all your cluster grids are belong to us monitoring the in
play

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security - PowerPoint PPT Presentation

Apr 26, 2023 •10 likes •640 views

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy Agenda

  1. All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy

  2. Agenda ● Introduction ● Overview of NMS ● Reconaissance ● Static+Dynamic Analysis ● Vulnerability Analysis ● Countermeasures ● Conclusion

  3. Introduction What is Cloud Computing? "When broken down, cloud computing is a specialized distributed computing model. Building upon the desirable characteristics of cluster, grid, utility , [...] to create a new computing paradigm" J. Idziorek, Exploiting Cloud Utility Models for Profit and Ruin, 2012

  4. Introduction What is HPC?

  5. Introduction What is NMS? ● NMS ● Network Monitoring System ● Monitoring systems for infrastructure, servers and networks

  6. Introduction What is NMS? ● NMS ● Network Monitoring System ● Monitoring systems for infrastructure, servers and networks ● Where used? ● HPC=High-Performance Computing – Grids – Clusters – Federation of Clusters ● Cloud

  7. Introduction What is NMS?

  8. Overview of NMS What are the tools?

  9. Overview of NMS What are the tools? ● Ganglia ”a scalable distributed monitoring system for High-Performance Computing (HPC) systems such as clusters and grids”

  10. Overview of NMS What are the tools? ● Ganglia ”a scalable distributed monitoring system for High-Performance Computing (HPC) systems such as clusters and grids” ● Cacti ”a complete network graphing solution”

  11. Overview of NMS What are the tools? ● Ganglia ”a scalable distributed monitoring system for High-Performance Computing (HPC) systems such as clusters and grids” ● Cacti ”a complete network graphing solution” ● Observium ”an autodiscovering network monitoring platform supporting a wide range of hardware platforms and operating systems including Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and many more. Observium seeks to provide a powerful yet simple and intuitive interface to the health and status of your network”

  12. Overview of NMS How they work?

  13. Overview of NMS Who uses them?

  14. Information Leakage What is leaked?

  15. Information Leakage Attack-Enabler ● OS Details ● CVEs for Kernel ● NIST NVD, CVEdetails

  16. Information Leakage Attack-Enabler ● OS Details ● CVEs for Kernel ● Linux Kernel 2.6.32

  17. Information Leakage Attack-Enabler ● Usernames ● Login Bruteforce ● Social Engineering Emails (e.g., phishing, drive-by) ● Social Engineering Toolkit (SET)

  18. Information Leakage Attack-Enabler ● Commands, Resource Usage ● Mimicry and Blending Attacks ● How? ● Learn normal system status/behaviour – Xn ● When in malicious state Xm , stick as close as possibly to the legitimate state Xn A(Xm) = argmin d(Xm, Xn), s.t., d(Xm, Xn) < D

  19. Recon aissance Types ● Active ● Tools: NMAP, AMAP, Nessus ● Pros: +/- accurate, wide range of info ● Cons: noisy, triggers IPS/IDS

  20. Recon aissance Types ● Active ● Tools: NMAP, AMAP, Nessus ● Pros: +/- accurate, wide range of info ● Cons: noisy, triggers IPS/IDS ● Passive ● Search dorks: Google, Shodan ● Attack: Information Leakage and non-Authorization

  21. Recon aissance Passive ● Google dorks – Ganglia ● intitle:"Cluster Report" ● intitle:"Grid Report" ● intitle:"Node View" ● intitle:"Host Report" ● intitle:"Ganglia:: " ● "Ganglia Web Frontend version 2.0.0"

  22. Recon aissance Passive ● Google dorks – Cacti ● inurl:"/cacti/graph_view.php" ● intitle:"cacti" inurl:"graph_view.php"

  23. Recon aissance Passive ● Google dorks – Cacti

  24. Recon aissance Passive and Recursive ● Google dorks – Cacti → Ganglia

  25. Recon aissance Passive and Recursive ● Google dorks – Cacti → Ganglia ● www.aglt2.org

  26. Recon aissance Passive and Recursive ● Google dorks – Cacti → Ganglia ● www.aglt2.org Job Status Page

  27. Recon aissance Passive and Recursive ● Google dorks – Cacti → Ganglia ● From Cacti reached also to Ganglia!

  28. Recon aissance Passive ● Shodan

  29. Recon aissance Results ● Exposed web interfaces ● 364 Ganglia – ~43K nodes (web info leak) – ~1370 clusters – ~490 grids ● 5K Cacti and 2K Observium

