Npaci sdsc security activities
Download
1 / 27

NPACI/SDSC Security Activities - PowerPoint PPT Presentation


  • 85 Views
  • Uploaded on

NPACI/SDSC Security Activities. Tom Perrine San Diego Supercomputer Center [email protected] My Goal is. to convince you that you need to care about security security is the core service that enables all other services to explain what we are doing to protect our users

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' NPACI/SDSC Security Activities' - caesar


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
Npaci sdsc security activities

NPACI/SDSC Security Activities

Tom Perrine

San Diego Supercomputer Center

[email protected]


My goal is
My Goal is...

  • to convince you that

    • you need to care about security

    • security is the core service that enables all other services

  • to explain what we are doing to protect our users

  • to help you learn to protect yourself


Npaci incident response
NPACI Incident Response

users report to local security activity (if any)

users may report directly to UTexas or SDSC (7x24 coverage)

NPACI security contacts at security.sdsc.edu


Sdsc security activities
SDSC Security Activities

Research - PICS

Operational - Security Technologies

Awareness, education, partnerships


Pacific institute for computer security pics
Pacific Institute for Computer Security (PICS)

funded directed research

complementary to SecTech, CERT, COAST, vendors

multi-year program

looking at (designing!) next years threats


Security technologies sectech
Security Technologies (SecTech)

operational day-to-day security

network and host monitoring

policies, standards, guidelines, procedures

consult to system administrators

testbed for PICS tools


Partnerships
Partnerships

San Diego Regional Information Watch (SDRIW)

High Tech Criminal Investigation Association (HTCIA)

NPACI

UCSD Network Operations

DoD HPC Modernization Office


Our security goals
Our Security Goals

safe, but otherwise as open as possible

low cost to recover from incidents

“It’s not our (only) job.”

protect our computing infrastructure and our customers

be a security asset to the Internet community


The threat
The Threat

threats at differing levels of sophistication

lots of “ankle-biters”, mostly harmless to us

fewer, but more sophisticated

very few, but extremely dangerous

they exploit the tool “food chain”


Threat pyramid
Threat Pyramid

Very!!

hundreds

“aggressive”

thousands

Moderate

tens of thousands

"script or browser users"

"millions"

sophistication

population


Sophistication trends
Sophistication Trends

most sophisticated cracker

average system administrator


Sample of incidents
Sample of Incidents

  • East Coast University

  • Web Servers

  • Denial of Service

  • DoD “joy riders”

  • Theft of intellectual property

  • university web site defaced with porn


East coast university
East Coast University

  • hundreds of hosts

  • tens of groups of intruders

  • “wars” over parts of the campus nets

  • took months to clean up


Denial of service
Denial of Service

  • “smurf”, “flood”, “teardrop”, etc.

  • can cause DoS to large networks with a PC and a modem

  • common as dirt

  • very hard to trace


Dod joy riders
DoD “joy riders”

  • two California teens

  • dozens of DoD sites (and .COMs and .EDUs)

  • could have unintentionally masked more serious efforts

  • we were lucky


Theft of phd work
Theft of PhD work

  • northern California

  • PhD thesis notes stolen and accepted for publication in journal by someone else

  • never proven - suspected stolen from public file server

  • a different University has ID’ed theft of work as primary security concern


Funded work stolen and patented
Funded work stolen and patented

  • industry-funded research at a .EDU stolen/copied

  • patents filed by funding company’s competitor

  • grant not renewed


Phantom menace and the matrix
Phantom Menace and The Matrix

  • illegal copies found on university computers

  • advertised on web for sale

  • university served with court orders


University web site defaced with porn
University Web Site defaced with porn

  • research group’s web and FTP site taken over and used to distribute pornography

  • massive embarrassment

  • also held stolen software, could have cost $$$ from SPA


Current events since 1 june
Current events (since 1 June)

2 intrusions at SDSC

password sniffed at remote site

60+ probes/sweeps at SDSC

5+ intrusions at UCSD

297 web site defacements

6 .MIL

33 .EDU

6 NASA

25 other .GOV


Security policy
Security Policy

protect users - data, proprietary information, privacy

protect infrastructure

enable new ways to use resources (safely)

avoid service interruptions

prevent unauthorized use and abuse of resources


User authentication
User Authentication

“be liberal in what you accept”

support as many authentication schemes as we can afford

end goal - no plain-text passwords for any service


Supported authentication mechanisms
Supported Authentication Mechanisms

Kerberos Version 5

Secure Shell (SSH)

SSL+LDAP for HTTP - integrate w/K5 when practical

SecureNetKey (SNK) tokens

S/Key

plain text passwords - GONE!


Host network monitoring
Host/network monitoring

TCP wrappers installed on ALL UNIX hosts

PICS research network monitors on DMZ network

centralized logging of all UNIX hosts, NT in progress

PICS/SecTech log analysis - 1.1 million records/day (6/29/1999)


Why you should protect yourself
Why you should protect yourself

you have things of value

intellectual property

reputation

personal privacy

“privacy act data”/”medical records data”

possible loss of $$$ sponsorship


How you can protect yourself
How you can protect yourself

insist on secure services

encryption is Good (https, imaps, SSH, Kerberos)

install SSH and use it

turn off TELNET and FTP


References
References

http://security.sdsc.edu

http://www.sdriw.org

http://sd-htcia.com

http://www-no.ucsd.edu


ad