Things Your Parents Never Told You About Practicing Safe Computing in a High Performance Computation

1
Things Your Parents Never Told You About
Practicing Safe Computing in a High Performance
Computational Environment

• NERSC Users Group Meeting
• Stephen Lau
• NERSC
• October 30, 2009

2
Goals and Overview

• Goals
• Increase Cybersecurity Awareness
• Overview of Basic Techniques to Reduce Risk
• What You Need to Do When You Have an Incident
• Overview
• What, How and Why of Computer Security
• How NERSC Handles Computer Security
• Practicing Safe Computing
• In Case of Emergency

3
What is Computer Security?

• What are we protecting?
• Availability of our systems to users
• Downtime of our users
• Being good net citizens
• Prevent bad publicity
• New item preventing cyberterrorism
• Computer security has no guarantees
• Not if but when
• Security measures will lower, not eliminate risk
• There is no blueprint for computer security

4
Why Worry?

• Threats are on the increase
• NERSC is scanned on average 30-40 times a day
• Rate is increasing over time
• Our experience
• Unpatched system on the open Internet will get
  exploited within an average of 4 hours
• Threats are becoming more sophisticated
• Multi-vector attack methods
• Large scale attacks becoming more prevalent

5
Hostile Scans
6
Hostile Scans
7
Why Worry?

• Attack tools becoming easier to use
• More and more automation
• Technical expertise not required
• More exploitable systems
• Industry not security savvy
• Security typically an afterthought
• Proliferation of Internet enabled devices
• Majority unpatched and unattended

8
Threat Vectors

• Scanning
• Used as a reconnaissance tool
• Determine vulnerabilities for later exploit
• Fairly automated
• Poorly maintained systems
• Exploit waiting to happen
• Unpatched or poorly patched systems
• Outdated operating systems
• Systems running unneeded services

9
Threat Vectors

• Social Engineering / User Education (lack of)
• Inadvertent misuse of available tools
• Unaware of computer security risks
• Hard to defend against
• Best defense is education
• Worms and Viruses
• Morris Worm, Code Red (v1, v2), Nimda, etc.
• Self propagating code
• Average of 40 worms knock on our door everyday

10
Code Red Worm Example

• Different variants of worm, CRv2 triggered July
  19, 2001
• Exploited Microsoft IIS vulnerability
• 300,000 hosts on the Internet were infected in
  about 13 hours

11
Worm Trends
12
Worm Trends
13
Threat Factors

• Script kiddies
• Typically clueless
• Attempts windows exploits on a Cray
• Dedicated attackers
• Stepping stone platforms
• Claim to fame
• Users and staff
• Mobile staff introduces vulnerabilities
• Offsite systems beyond our control
• Remote and home systems can be compromised

14
Other Factors

• Maintaining our mission
• Provide our users with an unimpeded environment
• Promote development of new computational
  techniques
• Encourage collaboration
• Post Sept 11th factor
• Heightened awareness regarding cyberterrorism
• New DOE mandates regarding cybersecurity
• Effect on high performance computing TBD
• Stay tuned!

15
NERSC Computational Environment

• Unlike enterprise institutions
• Enterprise oriented computer security techniques
  fail
• High performance platforms
• High bandwidth/performance applications
• Unique applications with unique requirements and
  traffic patterns
• Diverse and distributed resources
• Multi-institutional collaborations across all
  levels

16
NERSC Computer Security

• NERSC uses a "layered approach" or "defense in
  depth
• Use of multiple tools and techniques leverages
  off strengths and weaknesses
• Multiple sensors to detect and prevent intrusions
• No single points of failure
• No single tool or technique guarantees a
  secureenvironment

17
Defense in Depth

• External Perimeter Defense
• Bro Intrusion Detection System
• Router filtering
• Host shunning
• Network Protection
• Firewalls where appropriate
• Subnet traffic filtering

18
Defense in Depth

• Host Level Security
• Periodic host scanning
• Vulnerability eradication
• Anti-virus software
• Education
• Periodic in-house training for NERSC staff
• Education of NERSC users regarding cybersecurity

19
Bro (Were watching you)

• High performance intrusion detection system
  developed at LBNL and ATT ACRI
• Passively monitors a network link
• Taps directly into fiber coming into NERSC
• Records all sessions
• Selectively ignores some information
• i.e. ftp data
• Bro allows us to reconstruct the crime
• Data recorded for unencrypted interactive sessions

20
Bro

• Works in conjunction with border router to drop
  (shun) hosts at the border
• Detects stepping stones
• Compromised system used as a gateway
• Detects backdoors
• i.e. telnet servers on non-standard port
• Detects file sharing systems
• Gnutella, Napster, KaZaa

