Speaker
Dr
Toru OHATA
(JASRI/SPring-8)
Description
SPring-8, a third-generation open user facility of synchrotron radiation,
accepts many experiment users coming from outside facilities. The users,
which constructed their own control system at each beam-line, require a
fast, stable and secure network environment to perform their experiments.
At first, we installed firewall systems to protect the network from outer
intrusion. However, the users connect own PCs to the network. If a PC is
carriers of some kind of computer virus, there is a possibility that the
network affects fatal damage, because a firewall have no effect on attack
from the inside. The modern IT has a lot of risks against the network
system for control and data acquisition. All risks cannot be avoided by only
one method. To achieve a secure network environment, we adopted
various approaches. Network segregation designing is the most important
thing. The range and the scale of the network trouble are controlled by
firewall and VLAN when an incident occurs. The network trouble is
prevented from spreading, and we can defend other experiments and a
facility operation. Intrusion detection and quarantine are also important.
We installed intrusion protection system (IPS), because attacks for
vulnerabilities are hard to protect by a firewall. Traditional SNMP
monitoring system and newer sFlow analyzer help realtime analysis and
restoration from problems of a network infrastructure. We introduced
these traffic monitoring systems. In addition, we prepared patch
management systems for major OS and carried out a vulnerability scan
regularly. We will discuss details in the workshop.
Author
Dr
Toru OHATA
(JASRI/SPring-8)
Co-authors
Ms
Miho ISHII
(JASRI/SPring-8)
Dr
Ryotaro TANAKA
(JASRI/SPring-8)
Dr
Toru FUKUI
(RIKEN/SPring-8)