies that are used today to
secure storage, computing and network resources all apply in a grid
architecture."