Title: Things Your Parents Never Told You About Practicing Safe Computing in a High Performance Computation
1Things Your Parents Never Told You About
Practicing Safe Computing in a High Performance
Computational Environment
- NERSC Users Group Meeting
- Stephen Lau
- NERSC
- October 30, 2009
2Goals and Overview
- Goals
- Increase Cybersecurity Awareness
- Overview of Basic Techniques to Reduce Risk
- What You Need to Do When You Have an Incident
- Overview
- What, How and Why of Computer Security
- How NERSC Handles Computer Security
- Practicing Safe Computing
- In Case of Emergency
3What is Computer Security?
- What are we protecting?
- Availability of our systems to users
- Downtime of our users
- Being good net citizens
- Prevent bad publicity
- New item preventing cyberterrorism
- Computer security has no guarantees
- Not if but when
- Security measures will lower, not eliminate risk
- There is no blueprint for computer security
4Why Worry?
- Threats are on the increase
- NERSC is scanned on average 30-40 times a day
- Rate is increasing over time
- Our experience
- Unpatched system on the open Internet will get
exploited within an average of 4 hours - Threats are becoming more sophisticated
- Multi-vector attack methods
- Large scale attacks becoming more prevalent
5Hostile Scans
6Hostile Scans
7Why Worry?
- Attack tools becoming easier to use
- More and more automation
- Technical expertise not required
- More exploitable systems
- Industry not security savvy
- Security typically an afterthought
- Proliferation of Internet enabled devices
- Majority unpatched and unattended
8Threat Vectors
- Scanning
- Used as a reconnaissance tool
- Determine vulnerabilities for later exploit
- Fairly automated
- Poorly maintained systems
- Exploit waiting to happen
- Unpatched or poorly patched systems
- Outdated operating systems
- Systems running unneeded services
9Threat Vectors
- Social Engineering / User Education (lack of)
- Inadvertent misuse of available tools
- Unaware of computer security risks
- Hard to defend against
- Best defense is education
- Worms and Viruses
- Morris Worm, Code Red (v1, v2), Nimda, etc.
- Self propagating code
- Average of 40 worms knock on our door everyday
10Code Red Worm Example
- Different variants of worm, CRv2 triggered July
19, 2001 - Exploited Microsoft IIS vulnerability
- 300,000 hosts on the Internet were infected in
about 13 hours
11Worm Trends
12Worm Trends
13Threat Factors
- Script kiddies
- Typically clueless
- Attempts windows exploits on a Cray
- Dedicated attackers
- Stepping stone platforms
- Claim to fame
- Users and staff
- Mobile staff introduces vulnerabilities
- Offsite systems beyond our control
- Remote and home systems can be compromised
14Other Factors
- Maintaining our mission
- Provide our users with an unimpeded environment
- Promote development of new computational
techniques - Encourage collaboration
- Post Sept 11th factor
- Heightened awareness regarding cyberterrorism
- New DOE mandates regarding cybersecurity
- Effect on high performance computing TBD
- Stay tuned!
15NERSC Computational Environment
- Unlike enterprise institutions
- Enterprise oriented computer security techniques
fail - High performance platforms
- High bandwidth/performance applications
- Unique applications with unique requirements and
traffic patterns - Diverse and distributed resources
- Multi-institutional collaborations across all
levels
16NERSC Computer Security
- NERSC uses a "layered approach" or "defense in
depth - Use of multiple tools and techniques leverages
off strengths and weaknesses - Multiple sensors to detect and prevent intrusions
- No single points of failure
- No single tool or technique guarantees a
secureenvironment
17Defense in Depth
- External Perimeter Defense
- Bro Intrusion Detection System
- Router filtering
- Host shunning
- Network Protection
- Firewalls where appropriate
- Subnet traffic filtering
18Defense in Depth
- Host Level Security
- Periodic host scanning
- Vulnerability eradication
- Anti-virus software
- Education
- Periodic in-house training for NERSC staff
- Education of NERSC users regarding cybersecurity
19Bro (Were watching you)
- High performance intrusion detection system
developed at LBNL and ATT ACRI - Passively monitors a network link
- Taps directly into fiber coming into NERSC
- Records all sessions
- Selectively ignores some information
- i.e. ftp data
- Bro allows us to reconstruct the crime
- Data recorded for unencrypted interactive sessions
20Bro
- Works in conjunction with border router to drop
(shun) hosts at the border - Detects stepping stones
