Abstract
It is difficult to promote cyber security measures in research institutes, especially in DMZ networks that allow connections from outside network. This difficulty mainly arises from two types of variety. One is the various requirements of servers operated by each research group. The other is the divergent skill level among server administrators. Unified manners rarely fit managing those servers. One of the solutions to overcome the above mentioned difficulties is vulnerability management. To overcome these challenges, There are two possible approaches. One of the options is to offer a simple and powerful vulnerability management service to the administrators of the DMZ hosts (DMZ admins). The other is to facilitate flexibility and efficiency in the development process of the service. To achieve these requirements, we designed and developed a vulnerability management portal site for DMZ admins, named DMZ User’s Portal. This paper describes the design of DMZ User’s Portal and the development process using a development framework, named DBPowder. Using the DMZ User’s Portal, each DMZ admin can perform a vulnerability scan on his/her own servers with ease. In other words, this delegates security vulnerability discovery and responsibility to individual DMZ admins that improve security awareness for them. Then, each DMZ admin can grasp and manage the security by himself/herself. The 13-year result from vulnerability scans show that the status of security in the KEK-DMZ has been kept in good conditions. Also, we are developing DBPowder object-relational mapping (ORM) framework to improve the flexibility and efficiency in the development process of DMZ User’s Portal.
Highlights
In KEK, there are various research groups within the fields of high-energy physics, material physics, and accelerator physics, and they offer various information and communication technology (ICT) services to various researchers around the world
In the KEK-DMZ network, there are over 300 individual hosts, which are managed by about 100 administrators (DMZ admin)
The results can be downloaded as a PDF report. Another feature helps DMZ admins from both viewpoints of support side and commandhierarchy side in harmony
Summary
In KEK, there are various research groups within the fields of high-energy physics, material physics, and accelerator physics, and they offer various information and communication technology (ICT) services to various researchers around the world. Each field of physics has its own way to proceed their research Their services are diverse, including experiments, GRID services, public relations, and login shell, among others (Figure 1). Many of these services cannot fit within the standard ones provided by the computing research center. In the KEK-DMZ network, there are over 300 individual hosts, which are managed by about 100 administrators (DMZ admin). The scanner is proprietary and has rich functions, but it is too intricate for non-experts in security to utilize. To address these challenges, we developed DMZ User’s Portal site, in 2007, that utilizes the vulnerability scanner. This paper shows the design and development issues of DMZ User’s Portal
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
