NERSC Users Group Meeting Stephen Lau NERSC November 6, 2014 - PowerPoint PPT Presentation

slide1 n.
Skip this Video
Loading SlideShow in 5 Seconds..
NERSC Users Group Meeting Stephen Lau NERSC November 6, 2014 PowerPoint Presentation
Download Presentation
NERSC Users Group Meeting Stephen Lau NERSC November 6, 2014

play fullscreen
1 / 35
Download Presentation
NERSC Users Group Meeting Stephen Lau NERSC November 6, 2014
241 Views
Download Presentation

NERSC Users Group Meeting Stephen Lau NERSC November 6, 2014

- - - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

  1. Things Your Parents Never Told You About Practicing Safe Computing in a High Performance Computational Environment NERSC Users Group Meeting Stephen Lau NERSC November 6, 2014

  2. Goals and Overview • Goals • Increase Cybersecurity Awareness • Overview of Basic Techniques to Reduce Risk • What You Need to Do When You Have an Incident • Overview • What, How and Why of Computer Security • How NERSC Handles Computer Security • Practicing Safe Computing • In Case of Emergency NUG Training November 6, 2014

  3. What is Computer Security? • What are we protecting? • Availability of our systems to users • Downtime of our users • Being good “net citizens” • Prevent bad publicity • New item – preventing cyberterrorism • Computer security has no guarantees • Not “if” but “when” • Security measures will lower,not eliminate risk • There is no “blueprint” for computer security NUG Training November 6, 2014

  4. Why Worry? • Threats are on the increase • NERSC is scanned on average 30-40 times a day • Rate is increasing over time • Our experience • Unpatched system on the open Internet will get exploited within an “average” of 4 hours • Threats are becoming more sophisticated • Multi-vector attack methods • Large scale attacks becoming more prevalent NUG Training November 6, 2014

  5. Hostile Scans NUG Training November 6, 2014

  6. Hostile Scans NUG Training November 6, 2014

  7. Why Worry? • Attack tools becoming easier to use • More and more automation • Technical expertise not required • More exploitable systems • Industry not “security” savvy • Security typically an afterthought • Proliferation of Internet enabled devices • Majority unpatched and unattended NUG Training November 6, 2014

  8. Threat Vectors • Scanning • Used as a reconnaissance tool • Determine vulnerabilities for later exploit • Fairly automated • Poorly maintained systems • Exploit waiting to happen • Unpatched or poorly patched systems • Outdated operating systems • Systems running unneeded services NUG Training November 6, 2014

  9. Threat Vectors • Social Engineering / User Education (lack of) • Inadvertent misuse of available tools • Unaware of computer security risks • Hard to defend against • Best defense is education • Worms and Viruses • Morris Worm, Code Red (v1, v2), Nimda, etc. • Self propagating code • Average of 40 worms knock on our door everyday NUG Training November 6, 2014

  10. Code Red Worm Example • Different variants of worm, CRv2 triggered July 19, 2001 • Exploited Microsoft IIS vulnerability • ~300,000 hosts on the Internet were infected in about 13 hours NUG Training November 6, 2014

  11. Worm Trends NUG Training November 6, 2014

  12. Worm Trends NUG Training November 6, 2014

  13. Threat Factors • Script kiddies • Typically clueless • Attempts windows exploits on a Cray • Dedicated attackers • Stepping stone platforms • Claim to fame • Users and staff • Mobile staff introduces vulnerabilities • Offsite systems beyond our control • Remote and home systems can be compromised NUG Training November 6, 2014

  14. Other Factors • Maintaining our mission • Provide our users with an unimpeded environment • Promote development of new computational techniques • Encourage collaboration • Post Sept 11th factor • Heightened awareness regarding cyberterrorism • New DOE mandates regarding cybersecurity • Effect on high performance computing TBD • Stay tuned! NUG Training November 6, 2014

  15. NERSC Computational Environment • Unlike enterprise institutions • Enterprise oriented computer security techniques fail • High performance platforms • High bandwidth/performance applications • Unique applications with unique requirements and traffic patterns • Diverse and distributed resources • Multi-institutional collaborations across all levels NUG Training November 6, 2014

  16. NERSC Computer Security • NERSC uses a "layered approach" or "defense in depth” • Use of multiple tools and techniques leverages off strengths and weaknesses • Multiple sensors to detect and prevent intrusions • No single points of failure • No single tool or technique guarantees a secureenvironment NUG Training November 6, 2014

  17. Defense in Depth • External Perimeter Defense • Bro Intrusion Detection System • Router filtering • Host shunning • Network Protection • Firewalls where appropriate • Subnet traffic filtering NUG Training November 6, 2014

  18. Defense in Depth • Host Level Security • Periodic host scanning • Vulnerability eradication • Anti-virus software • Education • Periodic in-house training for NERSC staff • Education of NERSC users regarding cybersecurity NUG Training November 6, 2014

  19. Bro (We’re watching you) • High performance intrusion detection system developed at LBNL and AT&T ACRI • Passively monitors a network link • Taps directly into fiber coming into NERSC • Records all sessions • Selectively ignores some information • i.e. ftp data • Bro allows us to “reconstruct the crime” • Data recorded for unencrypted interactive sessions NUG Training November 6, 2014

