Firewalls andthe Campus Grid:

an Overview

Bruce BecklesUniversity of Cambridge Computing

Service

Overview• Understanding firewalls:

– Purpose of firewalls– Dealing with firewall administrators– Firewall issues (for grids)

• Firewalls and the Campus Grid:– Designing Campus Grid appropriately– Typical firewall deployments– Effects on the Campus Grid– Mitigating these effects

Understanding firewalls (1)

• Why does my institution, division, etc. have one or more firewalls?– Understanding the reasons for your institution /

divisions are crucial to making your Campus Grid work

– It is not there just to make your life difficult!– If you think it is: adjust your attitude or the

whole project is probably doomed, and will certainly be very painful for all concerned

– Talk to your firewall administrator(s), IT security team and network administrator(s) and ask them:

• They may have forgotten, in which case it is probably time for it to be reviewed anyway…

Understanding firewalls (2)

• Purpose of firewalls:– To protect networked machines (“assets”)…from particular kinds of danger

(“threats”)– Prevent unwanted traffic (e.g. stopping

users accessing prohibited sites)– Monitor network traffic– Control network flows:

• Ensure Quality of Service (QoS)• Provide network “choke points”• Segregate the network

Dealing with firewall administrators

• Determine your firewall administrator’s threat-asset model:– How does the Campus Grid relate to this model?– Will the Campus Grid “break” this model? (Probably!)– If so, adopt a collaborative approach: what can we do to

address this? How should I design my Campus Grid to satisfy your (entirely legitimate) security and network concerns?

• Consider the firewall to be part of your infrastructure:– …So it is in your interest that it is properly maintained– Is it adequate for the job? Perhaps it need upgrading…?– Consider spending some of your infrastructure budget for the

Campus Grid on it

Firewall issues• Problems firewalls cause for grids:

– Communication problems – may prevent:• Bi-directional traffic (e.g. outgoing connections only)• Particular network protocols (e.g. UDP)• Traffic from particular places (e.g. from outside the

institution; from the DMZ, particular divisions, etc.)• Traffic to particular places (e.g. to machines in the

institution deemed particularly vulnerable)• Use of certain port ranges (e.g. blocking all ports except

those used by certain applications)

– Restrict network bandwidth:• By design to ensure other users of the network have

adequate bandwidth (QoS, etc)• As a consequence of being unable to cope with the

volumes of traffic generated by grids

Designing for firewalls

• Basic rule of thumb:

“Work with the firewall, not against it”

• Andrew will talk more about this in the next talk

Typical Firewall Deployments

• Institutional firewall:– Around perimeter of institution– May have a de-militarised zone (DMZ)– Protect the institution from the world, but not from

itself

• Divisional firewalls:– Around the perimeter of divisions (departments,

research groups, etc.) within the institution– Protect the divisions from each other as well as from

the rest of the world– (May also have their own DMZs)

• No firewall:– IT security staff use other methods to protect the

institution (e.g. enforced security policies)

Effects on Campus Grid• Institutional firewall:

– No problem on the Campus Grid itself– May be problems with external access

• Divisional firewalls:– Major problems for the Campus Grid unless no part of

it crosses a divisional firewall boundary– …but even then there still may be problems with

access across the divisional firewalls

• No firewall:– No problem but take extra care to ensure security of

Campus Grid– Do not deploy a firewall just to secure the Campus

Grid if local IT staff do not have firewall experience!

Institutional firewalls• Design your Campus Grid to be contained by

the firewall• Provide external access, if any, via a small

number of “gateway” machines (ideally one) using as restrictive a range of ports and protocols as possible– Consider tunnelling external grid jobs through

the firewall to the gateway

• Secure these gateways:– Make them as secure as you possibly can– Use strong authentication for external users– …and their machines as well (if you can)– Audit regularly!

Divisional firewalls• Design your Campus Grid to be cross as few

divisional firewall boundaries as possible• Where it crosses divisional firewalls, consider:

– Tunnelling internal Campus Grid traffic through these firewalls

– Using Virtual LANs (VLANs)– Centralising job submission: then only have to get

traffic from a small number of machines (perhaps only one) across the firewall boundaries

– Use a gateway strategy between divisions analogous to that described for institutional firewalls

• Review security implications with all the firewall administrators and with IT security staff

No firewall• No protection available from any firewalls

so must make absolutely certain that individual nodes of the Campus Grid are as secure as possible:– Individual nodes must be able to identify both

where grid traffic actually originates and the user to which the traffic is related and be assured that such identification is correct

– See my later talk on local security issues

• But don’t deploy a firewall to “protect” the Campus Grid unless your IT staff can support it!

Questions?