Speaker
Enrico Bonaccorsi
(CERN-CERN-CERN)
Description
The LHCb Experiment is one of the four large particle physics detectors at CERN. The LHCb Online System comprises more than 2000 servers and embedded systems and more than 200 network devices. It has more than 200 active users. Operational independence and strong isolation from the internet as well as from central CERN resources have been an important design criteria. Like any large experimental IT infrastructure we are confronted with the sometimes conflicting requirements between ease and convenience of operation and security needs.
This paper describes the IT security model adopted, its implementation and operational consequences. It presents the network structure, the authorization and authentication model, the hardening of the gateway servers, a three-tier redundant firewall implementations as well as the technical problems encountered and corresponding solutions.
Author
Enrico Bonaccorsi
(CERN-CERN-CERN)
Co-authors
Loic Brarda
(CERN-CERN-CERN)
Mohamed Chebbi
(CERN-CERN-CERN)
Niko Neufeld
(CERN-CERN-CERN)
