UNLP CA (Argentina) - PowerPoint PPT Presentation

1 / 12
About This Presentation
Title:

UNLP CA (Argentina)

Description:

Was created as a national university in 1905. Is the 3rd largest university in Argentina ... port SPAN using SNORT with a correlation tool such as: ossim/sguil/prelude ... – PowerPoint PPT presentation

Number of Views:74
Avg rating:3.0/5.0
Slides: 13
Provided by: C305864
Category:

less

Transcript and Presenter's Notes

Title: UNLP CA (Argentina)


1
UNLP CA (Argentina)
  • Universidad Nacional de La Plata
  • www.unlp.edu.ar
  • Was created as a national university in 1905
  • Is the 3rd largest university in Argentina
  • More than 90.000 enrolled students
  • More than 140 degree programs
  • More than 200 postgraduate programs
  • Produces about 20 of the academic research in
    Argentina

2
UNLP CA (Argentina)
  • Centro Superior para el Procesamiento de la
    Información
  • www.cespi.unlp.edu.ar
  • Provides research network for UNLP
  • 1991 (via BITNET)
  • April 1994 connection to Internet
  • Class B 163.10.x.x.
  • Domain unlp.edu.ar
  • Autonomous Systems Number 5692
  • Since 2004 connected to Academic Research
    Networks Ampath CLARA (via RETINA)
  • prefijo IPv6 20011318A001 /64

3
UNLP CA (Argentina)
  • Ce.S.P.I
  • Provides Network Monitoring management
  • More than 3000 computers with public IP
  • Tools used
  • Mtrg
  • Nagios
  • Netflow
  • Ipaudit
  • Administrative information systems
  • Payroll human resources
  • Students system
  • Statistics

4
UNLP CA (Argentina)
  • pkUNLPGrid CA
  • Following RFC 3647
  • OID pending in IANA since 12/jan/06
  • To be requested from IGTF
  • CP/CPS ver 0.91 (20/03/06)
  • http//www.pkiUNLPGrid.unlp.edu.ar
  • First checked by Jorge Gomes (LIP)
  • ReviewersTony J. Genovese Alan Sill

5
UNLP CA (Argentina)
  • Persons involved with the computer network
    infrastructure for the project
  • Coordinating the CA for UNLP Javier Díaz, Miguel
    Luengo
  • Policies, procedures auditing Viviana Ambrosi,
    Lia Molinari
  • PKI infraestructure for de CA Paula Venosa,
    Viviana Ambrosi, Einar Lanfranco
  • Network administration (also working in an
    academic IRT) Miguel Luengo, Nicolas Macia,
    Andres Barbieri, Alejandro Veiga, Matias
    Zabaljauregui.
  • RA administration Maria del Carmen Lago, Teresa
    Di Pietro, Fernanda Aday

6
UNLP CA (Argentina)
  • UNLP is working in cooperation with the ONTI ,
    the agency of the federal government of Argentina
    that coordinated used of information system and
    technology.
  • Security standars for the information systems.
  • Arcert which is the only CERT in Argentina.
  • pki.gov.ar which is the federal agency that
    promotes the use of digital signature in the
    government.
  • Providing digital signature support for the
    information systems provided by SIU to the
    Universities.

7
UNLP CA (Argentina)
  • Initially only one RA related to UNLP
  • The information to contact initial RA is in the
    site
  • http//www.pkiUNLPGrid.unlp.edu.ar
  • The concept is one RA per University or Academic
    institution equivale

CA
Inst. 1
Inst. 2
Inst. 3
Inst. 4
RA
RA
RA
RA
RA
8
UNLP CA (Argentina)
  • Name Forms
  • PKUNLPGRID CA prefers that organizations use
    domain component naming.
  • Issuer
  • DCar, DCUNLPgrid, CNUNLPGridCA
  • Subject
  • DCar, DCUNLPgrid, Ostring, CNname.surname
  • DCar, DCUNLPgrid, Ostring, CNFQDN

9
UNLP CA (Argentina)
  • Types of names
  • For people the name and surname or a text
    directly derived from their name
  • CNJavierDiaz
  • For Server the server fully qualified domain name
    (FQDN).IP address are nor accepted
  • CNpkigrid.unlp.edu.ar
  • For Services the name of the service, the
    character '/' and the FQDN of the server.
  • CNldap/ pkigrid.unlp.edu.ar

10
UNLP CA (Argentina)
  • Lifetime of certificates
  • CA key size 2048 bits,
  • Initial 10 years lifetime.
  • EE key size 1024 bits,
  • Certificates valid for 13 months (one year one
    month).
  • CRL issued every 30 days (at least 7 day befores
    de expiration of the previous CRL or upon demand)

11
UNLP CA (Argentina)
  • Guidelines
  • CA offline
  • CA online site supports
  • Certificates signed by the UNLPCA
  • CRLs
  • CP/CPS
  • technical contacts of the CA
  • RA contact
  • pointer to the TAGPMA IGTF

12
UNLP CA (Argentina)
  • Tools used
  • CA offline running Linux Debian stable, stored
    in a safe OpenCA versión 0.9.2.5 (latest
    release), OpenSSL versión 0.9.7 using
    etokens-PRO de 32 K for holding private key of CA
    operators keep in a separate safe (with
    procedures for accessing the etoken and the
    passphrase)
  • CA online site
  • In the Datacenter of the UNLP with access
    control, etc
  • Behind a FW based on OpenBSD
  • Traffic analyzer (on separate port SPAN using
    SNORT with a correlation tool such as
    ossim/sguil/prelude
Write a Comment
User Comments (0)
About PowerShow.com