WARP - The new Concept for Remote Login Service

Starting from 1. July 2011 the remote access to the internal DESY Zeuthen network will be realized by a new concept.

The goal is a comfortable login with more safety.

The concept

• a cluster of access nodes will be used for an automatic and transparent forwarding to a suitable work group server of your group.
• the deciding factor is your primary login group
• choose the wgs with the lowest load
• the user has possibilities to choose another destination or another group
• users of groups which haven't an own wgs will be forwarded to a public wgs

Advantages

• the access systems need only an ssh and kerberos clearance in the firewall
• backdoors are not possible
• local root exploits on the access systems pose not longer a serious risk (except for the sshd )
• Users of different groups will be distributed across different machines

Problems in the past

• Whenever cases of local root exploits came to light, we had have to act immediately. (multiple in the year, one compromized user account is sufficient)

• Although all available security updates are rolling out quickly the login hosts are threatened by zero-day exploits
• All users used the same login hosts. Several times the pubs could not used by other users because of overload (misusage for job processing, mathematica process or similar).

Further information and usage suggestions you can find here: Warp_Login_Usage.