Versions Compared

Old Version 6

changes.mady.by.user Tony Johnson

Saved on

compared with

New Version 7

changes.mady.by.user Tony Johnson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  • Vendors must be able to control the timing of the data delivery.  
    • The intranet within the company as well as their connection with the internet can be overwhelmed by these deliveries
    • Vendors insist on controlling the exact timing for the electronic data transfers
  • Vendors must be able to restart restart an aborted data delivery.
    • The internet connection between SLAC and the two vendors is subject to intermittent instability.
    • The internet connection to at least one of the vendors is quite slow (100 Mbps)
    • The need to restart a large and time-consuming delivery from scratch would cause an unacceptable delay
  • Vendors must be able to create, modify, or delete files in their FTP areas
  • The transfer buffer must be able to hold multiple data deliveries per vendor, so at least 200 GB
  • LSST must do its best to prevent data from Vendor A from being visible to Vendor B, and vice versa

...

  • LSST operated advanced FTP service
    • vsftp server software: very secure, high performance, restartable transfers, private ftp-only accounts
    • installed and running on LSST service VM (VM is "SCS Standard")
  • New FTP server is configured to have ownership privs on a single NFS partition: /nfs/farm/g/lsst/u2 (which will be a short-term buffer from which a permanent archive will be made)
  • Individual virtual vsftp accounts for Vendors A and B.  

...

  1. Hacking into a vendor account
    1. Possible consequences
      1. loss or corruption of vendor data
      2. use of storage for illicit purposes
      3. interruption of vendor data deliveries
      4. load on "u2" server (currently wain006)
    2. Possible mitigations
      1. configure vsftpd to recognize only certain IP addresses to log in
      2. vendors must agree with the level of security and the risk
      3. monitor disk usage with ganglia and look for abnormalities
      4. configure vsftpd for secure userid/pwd transfer, e.g., tls
  2. Hacking into the vsftp server
    1. Is this likely?
  3. Hacking into the lsstlnx VM
    1. Independent of vsftp and, therefore, no different from other VMs at SLAC with externally visible ports. Server restricts login to a small set of authorized SLAC users.

Why Existing FTP Service is Unacceptable

...