- Compromised system used as a gateway
- Detects backdoors
- i.e. telnet servers on non-standard port
- Detects file sharing systems
- Gnutella, Napster, KaZaa
21Most Common Security Incidents at NERSC
- Sniffed passwords
- Someone gets a hold of a user password
- Externally compromised system
- Exposure via unencrypted means
- Unpatched systems
- New systems (not yet patched)
- Toolkits used to exploit known vulnerabilities
- Visitors and staff unknowingly bring in
vulnerable or pre-hacked systems
22Practicing Safe Computing
- Things you can do to reduce your chance and the
impact of a compromise - By no means is this list exhaustive
- You can follow all these guidelines and still be
hacked - MAINTAIN BACKUPS
- 1 preventive measure
- Make sure your backups are actually backing up
the right thing - Keep your workstation patched
23Practicing Safe Computing
- Use virus protection software on Windows systems
- Remember to update your virus checker at LEAST
once a week - Dont rely on automatic updating
- Eliminate clear text password usage
- Use SSH, scp, sftp where possible
- Dont stepping stone from an unencrypted
session into an encrypted session - i.e. dont telnet from home to work and then from
work SSH into NERSC
24Practicing Safe Computing
- Disable services that are not needed
- Work with your local system administrators to do
this - Unix
- Echo, discard, daytime, telnet, rcp, rsh,
sadmind, dtspcd - Windows
- Disable IIS (just say NO to IIS)
- Disable open shares
- Dont run executable email attachments
- Primary method of spreading viruses
- I Love you virus
- Melissa virus
25Practicing Safe Computing
- Passwords
- Choose a non easily guessed password
- NERSC has guidelines for choosing passwords
- http//hpcf.nersc.gov/policy/password.html
- Mix alphanumeric with special characters
(!_at_()gt?,.l-) - Example
- Use first letters of a saying you can remember
- Non politically correct example Stellar sequence
- Oh, Be A Fine Girl, Kiss Me! o,BaF6,KM!
- If you must expose your clear text password, make
sure its different than your encrypted ones! - DONT share your passwords
26Practicing Safe Computing
- Use encryption wherever possible
- Encrypt your email (especially private
information) - PGP
- Use SSH and SSH tunneling wherever possible
- Remember to use a passphrase on your SSH key
- Encrypt private files
- Ensure deletion of files (especially Windows
systems) - Freeware tools available to securely delete files
27Practicing Safe Computing
- Security isnt only for your office environment
- Home systems are heavily targeted
- Be wary of public systems and networks
- Wireless systems are NOT secure
- Physical security
- Use screensavers with password lock
- Prevents other people from using your system
- Secure all portable electronic devices (Keep your
seatbacks and tray tables in an upright and
locked position) - Laptops, cell phones, PDAs, voicemail
- Keep them with you or lock them down
28Practicing Safe Computing(for the more
adventurous)
- Host based filtering systems
- Windows Platform
- Kerio Firewall
- Zone Alarm
- Linux / Unix
- Ipchains
- tcpwrappers
- Scan your workstation
- Determines vulnerabilities and services enabled
- Contact your local system administrator first
- WARNING Dont scan other peoples workstations!
29Free Scanning Tools
- Nessus
- Server/client model
- Client
- Windows/Java/Unix
- Server
- Unix
- http//www.nessus.org
- Nmap
- Unix/Windows platforms
- http//www.insecure.org
30In Case of Emergency
- Be cyber security aware
- Watch for strange new files
- Odd behavior of your system
- Unexplained accesses to your account
- Processes you cant account for
- Watch what you click
- Are the dancing pigs worth it?
- Report strange occurrences
- Notify your local system administrators
- NERSC mandates users report compromises
- This includes EXTERNAL compromises
31In Case of Emergency
- NERSC will NEVER do the following
- Ask you for your password, even over the phone
- Give your email address to an outside source
without your permission - Never underestimate social engineering
- If in doubt, ask for a call back number and hang
up - Computer security related matters should be
handled via telephone or encrypted email whenever
possible
32In Case of Emergency
- For computer security related emergencies
- Phone NERSC Operations
- 24hrs/day, 7 days a week
- 1 (510) 486-8600
- Email security_at_nersc.gov
- To contact me
- Stephen Lau
- Email slau_at_lbl.gov
- Phone 1 (510) 486-7178
- PGP Key Fingerprint
- 44C8 C9CB C15E 2AE1 7B0A 544E 9A04 AB2B F63F 748B
33 34(No Transcript)
35(No Transcript)