nl There is also a DUTCH VERSION of this site


Search

Most recent articles
Layers in IT security
High performance clusters and grids

All articles

01 Aug - 31 Aug 2006
01 Sep - 30 Sep 2006
01 Oct - 31 Oct 2006
01 Nov - 30 Nov 2006
01 Dec - 31 Dec 2006
01 Jan - 31 Jan 2007
01 Feb - 28 Feb 2007
01 Mar - 31 Mar 2007
01 Apr - 30 Apr 2007
01 May - 31 May 2007
01 Jun - 30 Jun 2007
01 Jul - 31 Jul 2007
01 Aug - 31 Aug 2007
01 Sep - 30 Sep 2007
01 Oct - 31 Oct 2007
01 Nov - 30 Nov 2007
01 Dec - 31 Dec 2007
01 Jan - 31 Jan 2008
01 Feb - 29 Feb 2008
01 Mar - 31 Mar 2008
01 Apr - 30 Apr 2008
01 May - 31 May 2008
01 Jun - 30 Jun 2008
01 Jul - 31 Jul 2008
01 Aug - 31 Aug 2008
01 Sep - 30 Sep 2008
01 Oct - 31 Oct 2008
01 Jan - 31 Jan 2009
01 Apr - 30 Apr 2009
01 Aug - 31 Aug 2009
01 Sep - 30 Sep 2009
01 Dec - 31 Dec 2009
01 Jan - 31 Jan 2010
01 Feb - 28 Feb 2010
01 Mar - 31 Mar 2010
01 Apr - 30 Apr 2010
01 Jun - 30 Jun 2010
01 Jul - 31 Jul 2010
01 Sep - 30 Sep 2010
01 Oct - 31 Oct 2010
01 Nov - 30 Nov 2010
01 Dec - 31 Dec 2010
01 Jan - 31 Jan 2011
01 Feb - 28 Feb 2011
01 Mar - 31 Mar 2011
01 Apr - 30 Apr 2011
01 May - 31 May 2011
01 Jun - 30 Jun 2011
01 Jul - 31 Jul 2011
01 Sep - 30 Sep 2011
01 Oct - 31 Oct 2011
01 Jan - 31 Jan 2012
01 Nov - 30 Nov 2012
01 Dec - 31 Dec 2012
01 May - 31 May 2013
01 Jun - 30 Jun 2013


Recommended

Ruth Malan
Gaudi site
Byelex
XR Magazine
Esther Barthel's site on virtualization



Misc

 
XML: RSS Feed 
XML: Atom Feed 


Layers in IT security

Friday 18 May 2007


A layered security strategy is a good practice to enhance the overall IT security in companies.

The essence of layered security is to implement security measures in different parts of the IT infrastructure.

This approach is comparable with physical security. If a burglar wants to steal money from your house, he has to go over the fence in the garden, than through an closed front door with locks, then he has to find the safe with the money, he has to break it open, get the money and leave the premises. All of this must be done without being seen or heard, and he must not be noticed by anyone during all these steps.

It is obvious why this works so well in daily practice:

  • Many barriers must be crossed (fence, door, safe);
  • Opening every barrier takes different technical skills (climbing over the fence, lockpicking a door with a mechanical lock, opening a safe with a digital lock);
  • The burglar is slowed down by every barrier he tempts to cross, which increased the possibility of detection;
  • The burglar doesn't know in advance how many barriers he has to cross, how much time each barrier takes, and which knowledge is needed for every barrier, which is very demotivating;
  • The chance of getting caught is present in every step;
  • When one barrier is crossed, the security of all other barriers are still intact.

It will be obvious for everyone that this works much better than having one big expensive safe somewhere in a dark forest without taking further measurements.

In IT security this principle works the same (layered security). Instead of having one big firewall and let all your security depend on it, it is better to add several layers. Preferably these layers make use of several different technologies, which makes it harder for hackers to break through all barriers. They will need much knowledge for this.

Every layer can be utilized with an IDS (Intrusion Detection System) or some other measurement to detect break-ins (increase the chance of getting caught). On top of this, more layers introduce uncertainty for the hacker: How many barriers must be passed to get to the data, and how long will this take (demotivation).

If one layer is passed unnoticed, or if one security layer contains a vulnerability (caused by a bug or a mistake in the configuration), the total security is still intact (although with less layers).

A disadvantage of the use of layered security is that the complexity of system management increases. Every security layer must be managed, and administrators must have knowledge about all used technologies.

But as always with security: It costs money and causes inconvenience. But is it always better than having insufficient security.

Some examples of layered security can be found here and here.


High performance clusters and grids

Tuesday 01 May 2007


On operating system level, two cluster architectures exist: High performance clusters and High availability clusters.

Clusters

High performance clusters are meant to create large computing power by combining many computer systems. Usually a large amount of cheap off-the-shelf PC's are used, connected by a high-speed network (gigabit Ethernet of Infiniband). This creates one large supercomputer.

These clusters are used for calculation-intensive systems, like weather prognosis, geological, nuclear of pharmaceutical investigations. The challenge is to have all systems doing useful calculations most of the time, without wasting resources and time communicating to other systems in the cluster.

0n www.top500.org a list of the world's 500 most powerful computers is published. Most of these systems really are clusters, based on a large amount of smaller systems. Many of these systems run Linux. A well-known high-performance open source project for Linux is Beowulf.

Grids

A Grid is a high-performance cluster that consists of systems that are geographically diverse. The limited bandwidth is the bottleneck when architecting grid systems. Therefore, grids can only be used for specific tasks.

The best known (and relatively old) example of a grid  is the SETI@HOME project, where a large amount of PC's of Internet users are searching for extraterrestrial life. These type of grids use the unused computer time of PC's (for instance when the computer is showing it's screensaver). Tasks to be done can be distributed through the Internet and can be calculated on the idle PC's. When a piece of calculation is finished, the result will be sent back via the Internet and a new task can be retrieved.

Applications

A more serious example of a grid is a project that is searching for a cure for cancer or the analyses of the human DNA.

Broker firms exist for commercial exploitation of grids. People can get paid for contributing computer time, and companies can pay money to get computertime on the grid. This way companies can have access to a virtual supercomputer for a relatively small amount of money, and just for the time they need it.

Security

An important subject of grids architecture is their security. PC's running calculations should be sufficiently secured against illegal use by third parties. Also, data that is sent through the grid should not be altered and the grid infrastructure must be sure the PC's calculate their tasks as expected. Much work in this field must be done, as grids are a relatively new technology.



More articles: See left pane.
 
About Sjaak Laan

Sjaak Laan

Sjaak Laan (1964) is married with 3 children. He lives in Drachten in The Netherlands. He works as Principal IT Architect for CGI and has more than twenty-five years of IT experience. More information can be found on his Linkedin profile.

My book

More information on ordering the book can be found here.

Some course material can be found here.


 
Contact

I can be reached through sjaak.laan [ a t ] gmail [dot] com.

Follow me on social media
Twitter LinkedIn Facebook RSS

This site states my opinion only, and not nessecarily the opinion of my employer or of the clients I work for.

The postings on this site are my opinions and do not necessarily represent CGI’s strategies, views or opinions.

 

Copyright Sjaak Laan