  30. Recon aissance Results ● Exposed web interfaces ● 364 Ganglia – ~43K nodes (web info leak) – ~1370 clusters – ~490 grids ● 5K Cacti and 2K Observium ● Exposed daemons ● ~40K publicly exposed Ganglia gmond nodes (XML Info Leak)

  31. Recon aissance Results

  32. Recon aissance Results ● 43K nodes on 364 Ganglia Web Interfaces

  33. Recon aissance Results ● 43K nodes on 364 Ganglia Web Interfaces ● 120 main kernel versions ● 411 kernel sub-versions

  34. Recon aissance Results ● 43K nodes on 364 Ganglia Web Interfaces ● 120 main kernel versions ● 411 kernel sub-versions ● Kernel version 2.6.32 most popular ● Runs on 38% of the 43K hosts ● Hundreds of vulnerabilities in all 2.6.32 kernels (according to CVEdetails)

  35. Recon aissance Results ● 43K nodes on 364 Ganglia Web Interfaces ● 120 main kernel versions ● 411 kernel sub-versions ● Kernel version 2.6.32 most popular ● Runs on 38% of the 43K hosts ● Hundreds of vulnerabilities in all 2.6.32 kernels (according to CVEdetails) ● Secured kernels ● grsecurity on 9 hosts (only!) ● hardened-sources on 6 hosts (only!)

  36. Recon aissance Results ● amzn kernels on 45 hosts (~0.1%)

  37. Recon aissance Results ● 364 Ganglia Web Frontends ● Only 42 (i.e., 11.5%) run HTTPS ● Only 16 (i.e., 4.4%) run trusted* HTTPS ● *Did not perform tests of weak/flawed HTTPS implementations

  38. Static and Dynamic Analysis ● Static analysis ● ”Static analysis is the process of testing an application by examining its source code, byte code or application binaries for conditions leading to a security vulnerability, without actually running it.” ● Tools ● We use RIPS for Ganglia Web Frontend ( PHP ) ● More tools

  39. Static and Dynamic Analysis ● Dynamic analysis ● ”Dynamic analysis is the process of testing the application by running it.” ● Tools ● We use Arachni Scanner for Ganglia Web Frontend

  40. Static and Dynamic Analysis ● Analysis data ● 25 Ganglia versions (static + dynamic) – 4 JobMonarch plugin versions (static only) ● 35 Cacti versions (static only) ● 1 Observium version (static only)

  41. Static Analysis ● Ganglia ● Between 87 and 145 total reports per version ● Between 43 and 92 XSS reports per version

  42. Static Analysis ● Ganglia ● Between 87 and 145 total reports per version ● Between 43 and 92 XSS reports per version ● Cacti ● Between 189 and 400 total reports per version ● Between 92 and 265 XSS reports per version

  43. Static Analysis ● Ganglia ● Between 87 and 145 total reports per version ● Between 43 and 92 XSS reports per version ● Cacti ● Between 189 and 400 total reports per version ● Between 92 and 265 XSS reports per version ● Observium ● 82 total reports per version ● 52 XSS reports per version

  44. Static Analysis ● Ganglia ● Between 87 and 145 total reports per version ● Between 43 and 92 XSS reports per version ● Cacti ● Between 189 and 400 total reports per version ● Between 92 and 265 XSS reports per version ● Observium ● 82 total reports per version ● 52 XSS reports per version ● Some totals ● 7553 XSS reports ● Manual triage and confirmation does not scale!

