...
- Vendors must be able to control the timing of the data delivery.
- The intranet within the company as well as their connection with the internet can be overwhelmed by these deliveries
- Vendors insist on controlling the exact timing for the electronic data transfers
- Vendors must be able to restart restart an aborted data delivery.
- The internet connection between SLAC and the two vendors is subject to intermittent instability.
- The internet connection to at least one of the vendors is quite slow (100 Mbps)
- The need to restart a large and time-consuming delivery from scratch would cause an unacceptable delay
- Vendors must be able to create, modify, or delete files in their FTP areas
- The transfer buffer must be able to hold multiple data deliveries per vendor, so at least 200 GB
- LSST must do its best to prevent data from Vendor A from being visible to Vendor B, and vice versa
...
- LSST operated advanced FTP service
- vsftp server software: very secure, high performance, restartable transfers, private ftp-only accounts
- installed and running on LSST service VM (VM is "SCS Standard")
- New FTP server is configured to have ownership privs on a single NFS partition: /nfs/farm/g/lsst/u2 (which will be a short-term buffer from which a permanent archive will be made)
- Individual virtual vsftp accounts for Vendors A and B.
...
- Hacking into a vendor account
- Possible consequences
- loss or corruption of vendor data
- use of storage for illicit purposes
- interruption of vendor data deliveries
- load on "u2" server (currently wain006)
- Possible mitigations
- configure vsftpd to recognize only certain IP addresses to log in
- vendors must agree with the level of security and the risk
- monitor disk usage with ganglia and look for abnormalities
- configure vsftpd for secure userid/pwd transfer, e.g., tls
- Possible consequences
- Hacking into the vsftp server
- Is this likely?
- Hacking into the lsstlnx VM
- Independent of vsftp and, therefore, no different from other VMs at SLAC with externally visible ports. Server restricts login to a small set of authorized SLAC users.
Why Existing FTP Service is Unacceptable
...