Randall (Randy) Cardon - PowerPoint PPT Presentation

1 / 19
About This Presentation
Title:

Randall (Randy) Cardon

Description:

Privileged User Access for Non-US Citizens LA-UR 09-03378 Randall (Randy) Cardon rec_at_lanl.gov Los Alamos National Laboratory, an affirmative action/equal opportunity ... – PowerPoint PPT presentation

Number of Views:119
Avg rating:3.0/5.0
Slides: 20
Provided by: LCL55
Category:

less

Transcript and Presenter's Notes

Title: Randall (Randy) Cardon


1
Privileged User Access for Non-US Citizens LA-UR
09-03378
  • Randall (Randy) Cardon
  • rec_at_lanl.gov
  • Los Alamos National Laboratory, an affirmative
    action/equal opportunity employer, is operated by
    the Los Alamos National Security, LLC
  • for the National Nuclear Security Administration
    of the U.S. Department of Energy under contract
    DE-AC52-06NA25396. By acceptance
  • of this article, the publisher recognizes that
    the U.S. Government retains a nonexclusive,
    royalty-free license to publish or reproduce the
  • published form of this contribution, or to allow
    others to do so, for U.S. Government purposes.
    Los Alamos National Laboratory requests
  • that the publisher identify this article as work
    performed under the auspices of the U.S.
    Department of Energy. Los Alamos National
  • Laboratory strongly supports academic freedom and
    a researchers right to publish as an
    institution, however, the Laboratory does not
  • endorse the viewpoint of a publication or
    guarantee its technical correctness.

2
(No Transcript)
3
Things Im Glad I Didnt Say
  • Everything that can be invented has been
    invented.
  • I think there is a world market for maybe five
    computers.
  • Get your feet off my desk, get out of here, you
    stink, and we're not going to buy your product.
  • There is no reason for any individual to have a
    computer in his home
  • 640K ought to be enough for anybody.

4
Things I Wish Id Said
  • "However beautiful the strategy, you should
    occasionally look at the results.
  • Great leaders tell people what to do not how to
    do their jobs. They allocate resources, and give
    them authority.

5
Contact Information
  • Randy Cardon
  • rec_at_lanl.gov
  • (505) 665-1853

6
Multiple Tools
  • Database for International Visits and Assignments
    (DIVA)
  • Open Collaborator Enclave (OCE)
  • Privileged User Access Request (PUAR)

7
DIVA
  • The requirements were provided by Foreign Visits
    and Assignments.
  • The implementation was done by LDRD

8
How Does DIVA Work
  • DIVA does the following
  • Captures visitor and visit or assignment
    information as a request
  • Routes the request for reviews and approvals
  • Authorizes Badging

9
User Roles and Actions
10
Review and Approval
11
OCE
  • The initial concept and design were done by
    ACS-PO
  • The implementation was done by NIE

12
OCE Enclave
13
Goals
  • Create a network that is segmented from the
    Yellow for FN systems to meet HQ expectations.
  • Meet the NAP requirements through engineered
    controls.
  • Demonstrate a new model architecture for the LANL
    unclassified environment that provides greater
    data protection, access flexibility and control,
    and monitoring for various use profiles of LANL
    unclassified computing.
  • Provide near real-time access management updates
    for Inter-enclave access with enforced business
    rules.
  • Develop enhance surveillance to detect
    unauthorized access.

14
OCE Design
Diva
Enclave Membership and Access Management
RemoteAccess
Net Devices
SSL VPN
OCE Control
Business Rules
OCE Host
Authentication Logs
OCE Gateway
Yellow Network Resource
Cyber Monitoring
OCE Host
15
Access Control Features
  • User Based Authenticated Access to specific
    Yellow assets.
  • OCE Control manages access control.
  • User Role based access.
  • Role Yellow Assets Who can access them.
  • Yellow Monitoring
  • Key indicators are monitored for unauthorized OCE
    access. OCE Members can only access the OCE
    resources and those yellow resources that a
    member is authorized through roles.
  • Jumping from authorized Yellow resources to
    non-authorized resources will be detected.
  • Bypassing OCE Gateway will also be detected using
    this system.
  • Remote Access
  • Remote OCE Users see same access control polices
    as local.

16
Use Cases
17
PUAR
  • Requirements were developed by OCIO
  • Implementation was done by SAE

18
PUAR Workflow
19
Questions?
  • Nothing in the world can take the place of
    persistence. Talent will not nothing is more
    common than unsuccessful men with talent. Genius
    will not unrewarded genius is almost a proverb.
    Education will not the world is full of educated
    derelicts. Persistence and determination alone
    are omnipotent.
  • Calvin
    Coolidge
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Randall (Randy) Cardon" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!