  45. Static Analysis

  46. Static and Dynamic Analysis

  47. Static and Dynamic Analysis

  48. Static and Dynamic Analysis

  49. Static and Dynamic Analysis ● 364 Ganglia Web Interfaces ● 193 of them (i.e., 53%) run Ganglia Web ver < 3.5.1

  50. Static and Dynamic Analysis ● 364 Ganglia Web Interfaces ● 193 of them (i.e., 53%) run Ganglia Web ver < 3.5.1

  51. Vulnerability Analysis ● CVE-2012-3448

  52. Vulnerability Analysis ● CVE-2012-3448 ● Exploit DB 38030

  53. Countermeasures ● Periodic upgrade to latest versions ● Need better coding practices for NMS ● Manual patching where applicable

  54. Countermeasures ● Periodic upgrade to latest versions ● Need better coding practices for NMS ● Manual patching where applicable ● Password protect ● E.g., basic HTTP authentication

  55. Countermeasures ● Periodic upgrade to latest versions ● Need better coding practices for NMS ● Manual patching where applicable ● Password protect ● E.g., basic HTTP authentication ● HTTPS ● Not self-signed certificates!

  56. Contributions ● First to systematically analyze at large scale the risks and vulnerabilities posed by the use of web monitoring tools

  57. Contributions ● First to systematically analyze at large scale the risks and vulnerabilities posed by the use of web monitoring tools ● Collected and analyzed the internal details of networks and systems of a large number of grid and cluster environments ● Investigated the risks of such data being openly available to the large public

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Cluster Monitoring System of IHEP Qingbao Hu huqb@ihep.ac.cn Computing Center, Institute of

The Cluster Monitoring System of IHEP Qingbao Hu huqb@ihep.ac.cn Computing Center, Institute of

The Cluster Monitoring System of IHEP Qingbao Hu huqb@ihep.ac.cn Computing Center, Institute of High Energy Physics, Chinese Academy of Sciences International Symposium on Grids and Clouds (ISGC) 2016 Content Overview of IHEPs Monitor

361 views • 25 slides
Fuzzy Clustering Each point x i takes a probability w ij to belong to a cluster C j

Fuzzy Clustering Each point x i takes a probability w ij to belong to a cluster C j

Fuzzy Clustering Each point x i takes a probability w ij to belong to a cluster C j Requirements k w 1 For each point x i , = ij j 1 = m For each cluster C j 0 w m &lt; ij &lt; i = 1 Jian Pei: CMPT 459/741

712 views • 46 slides
Performance Monitoring What is the CCPM? A self-assessment of cluster performance against the 6

Performance Monitoring What is the CCPM? A self-assessment of cluster performance against the 6

Cluster Coordination Performance Monitoring What is the CCPM? A self-assessment of cluster performance against the 6 core cluster functions and Accountability to Affected populations: support service delivery 1. inform the HC/HCT's

720 views • 16 slides
High Performance Network Monitoring Challenges for Grids Les Cottrell , Presented at the

High Performance Network Monitoring Challenges for Grids Les Cottrell , Presented at the

High Performance Network Monitoring Challenges for Grids Les Cottrell , Presented at the Internation Symposium on Grid Computing 2006, Taiwan www.slac.stanford.edu/grp/scs/net/talk05/iscg-06.ppt Partially funded by DOE/MICS for Internet

653 views • 30 slides
WMSMonitor: a tool to monitor gLite WMS/LB cluster status and job workflow Daniele Cesini,

WMSMonitor: a tool to monitor gLite WMS/LB cluster status and job workflow Daniele Cesini,

Enabling Grids for E sciencE Enabling Grids for E-sciencE WMSMonitor: a tool to monitor gLite WMS/LB cluster status and job workflow Daniele Cesini, Danilo Dongiovanni, Enrico Fattibene INFN-CNAF EGEE08 22-26 Sept. 2008 - Istanbul www eu

321 views • 14 slides
Performance Monitoring S O U T H S U D A N N U T R I T I O N C L U S T E R M A R C H A P R

Performance Monitoring S O U T H S U D A N N U T R I T I O N C L U S T E R M A R C H A P R

Cluster Coordination Performance Monitoring S O U T H S U D A N N U T R I T I O N C L U S T E R M A R C H A P R I L 2 0 1 4 J U B A , 6 M A R C H 2 0 1 4 What is the CCPM? A self-assessment of cluster performance against the 6 core

214 views • 17 slides
Event-Sourced Monitoring of Your HTCondor Cluster Kevin Retzke HTCondor Week 23 May 2019

Event-Sourced Monitoring of Your HTCondor Cluster Kevin Retzke HTCondor Week 23 May 2019

Event-Sourced Monitoring of Your HTCondor Cluster Kevin Retzke HTCondor Week 23 May 2019 Traditional Sample-Based Monitoring Collect metrics (e.g. how many jobs are running) at regular intervals Historical trends Throughput

