National Energy Research

1
National Energy Research Scientific Computing
Center (NERSC) Computer Security The New
Threats Stephen Lau NERSC Center Division,
LBNL June 24, 2004
2
Overview

• New Threats
• Identity Theft
• Email scams and viruses
• Grid Security
• Combating Threats

3
New Threats

• Threats are evolving
• Response to protection measures
• Increased use of encryption
• Deployment of anti-virus
• Increased use of social engineering
• Security has become everybodys responsibility
• Important Defenses
• Host level protection
• User education

4
Identity Theft

• Someone uses your login credentials without your
  knowledge
• Very difficult for system admins to detect
• They look like you!
• Feeds off of collaborative nature of high
  performance computing
• Users have multiple accounts on massively shared
  systems

5
SSH Basic Overview

• Uses private/public keys
• Encrypted authentication
• Uses passphrase

Remote System
Public Key
Home System
Private Key
Remote System
Public Key
6
How Does It Happen?
Home System
Unsuspecting User
Internal System
Internet
Compromised Host
Imposter
Attacker
Sniffed Traffic
7
Combating Identity Theft

• Reduce amount of stepping stone behavior
• Not always possible
• Be mindful of login times and hostnames
• Dont share accounts and passwords
• Dont place private keys and certificates on
  public systems or public directories
• Report suspicious behavior

8
Encrypt All The Way!
Use SSH across ALL connections
SSH
Home System
NERSC
Remote System
SSH
Telnet rlogin rsh
9
One Time Passwords

• Token based system
• Many systems available
• Many sites pushing ahead with deployment
• NERSC actively investigating impact on users
• Ideally, one token works across multi-labs
• No active plans for deployment yet within NERSC
• Not a cure-all solution!

10
Email Viruses

• NERSC has a virus filter for email
• About 90 effective
• Time lag between release of virus and signature
  development
• Install anti-virus software on systems you use
• Many sites have site licenses
• Make sure it is kept up to date

11
Email Hoaxes aka Phishing

• Email poses as Security Patch or Account
  Support
• Asks for username/password for verification
• Requests that an attachment be run
• Verify any attachment you are not expecting
• NEVER give out your username/password.
• When in doubt, please call NERSC support for
  verification

12
Grid Security

• Protect your private certificates!
• Be mindful where you place them
• Minimize amount of distribution
• Remove them from systems you no longer use
• Use strong passwords.
• Use SSH to access sites with your Grid
  certificates!

13
Host Level Protection

• Please keep your systems up to date
• Especially home systems and shared systems
• Combats identity theft problem
• Install anti-virus software
• Primarily on Windows systems
• Be aware of unexplained changes on your system
• Odd performance
• Strange windows appearing
• System files changed unexpectedly
• authorized_hosts file changes
• Changes to /etc/password or /etc/shadow

14
User Education

• You are the first line of defense against
  incidents.
• Take advantage of your sites security training
• Keep up to date about latest security news
• Be mindful of security when accessing or using
  systems

15
Help Us Help You

• Report suspicious activity
• Strange files or directories
• Unusual login times
• Unverified phone call from NERSC asking for
  passwords or account information
• Report external incidents
• Please report any incidents at sites that you use
  to access NERSC
• Report incidents where you suspect credentials
  are sniffed or stolen

16
Help Us Help You

• Many incidents quickly become multi-site
  incidents.
• Communication is key to containment.
• Please report any incidents that you think might
  affect NERSC.

17
Contact Information

• Stephen Lau
• 1 Cyclotron Road, M/S 943
• Berkeley, CA 94720
• Phone 1 (510) 486-7178
• Email slau_at_lbl.gov
• PGP 44C8 C9CB C15E 2AE1 7B0A 544E 9A04 AB2B F63F
  748B
• NERSC Computer Security
• security_at_nersc.gov
• 1-800-666-3772
• http//www.nersc.gov/nusers/security/