21
Most Common Security Incidents at NERSC

• Sniffed passwords
• Someone gets a hold of a user password
• Externally compromised system
• Exposure via unencrypted means
• Unpatched systems
• New systems (not yet patched)
• Toolkits used to exploit known vulnerabilities
• Visitors and staff unknowingly bring in
  vulnerable or pre-hacked systems

22
Practicing Safe Computing

• Things you can do to reduce your chance and the
  impact of a compromise
• By no means is this list exhaustive
• You can follow all these guidelines and still be
  hacked
• MAINTAIN BACKUPS
• 1 preventive measure
• Make sure your backups are actually backing up
  the right thing
• Keep your workstation patched

23
Practicing Safe Computing

• Use virus protection software on Windows systems
• Remember to update your virus checker at LEAST
  once a week
• Dont rely on automatic updating
• Eliminate clear text password usage
• Use SSH, scp, sftp where possible
• Dont stepping stone from an unencrypted
  session into an encrypted session
• i.e. dont telnet from home to work and then from
  work SSH into NERSC

24
Practicing Safe Computing

• Disable services that are not needed
• Work with your local system administrators to do
  this
• Unix
• Echo, discard, daytime, telnet, rcp, rsh,
  sadmind, dtspcd
• Windows
• Disable IIS (just say NO to IIS)
• Disable open shares
• Dont run executable email attachments
• Primary method of spreading viruses
• I Love you virus
• Melissa virus

25
Practicing Safe Computing

• Passwords
• Choose a non easily guessed password
• NERSC has guidelines for choosing passwords
• http//hpcf.nersc.gov/policy/password.html
• Mix alphanumeric with special characters
  (!_at_()gt?,.l-)
• Example
• Use first letters of a saying you can remember
• Non politically correct example Stellar sequence
• Oh, Be A Fine Girl, Kiss Me! o,BaF6,KM!
• If you must expose your clear text password, make
  sure its different than your encrypted ones!
• DONT share your passwords

26
Practicing Safe Computing

• Use encryption wherever possible
• Encrypt your email (especially private
  information)
• PGP
• Use SSH and SSH tunneling wherever possible
• Remember to use a passphrase on your SSH key
• Encrypt private files
• Ensure deletion of files (especially Windows
  systems)
• Freeware tools available to securely delete files

27
Practicing Safe Computing

• Security isnt only for your office environment
• Home systems are heavily targeted
• Be wary of public systems and networks
• Wireless systems are NOT secure
• Physical security
• Use screensavers with password lock
• Prevents other people from using your system
• Secure all portable electronic devices (Keep your
  seatbacks and tray tables in an upright and
  locked position)
• Laptops, cell phones, PDAs, voicemail
• Keep them with you or lock them down

28
Practicing Safe Computing(for the more
adventurous)

• Host based filtering systems
• Windows Platform
• Kerio Firewall
• Zone Alarm
• Linux / Unix
• Ipchains
• tcpwrappers
• Scan your workstation
• Determines vulnerabilities and services enabled
• Contact your local system administrator first
• WARNING Dont scan other peoples workstations!

29
Free Scanning Tools

• Nessus
• Server/client model
• Client
• Windows/Java/Unix
• Server
• Unix
• http//www.nessus.org
• Nmap
• Unix/Windows platforms
• http//www.insecure.org

30
In Case of Emergency

• Be cyber security aware
• Watch for strange new files
• Odd behavior of your system
• Unexplained accesses to your account
• Processes you cant account for
• Watch what you click
• Are the dancing pigs worth it?
• Report strange occurrences
• Notify your local system administrators
• NERSC mandates users report compromises
• This includes EXTERNAL compromises

31
In Case of Emergency

• NERSC will NEVER do the following
• Ask you for your password, even over the phone
• Give your email address to an outside source
  without your permission
• Never underestimate social engineering
• If in doubt, ask for a call back number and hang
  up
• Computer security related matters should be
  handled via telephone or encrypted email whenever
  possible

32
In Case of Emergency

• For computer security related emergencies
• Phone NERSC Operations
• 24hrs/day, 7 days a week
• 1 (510) 486-8600
• Email security_at_nersc.gov
• To contact me
• Stephen Lau
• Email slau_at_lbl.gov
• Phone 1 (510) 486-7178
• PGP Key Fingerprint
• 44C8 C9CB C15E 2AE1 7B0A 544E 9A04 AB2B F63F 748B

33

• FIN

34
(No Transcript)
35
(No Transcript)