639 views • 17 slides
Digitalisation, automation and monitoring of LV- &amp; MV-Grids Asian Utility Week 2019 Fabian

Digitalisation, automation and monitoring of LV- &amp; MV-Grids Asian Utility Week 2019 Fabian

Digitalisation, automation and monitoring of LV- &amp; MV-Grids Asian Utility Week 2019 Fabian Krek, Head of Sales Fabian Krek +41 79 271 27 71 fkrek@adaptricity.com Challenges of Todays Energy World Digital Transformation Electric

397 views • 16 slides
Cluster Monitoring and Management Tools RAJAT PHULL, NVIDIA SOFTWARE ENGINEER ROB TODD, NVIDIA

Cluster Monitoring and Management Tools RAJAT PHULL, NVIDIA SOFTWARE ENGINEER ROB TODD, NVIDIA

Cluster Monitoring and Management Tools RAJAT PHULL, NVIDIA SOFTWARE ENGINEER ROB TODD, NVIDIA SOFTWARE ENGINEER MANAGE GPUS IN THE CLUSTER Administrators, End users Middleware Engineers Monitoring/Management Tools NVML Nvidia-smi

701 views • 39 slides
Monitoring and Optimization for Smarter Power Grids Georgios B. Giannakis*, Vassilis Kekatos*,

Monitoring and Optimization for Smarter Power Grids Georgios B. Giannakis*, Vassilis Kekatos*,

Monitoring and Optimization for Smarter Power Grids Georgios B. Giannakis*, Vassilis Kekatos*, Nikolaos Gatsis *Digital Technology Center and Dept. of ECE, University of Minnesota Dept. of ECE, The University of Texas at San Antonio

1.74k views • 132 slides
Monitoring Rohit Jnagal Anushree Narasimha Outline Overview Monitoring for containers

Monitoring Rohit Jnagal Anushree Narasimha Outline Overview Monitoring for containers

Container native Monitoring Rohit Jnagal Anushree Narasimha Outline Overview Monitoring for containers Monitoring in a distributed system cAdvisor Application Metrics In cAdvisor Plumbing through a cluster Future

396 views • 27 slides
Monitoring and Measurem ent Cluster FP6, IST, Co-ordination Action Strategic Objective IST-2002-

Monitoring and Measurem ent Cluster FP6, IST, Co-ordination Action Strategic Objective IST-2002-

Monitoring and Measurem ent Cluster FP6, IST, Co-ordination Action Strategic Objective IST-2002- 2.3.1.3 Broadband for all Jan 2004 - Dec 2005 6QM Workshop, Berlin 14.12.2004 Carsten Schmoll, Fraunhofer Institute FOKUS, Berlin MOME

525 views • 13 slides
UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT

UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT

Guillermo del Campo UPM DAY 1: SMART GRIDS TABLE 1: TECHNOLOGICAL CHALLENGES RELATED WITH SMART GRIDS DEVELOPMENT INTERNATIONAL SUMMER SCHOOL SMART GRIDS AND SMART CITIES Barcelona, 6-8 June 2017 Context Dramatic growth of energy

618 views • 16 slides
RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

RECURRENCE WHAT CAUSES CLUSTER HEADACHES? Occasionally referred to as alarm headaches

10/4/18 QUESTIONS : CLUSTER HEADACHES: 1. Have any of you heard of cluster THE WORST PAIN POSSIBLE? headaches? 2. Do you know someone who suffers from cluster headaches? WHAT ARE CLUSTER HEADACHES? TRIGEMINAL NERVE A neurological

514 views • 3 slides
Polygon Filling Goal intensify the pixels that belong to the polygon Issues which pixels belong

Polygon Filling Goal intensify the pixels that belong to the polygon Issues which pixels belong

Polygon Filling Goal intensify the pixels that belong to the polygon Issues which pixels belong to the polygon Approach use a (horizontal) scan line that traverses the polygon intensify the pixels along the spans (the segments of

895 views • 50 slides
Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three

Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three

Cluster Presentation Cluster Presentation EU-EECA ICT Cluster is the joint effort of three FP7-ICT support actions (ISTOK-SOYUZ, SCUBE-ICT, EXTEND) to strengthen the collaboration in ICT research between European Union and Eastern Europe and

