[AG-TECH] Encryption of Access Grid 2.x Sessions

Robert Olson olson at mcs.anl.gov
Wed Jan 21 10:18:56 CST 2004

At 10:03 AM 1/21/2004, Allan Spale wrote:
>Thanks for the information and your prompt reply.  Do you know which of
>the ANL virtual venues are encrypted?  Also, are ANL instutional rooms
>encrypted and would each institution have control over that?

In the ag1 venue server, only the rooms named "Secure Room" and "Secure2" 
have encryption enabled (well, the Encryption Test Room does too but it 
doesn't have access control turned on); they are available for reservation.

In an ag2 venue server, I believe that encryption is on by default; I don't 
recall the key-changing policiy offhand. You will want to ensure the 
encryption keys there are of the form Rijndael/<key> in order to ensure 
that AES/Rijndael encryption is used in the tools, and that they have been 
freshly generated.

Essential for the security you're looking for is the proper configuration 
of access control to the encrypted venues; without that everyone is just 
given the keys upon entry.

You need to also make sure of physical security on the computers involved, 
as well as restriction of remote access to them (if one had access to a 
media capture machine, there may be windows of time where the key was 
visible in a temp file; if one had root access on a capture machine one 
could likely find the key in memory).


More information about the ag-tech mailing list