1 / 12

UNLP CA (Argentina)

UNLP CA (Argentina). Universidad Nacional de La Plata www.unlp.edu.ar Was created as a national university in 1905 Is the 3rd largest university in Argentina More than 90.000 enrolled students More than 140 degree programs More than 200 postgraduate programs

blaise
Download Presentation

UNLP CA (Argentina)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. UNLP CA (Argentina) Universidad Nacional de La Plata www.unlp.edu.ar • Was created as a national university in 1905 • Is the 3rd largest university in Argentina • More than 90.000 enrolled students • More than 140 degree programs • More than 200 postgraduate programs • Produces about 20% of the academic research in Argentina jdiaz@unlp.edu.ar

  2. UNLP CA (Argentina) Centro Superior para el Procesamiento de la Información www.cespi.unlp.edu.ar Provides research network for UNLP • 1991 (via BITNET) • April 1994 connection to Internet • Class B: 163.10.x.x. • Domain unlp.edu.ar • Autonomous Systems Number: 5692 • Since 2004 connected to Academic Research Networks Ampath & CLARA (via RETINA) • prefijo IPv6: 2001:1318:A001:: /64 jdiaz@unlp.edu.ar

  3. UNLP CA (Argentina) Ce.S.P.I • Provides Network Monitoring & management: • More than 3000 computers with public IP • Tools used: • Mtrg • Nagios • Netflow • Ipaudit • Administrative information systems • Payroll & human resources • Students system • Statistics jdiaz@unlp.edu.ar

  4. UNLP CA (Argentina) pkUNLPGrid CA Following RFC 3647 OID pending in IANA since 12/jan/06 • To be requested from IGTF • CP/CPS ver 0.91 (20/03/06) • http://www.pkiUNLPGrid.unlp.edu.ar • First checked by: Jorge Gomes (LIP) • Reviewers:Tony J. Genovese & Alan Sill jdiaz@unlp.edu.ar

  5. UNLP CA (Argentina) Persons involved with the computer network infrastructure for the project • Coordinating the CA for UNLP: Javier Díaz, Miguel Luengo • Policies, procedures & auditing: Viviana Ambrosi, Lia Molinari • PKI infraestructure for de CA: Paula Venosa, Viviana Ambrosi, Einar Lanfranco • Network administration (also working in an academic IRT): Miguel Luengo, Nicolas Macia, Andres Barbieri, Alejandro Veiga, Matias Zabaljauregui. • RA administration: Maria del Carmen Lago, Teresa Di Pietro, Fernanda Aday jdiaz@unlp.edu.ar

  6. UNLP CA (Argentina) UNLP is working in cooperation with the ONTI , the agency of the federal government of Argentina that coordinated used of information system and technology. • Security standars for the information systems. • Arcert which is the only CERT in Argentina. • pki.gov.ar which is the federal agency that promotes the use of digital signature in the government. • Providing digital signature support for the information systems provided by SIU to the Universities. jdiaz@unlp.edu.ar

  7. UNLP CA (Argentina) Initially only one RA related to UNLP The information to contact initial RA is in the site: http://www.pkiUNLPGrid.unlp.edu.ar The concept is one RA per University or Academic institution equivale CA Inst. 1 Inst. 2 Inst. 3 Inst. 4 RA RA RA RA RA jdiaz@unlp.edu.ar

  8. UNLP CA (Argentina) Name Forms: • PKUNLPGRID CA prefers that organizations use domain component naming. • Issuer: DC=ar, DC=UNLPgrid, CN=UNLPGridCA • Subject: DC=ar, DC=UNLPgrid, O=string, CN=name.surname DC=ar, DC=UNLPgrid, O=string, CN=FQDN jdiaz@unlp.edu.ar

  9. UNLP CA (Argentina) Types of names • For people the name and surname or a text directly derived from their name CN=JavierDiaz • For Server the server fully qualified domain name (FQDN).IP address are nor accepted CN=pkigrid.unlp.edu.ar • For Services the name of the service, the character '/' and the FQDN of the server. CN=ldap/ pkigrid.unlp.edu.ar jdiaz@unlp.edu.ar

  10. UNLP CA (Argentina) Lifetime of certificates CA key size 2048 bits, Initial 10 years lifetime. EE key size 1024 bits, Certificates valid for 13 months (one year + one month). CRL issued every 30 days (at least 7 day befores de expiration of the previous CRL or upon demand) jdiaz@unlp.edu.ar

  11. UNLP CA (Argentina) Guidelines CA offline CA online site supports : Certificates signed by the UNLPCA CRLs CP/CPS technical contacts of the CA RA contact pointer to the TAGPMA & IGTF jdiaz@unlp.edu.ar

  12. UNLP CA (Argentina) Tools used • CA offline: running Linux Debian stable, stored in a safe; OpenCA versión 0.9.2.5 (latest release), OpenSSL versión 0.9.7 using etokens-PRO de 32 K for holding private key of CA operators keep in a separate safe (with procedures for accessing the etoken and the passphrase) • CA online site • In the Datacenter of the UNLP with access control, etc • Behind a FW based on OpenBSD • Traffic analyzer (on separate port SPAN using SNORT with a correlation tool such as: ossim/sguil/prelude jdiaz@unlp.edu.ar

More Related