3.41k views • 11 slides
Computational Complexity Lecture 6 NL-Completeness and NL=co-NL 1 Story, so far NEXP EXP

Computational Complexity Lecture 6 NL-Completeness and NL=co-NL 1 Story, so far NEXP EXP

Computational Complexity Lecture 6 NL-Completeness and NL=co-NL 1 Story, so far NEXP EXP PSPACE NPSPACE NP P NL L 2 Story, so far Time/Space Hierarchies NEXP EXP PSPACE NPSPACE NP P NL L 2 Story, so far Time/Space

1.49k views • 108 slides
Complement Space Classes Definition coPSPACE = { L : L PSPACE } Logarithmic Space Complexity

Complement Space Classes Definition coPSPACE = { L : L PSPACE } Logarithmic Space Complexity

Complement Space Classes Definition coPSPACE = { L : L PSPACE } Logarithmic Space Complexity coL = { L : L L } Claim: coPSPACE = PSPACE Nabil Mustafa Claim: coL = L All deterministic classes are closed under complement. Computability

805 views • 5 slides
Setting Adaptativity of Stochastic Gradient Descent Aymeric Dieuleveut F. Bach, Non parametric

Setting Adaptativity of Stochastic Gradient Descent Aymeric Dieuleveut F. Bach, Non parametric

Setting Adaptativity of Stochastic Gradient Descent Aymeric Dieuleveut F. Bach, Non parametric stochastic approximation with large step sizes , in the Annals of Statistics Setting : random-design least-squares regression problem in a RKHS

276 views • 3 slides
implementing microservices Remmelt Pit @remmelt_ remmelt@info.nl since 2003 12,000 auctions

implementing microservices Remmelt Pit @remmelt_ remmelt@info.nl since 2003 12,000 auctions

implementing microservices Remmelt Pit @remmelt_ remmelt@info.nl since 2003 12,000 auctions ~2M unique visitors/month modular site &amp; admin &amp; API trouble! scalability trouble! stability basically we wanted to go faster Rapid

394 views • 37 slides
Edge Detection Sanja Fidler Intro to Image Understanding 1 / 70 Finding Waldo Lets revisit

Edge Detection Sanja Fidler Intro to Image Understanding 1 / 70 Finding Waldo Lets revisit

Edge Detection Sanja Fidler Intro to Image Understanding 1 / 70 Finding Waldo Lets revisit the problem of finding Waldo And lets take a simple example image template (filter) Sanja Fidler Intro to Image Understanding 2 / 70 Finding

1.29k views • 111 slides
Leyla Hannbeck Chief Pharmacist Twitter: @LeylaHannbeck NMS statistics: 2014/15 and 2015/16

Leyla Hannbeck Chief Pharmacist Twitter: @LeylaHannbeck NMS statistics: 2014/15 and 2015/16

NMS effective engagement and delivery Leyla Hannbeck Chief Pharmacist Twitter: @LeylaHannbeck NMS statistics: 2014/15 and 2015/16 In the year 2014/15: 775,998 total number of NMS claimed 9,308 (80%) number of pharmacies

656 views • 17 slides
Slide 1 of 7 Slide 2 of 7 Slide 3 of 7 Slide 4 of 7 Slide 5 of 7 Slide 6 of 7 Slide 7 of 7

Slide 1 of 7 Slide 2 of 7 Slide 3 of 7 Slide 4 of 7 Slide 5 of 7 Slide 6 of 7 Slide 7 of 7

Slide 1 of 7 Slide 2 of 7 Slide 3 of 7 Slide 4 of 7 Slide 5 of 7 Slide 6 of 7 Slide 7 of 7

245 views • 7 slides
BayesOD: Bayesian Inference for Fusing Epistemic and Aleatoric Uncertainty in Deep Object

BayesOD: Bayesian Inference for Fusing Epistemic and Aleatoric Uncertainty in Deep Object

BayesOD: Bayesian Inference for Fusing Epistemic and Aleatoric Uncertainty in Deep Object Detectors Box Covariance Regression Box Mean Regression Feature Extractor NMS Classification Sample Object Detector NMS

269 views • 25 slides

More recommend