npaci/sdsc security activities
DESCRIPTION
NPACI/SDSC Security Activities. Tom Perrine San Diego Supercomputer Center [email protected]. My Goal is. to convince you that you need to care about security security is the core service that enables all other services to explain what we are doing to protect our users - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/1.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure NPACI: National Partnership for Advanced Computational Infrastructure
NPACI/SDSC Security Activities
Tom Perrine
San Diego Supercomputer Center
![Page 2: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/2.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
2
My Goal is...
• to convince you that – you need to care about security– security is the core service that enables all other
services
• to explain what we are doing to protect our users
• to help you learn to protect yourself
![Page 3: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/3.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
3
NPACI Incident Response
• users report to local security activity (if any)
• users may report directly to UTexas or SDSC (7x24 coverage)
• NPACI security contacts at security.sdsc.edu
![Page 4: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/4.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
4
NPACI: National Partnership for Advanced Computational Infrastructure
SDSC Security Activities
• Research - PICS
• Operational - Security Technologies
• Awareness, education, partnerships
![Page 5: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/5.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
5
NPACI: National Partnership for Advanced Computational Infrastructure
Pacific Institute for Computer Security (PICS)
• funded directed research
• complementary to SecTech, CERT, COAST, vendors
• multi-year program
• looking at (designing!) next years threats
![Page 6: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/6.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
6
NPACI: National Partnership for Advanced Computational Infrastructure
Security Technologies (SecTech)
• operational day-to-day security
• network and host monitoring
• policies, standards, guidelines, procedures
• consult to system administrators
• testbed for PICS tools
![Page 7: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/7.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
7
NPACI: National Partnership for Advanced Computational Infrastructure
Partnerships
• San Diego Regional Information Watch (SDRIW)
• High Tech Criminal Investigation Association (HTCIA)
• NPACI
• UCSD Network Operations
• DoD HPC Modernization Office
![Page 8: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/8.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
8
NPACI: National Partnership for Advanced Computational Infrastructure
Our Security Goals
• safe, but otherwise as open as possible
• low cost to recover from incidents
• “It’s not our (only) job.”
• protect our computing infrastructure and our customers
• be a security asset to the Internet community
![Page 9: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/9.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
9
The Threat
• threats at differing levels of sophistication
• lots of “ankle-biters”, mostly harmless to us
• fewer, but more sophisticated
• very few, but extremely dangerous
• they exploit the tool “food chain”
![Page 10: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/10.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
10
Very!!
Moderate
sophistication
"script or browser users"
hundreds
tens of thousands
"millions"
population
Threat Pyramid
“aggressive” thousands
![Page 11: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/11.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
11
most sophisticated cracker
average system administrator
Sophistication Trends
![Page 12: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/12.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
12
Sample of Incidents
• East Coast University
• Web Servers
• Denial of Service
• DoD “joy riders”
• Theft of intellectual property
• university web site defaced with porn
![Page 13: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/13.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
13
East Coast University
• hundreds of hosts
• tens of groups of intruders
• “wars” over parts of the campus nets
• took months to clean up
![Page 14: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/14.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
14
Denial of Service
• “smurf”, “flood”, “teardrop”, etc.
• can cause DoS to large networks with a PC and a modem
• common as dirt
• very hard to trace
![Page 15: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/15.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
15
DoD “joy riders”
• two California teens
• dozens of DoD sites (and .COMs and .EDUs)
• could have unintentionally masked more serious efforts
• we were lucky
![Page 16: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/16.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
16
Theft of PhD work
• northern California
• PhD thesis notes stolen and accepted for publication in journal by someone else
• never proven - suspected stolen from public file server
• a different University has ID’ed theft of work as primary security concern
![Page 17: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/17.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
17
Funded work stolen and patented
• industry-funded research at a .EDU stolen/copied
• patents filed by funding company’s competitor
• grant not renewed
![Page 18: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/18.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
18
Phantom Menace and The Matrix
• illegal copies found on university computers
• advertised on web for sale
• university served with court orders
![Page 19: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/19.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
19
University Web Site defaced with porn
• research group’s web and FTP site taken over and used to distribute pornography
• massive embarrassment
• also held stolen software, could have cost $$$ from SPA
![Page 20: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/20.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
20
Current events (since 1 June)• 2 intrusions at SDSC
– password sniffed at remote site
• 60+ probes/sweeps at SDSC
• 5+ intrusions at UCSD
• 297 web site defacements– 6 .MIL– 33 .EDU– 6 NASA– 25 other .GOV
![Page 21: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/21.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
21
Security Policy
• protect users - data, proprietary information, privacy
• protect infrastructure
• enable new ways to use resources (safely)
• avoid service interruptions
• prevent unauthorized use and abuse of resources
![Page 22: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/22.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
22
User Authentication
• “be liberal in what you accept”
• support as many authentication schemes as we can afford
• end goal - no plain-text passwords for any service
![Page 23: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/23.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
23
Supported Authentication Mechanisms
• Kerberos Version 5
• Secure Shell (SSH)
• SSL+LDAP for HTTP - integrate w/K5 when practical
• SecureNetKey (SNK) tokens
• S/Key
• plain text passwords - GONE!
![Page 24: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/24.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
24
Host/network monitoring• TCP wrappers installed on ALL UNIX hosts
• PICS research network monitors on DMZ network
• centralized logging of all UNIX hosts, NT in progress
• PICS/SecTech log analysis - 1.1 million records/day (6/29/1999)
![Page 25: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/25.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
25
Why you should protect yourself
• you have things of value– intellectual property– reputation– personal privacy
• “privacy act data”/”medical records data”
• possible loss of $$$ sponsorship
![Page 26: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/26.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
26
How you can protect yourself
• insist on secure services
• encryption is Good (https, imaps, SSH, Kerberos)
• install SSH and use it
• turn off TELNET and FTP
![Page 27: NPACI/SDSC Security Activities](https://reader036.vdocuments.us/reader036/viewer/2022062410/56815894550346895dc5f4fc/html5/thumbnails/27.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
27
References
• http://security.sdsc.edu
• http://www.sdriw.org
• http://sd-htcia.com
• http://www-no.ucsd.edu