Yves Coppens wrote:
> I would like to know which legal safeguards are in place to protect
> system administrators who are strongly against the deployment of a grid
Why aren't we all running OpenBSD for a higher level of assurance
against unauthorized use? Of course there are security holes in the
software you have deployed now, both for internal users and for external
"hackers" to exploit, but we just don't know about them. There are
probably far more potential exploits in the gigabytes of "standard"
software you have installed (and far more hackers working to find them)
than in the EGEE software.
If you don't want external users having general access to your systems
then you probably should not be involved in grid computing, at least not
Internet-connected grid sites (Grid5000 runs a private network, and I
think TeraGrid is also "disconnected" from the Internet). Since the
decision to connect a computing centre to a grid is usually taken by
some senior administrator(s), the sys-admin surely is only responsible
for setting up the grid connection to the best of their ability with the
tools they have been provided.
I read a security article in iSGTW which made some comment about grids
not being an interesting target for hackers. What a way to invite doom.
Of course there will be big security incidents on the grid. Someone's
local account will be compromised, a root kit will give root access, a
keyboard sniffer will reveal a passphrase, and the hacker will quietly
repeat this process on the grid (if they are clever with globus-job-run
to avoid the "obvious" accounting channels) to then harvest proxies.
More likely than not this will come from some "conventional" weakness in
a well known component with a standard root kit. I would be surprised
if a malicious hacker took the time to review the EGEE-specific code for
exploits.
Cheers,
Ian
--
Ian Stokes-Rees [log in to unmask]
Particle Physics, Oxford http://grid.physics.ox.ac.uk/~stokes
|