Trusted CI Webinar: Science DMZ Engagement with University of Arkansas, December 5th @11am EST

Mark Krenz and Don DuRousseau will be presenting the talk, Science DMZ Engagement with University of Arkansas, December 5th at 11am (Eastern).

Please register here.

A Science DMZ is a special network architecture designed to improve the speed at which large science data transfers can be made over the Internet while maintaining security of the assets. This webinar will provide an overview of the Science DMZ architecture, how to secure it, and cover use cases such as the statewide science network in Arkansas.

Speaker Bios:

Mark Krenz: Mark Krenz is the Chief Security Analyst at the Indiana University Center for Applied Cybersecurity Research and the Deputy CISO of Trusted CI. He is focused on cybersecurity operations, research and education. He has more than two decades of experience in system and network administration and has spent the last decade focused on cybersecurity.

Don DuRousseau: Don is Director of Research Technology at the University of Arkansas. He has over 20 years leadership experience in research technologies, cyberinfrastructures, cybersecurity, and informatics. He is an active researcher and contributor in areas of programmable networking, advanced computing, bioinformatics, and human systems engineering. He leads the NSF CC* CIRA: Shared Arkansas Research Plan for Community Cyberinfrastructure (SHARP) project in planning the statewide research cyberinfrastructure (RCI) operations and researcher training and support strategy for providing HPC and other research resources and services to all the universities and colleges in Arkansas.

Don was responsible for the operation and growth of the 100-G R&E Network (CAAREN) Capital Area Advanced Research and Education Network in Washington D.C. In addition, he led the operations of the HPC resources and distributed support services on campus and built the Capital Region Advanced Cyber Range (CRACR) through the NSF CICI: Regional: Substrate for Cybersecurity Education; a Path to Training, Research and Experimentation project carried out at The George Washington University.

---

Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."

 

Trusted CI, EPOC and University of Arkansas create security resources for Science DMZs

In the 2nd half of 2021 Trusted CI partnered with EPOC at Indiana University to participate in an engagement with University of Arkansas as they worked on the NSF funded project "Data Analytics that are Robust and Trusted" or DART. DART, funded by NSF grant #OIA-1946391 to build an Arkansas wide Science DMZ capability for use by participating institutions of higher education across Arkansas. A Science DMZ is a network architecture for friction free science data transfers that allows very high throughput. Most Science DMZs are modeled around two end points that need to transfer data between each other. The goal of the DART project is to build a statewide network for Arkansas institutions to transfer data between any participating institution.  The DART project applied for an engagement with Trusted CI in order to seek guidance on securing their multi-tenant ScienceDMZ infrastructure, but also to improve the state of security documentation for ScienceDMZs in general.

One of the challenges with Science DMZs is that CISOs and executive leadership at institutions have been resistant to the idea due to the myth that a Science DMZ has no security controls by being placed outside the traditional firewall perimeter. To try to quell these concerns the team wrote a white paper on the security of Science DMZs that is devoted in the first half to introducing the concept of a Science DMZ and explaining the need as well as the high level overview of the alternative security controls used. The audience for this first section is CISOs at universities.  The 2nd half of the document goes into more specific details of implementation, summarizing and referencing many of the recommendations made by various resources in the community as well as providing a few additional recommendations made by Trusted CI. This document is now published at https://scholarworks.iu.edu/dspace/handle/2022/27007.

During the first half of the engagement, Trusted CI and EPOC worked to determine the scope of what could be called the Science DMZ, with a lot of discussion in engagement meetings about what should and should not be on a Science DMZ. There is a natural temptation to place more hosts in the Science DMZ than are necessary and this must be resisted, instead use the data transfer nodes (DTNs) as the focal points on the Science DMZ.

Beyond the end of the engagement, Trusted CI, in partnership with staff from the DART project, plans to leverage this whitepaper to develop additional presentation materials to help other institutions promote and implement Science DMZs. This effort will start in the first half of 2022.

Trusted CI begins engagement with University of Arkansas

The University of Arkansas has engaged with Trusted CI and the Engagement and Performance Operations Center (EPOC) to review their plans for a Science DMZ that will serve institutions for higher education across Arkansas. Trusted CI and EPOC will also help create training and policy materials that can be reused by other institutions both in the state of Arkansas and beyond.

Science DMZs are a secure architecture for providing high throughput transfer of science data between two points. By placing data transfer nodes outside each institution's cononical network and into a specially controlled zone, the Science DMZ is able to increase speed by reducing the friction created by firewalls, other traffic, and switches and routers that are tuned for more diverse traffic.

 The University of Arkansas via its Data Analytics that are Robust and Trusted (DART) project, is funded by NSF GRANT #194639 for EPSCoR RII.