[AG-TECH] Encryption of Access Grid 2.x Sessions
Robert Olson
olson at mcs.anl.gov
Wed Jan 21 10:18:56 CST 2004
At 10:03 AM 1/21/2004, Allan Spale wrote:
>Thanks for the information and your prompt reply. Do you know which of
>the ANL virtual venues are encrypted? Also, are ANL instutional rooms
>encrypted and would each institution have control over that?
In the ag1 venue server, only the rooms named "Secure Room" and "Secure2"
have encryption enabled (well, the Encryption Test Room does too but it
doesn't have access control turned on); they are available for reservation.
In an ag2 venue server, I believe that encryption is on by default; I don't
recall the key-changing policiy offhand. You will want to ensure the
encryption keys there are of the form Rijndael/<key> in order to ensure
that AES/Rijndael encryption is used in the tools, and that they have been
freshly generated.
Essential for the security you're looking for is the proper configuration
of access control to the encrypted venues; without that everyone is just
given the keys upon entry.
You need to also make sure of physical security on the computers involved,
as well as restriction of remote access to them (if one had access to a
media capture machine, there may be windows of time where the key was
visible in a temp file; if one had root access on a capture machine one
could likely find the key in memory).
--bob
More information about the ag-tech
mailing list