  20. Bro • Works in conjunction with border router to drop (shun) hosts at the border • Detects stepping stones • Compromised system used as a gateway • Detects “backdoors” • i.e. telnet servers on non-standard port • Detects file sharing systems • Gnutella, Napster, KaZaa NUG Training November 6, 2014

  21. Most Common Security Incidents at NERSC • Sniffed passwords • Someone gets a hold of a user password • Externally compromised system • Exposure via unencrypted means • Unpatched systems • New systems (not yet patched) • Toolkits used to exploit known vulnerabilities • Visitors and staff unknowingly bring in vulnerable or pre-hacked systems NUG Training November 6, 2014

  22. Practicing Safe Computing • Things you can do to reduce your chance and the impact of a compromise • By no means is this list exhaustive • You can follow all these guidelines and still be hacked • MAINTAIN BACKUPS • #1 preventive measure • Make sure your backups are actually backing up the right thing • Keep your workstation patched NUG Training November 6, 2014

  23. Practicing Safe Computing • Use virus protection software on Windows systems • Remember to update your virus checker at LEAST once a week • Don’t rely on “automatic” updating • Eliminate clear text password usage • Use SSH, scp, sftp where possible • Don’t “stepping stone” from an unencrypted session into an encrypted session • i.e. don’t telnet from home to work and then from work SSH into NERSC NUG Training November 6, 2014

  24. Practicing Safe Computing • Disable services that are not needed • Work with your local system administrators to do this • Unix • Echo, discard, daytime, telnet, rcp, rsh, sadmind, dtspcd • Windows • Disable IIS (just say NO to IIS) • Disable open shares • Don’t run executable email attachments • Primary method of spreading viruses • “I Love you” virus • “Melissa” virus NUG Training November 6, 2014

  25. Practicing Safe Computing • Passwords • Choose a non easily guessed password • NERSC has guidelines for choosing passwords • http://hpcf.nersc.gov/policy/password.html • Mix alphanumeric with special characters (!@#$%^*()>?”{},.;l’-) • Example: • Use first letters of a saying you can remember • Non politically correct example: Stellar sequence • “Oh,Be AFine Girl,Kiss Me!” = o,BaF6,KM! • If you must expose your clear text password, make sure it’s different than your encrypted ones! • DON’T share your passwords NUG Training November 6, 2014

  26. Practicing Safe Computing • Use encryption wherever possible • Encrypt your email (especially private information) • PGP • Use SSH and SSH tunneling wherever possible • Remember to use a passphrase on your SSH key • Encrypt private files • Ensure deletion of files (especially Windows systems) • Freeware tools available to securely delete files NUG Training November 6, 2014

  27. Practicing Safe Computing • Security isn’t only for your office environment • Home systems are heavily targeted • Be wary of public systems and networks • Wireless systems are NOT secure • Physical security • Use screensavers with password lock • Prevents other people from using your system • Secure all portable electronic devices (Keep your seatbacks and tray tables in an upright and locked position) • Laptops, cell phones, PDAs, voicemail • Keep them with you or lock them down NUG Training November 6, 2014

  28. Practicing Safe Computing(for the more adventurous) • Host based filtering systems • Windows Platform • Kerio Firewall • Zone Alarm • Linux / Unix • Ipchains • tcpwrappers • Scan your workstation • Determines vulnerabilities and services enabled • Contact your local system administrator first • WARNING: Don’t scan other people’s workstations! NUG Training November 6, 2014

  29. Free Scanning Tools • Nessus • Server/client model • Client • Windows/Java/Unix • Server • Unix • http://www.nessus.org • Nmap • Unix/Windows platforms • http://www.insecure.org NUG Training November 6, 2014

  30. In Case of Emergency • Be “cyber security” aware • Watch for strange “new” files • Odd behavior of your system • Unexplained accesses to your account • Processes you can’t account for • Watch what you “click” • Are the ‘dancing pigs’ worth it? • Report strange occurrences • Notify your local system administrators • NERSC mandates users report compromises • This includes EXTERNAL compromises NUG Training November 6, 2014

  31. In Case of Emergency • NERSC will NEVER do the following: • Ask you for your password, even over the phone • Give your email address to an outside source without your permission • Never underestimate social engineering • If in doubt, ask for a call back number and hang up • Computer security related matters should be handled via telephone or encrypted email whenever possible NUG Training November 6, 2014

  32. In Case of Emergency • For computer security related emergencies • Phone NERSC Operations • 24hrs/day, 7 days a week • +1 (510) 486-8600 • Email: security@nersc.gov • To contact me: • Stephen Lau • Email: slau@lbl.gov • Phone: +1 (510) 486-7178 • PGP Key Fingerprint: • 44C8 C9CB C15E 2AE1 7B0A 544E 9A04 AB2B F63F 748B NUG Training November 6, 2014

  33. FIN NUG Training November 6, 2014

  34. NUG Training November 6, 2014

  35. NUG Training November 6, 2014