Firewalls and the Campus Grid: an Overview Bruce Beckles University of Cambridge Computing Service Overview • Understanding firewalls: – Purpose of firewalls – Dealing with firewall administrators – Firewall issues (for grids) • Firewalls and the Campus Grid: – – – – Designing Campus Grid appropriately Typical firewall deployments Effects on the Campus Grid Mitigating these effects Understanding firewalls (1) • Why does my institution, division, etc. have one or more firewalls? – Understanding the reasons for your institution / divisions are crucial to making your Campus Grid work – It is not there just to make your life difficult! – If you think it is: adjust your attitude or the whole project is probably doomed, and will certainly be very painful for all concerned – Talk to your firewall administrator(s), IT security team and network administrator(s) and ask them: • They may have forgotten, in which case it is probably time for it to be reviewed anyway… Understanding firewalls (2) • Purpose of firewalls: – To protect networked machines (“assets”) …from particular kinds of danger (“threats”) – Prevent unwanted traffic (e.g. stopping users accessing prohibited sites) – Monitor network traffic – Control network flows: • Ensure Quality of Service (QoS) • Provide network “choke points” • Segregate the network Dealing with firewall administrators • Determine your firewall administrator’s threatasset model: – How does the Campus Grid relate to this model? – Will the Campus Grid “break” this model? (Probably!) – If so, adopt a collaborative approach: what can we do to address this? How should I design my Campus Grid to satisfy your (entirely legitimate) security and network concerns? • Consider the firewall to be part of your infrastructure: – …So it is in your interest that it is properly maintained – Is it adequate for the job? Perhaps it need upgrading…? – Consider spending some of your infrastructure budget for the Campus Grid on it Firewall issues • Problems firewalls cause for grids: – Communication problems – may prevent: • Bi-directional traffic (e.g. outgoing connections only) • Particular network protocols (e.g. UDP) • Traffic from particular places (e.g. from outside the institution; from the DMZ, particular divisions, etc.) • Traffic to particular places (e.g. to machines in the institution deemed particularly vulnerable) • Use of certain port ranges (e.g. blocking all ports except those used by certain applications) – Restrict network bandwidth: • By design to ensure other users of the network have adequate bandwidth (QoS, etc) • As a consequence of being unable to cope with the volumes of traffic generated by grids Designing for firewalls • Basic rule of thumb: “Work with the firewall, not against it” • Andrew will talk more about this in the next talk Typical Firewall Deployments • Institutional firewall: – Around perimeter of institution – May have a de-militarised zone (DMZ) – Protect the institution from the world, but not from itself • Divisional firewalls: – Around the perimeter of divisions (departments, research groups, etc.) within the institution – Protect the divisions from each other as well as from the rest of the world – (May also have their own DMZs) • No firewall: – IT security staff use other methods to protect the institution (e.g. enforced security policies) Effects on Campus Grid • Institutional firewall: – No problem on the Campus Grid itself – May be problems with external access • Divisional firewalls: – Major problems for the Campus Grid unless no part of it crosses a divisional firewall boundary – …but even then there still may be problems with access across the divisional firewalls • No firewall: – No problem but take extra care to ensure security of Campus Grid – Do not deploy a firewall just to secure the Campus Grid if local IT staff do not have firewall experience! Institutional firewalls • Design your Campus Grid to be contained by the firewall • Provide external access, if any, via a small number of “gateway” machines (ideally one) using as restrictive a range of ports and protocols as possible – Consider tunnelling external grid jobs through the firewall to the gateway • Secure these gateways: – – – – Make them as secure as you possibly can Use strong authentication for external users …and their machines as well (if you can) Audit regularly! Divisional firewalls • Design your Campus Grid to be cross as few divisional firewall boundaries as possible • Where it crosses divisional firewalls, consider: – Tunnelling internal Campus Grid traffic through these firewalls – Using Virtual LANs (VLANs) – Centralising job submission: then only have to get traffic from a small number of machines (perhaps only one) across the firewall boundaries – Use a gateway strategy between divisions analogous to that described for institutional firewalls • Review security implications with all the firewall administrators and with IT security staff No firewall • No protection available from any firewalls so must make absolutely certain that individual nodes of the Campus Grid are as secure as possible: – Individual nodes must be able to identify both where grid traffic actually originates and the user to which the traffic is related and be assured that such identification is correct – See my later talk on local security issues • But don’t deploy a firewall to “protect” the Campus Grid unless your IT staff can support it! Questions?