isgc 2017 security workshop
play

ISGC 2017 Security Workshop Sven Gabriel Security Incident - PowerPoint PPT Presentation

Nov 10, 2022 •298 likes •703 views

ISGC 2017 Security Workshop Sven Gabriel Security Incident handling in Federated Clouds www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142 Introduction CSIRT 2017 March

  1. ISGC 2017 Security Workshop Sven Gabriel Security Incident handling in Federated Clouds www.egi.eu EGI-Engage is co-funded by the Horizon 2020 Framework Programme of the European Union under grant number 654142

  2. Introduction CSIRT 2017 March 5 2

  3. Introduction Security in Distributed Infrastructures Incident Prevention Incident/Intrusion Detection Incident Response (IR) IR Communications Containment Forensics CSIRT 2017 March 5 3

  4. Security in Distributed Infrastructures CSIRT 2017 March 5 4

  5. Security and Business Models Why bother about Security, another business model Cyberbunker: Mind Your Own Business policy CSIRT 2017 March 5 5

  6. Security in Distributed Infrastructures Why bother about Security Security always has in impact how users experience services. How much you want to care about security is dependent on your business model. This has a serious impact and is a management decision, see for example: http://www.nytimes.com/2016/09/29/technology/yahoo-data-breach-hacking.html?_r=1 CSIRT 2017 March 5 6

  7. Security and Users/Customers How to sell security to the users/customers Some sociology: https://static.googleusercontent.com/media/research.google.com/en//pubs/archive/43265.pdf http://www.nature.com/news/how-to-hack-the-hackers-the-human-side-of-cybercrime-1.19872 CSIRT 2017 March 5 7

  8. Security and Users/Customers Examples from our Infra • Request to patch, . . . • You use our service from an unknown location, . . . • no, we can’t give you root on the compute cluster • no, we will not install your preferred editor on our supercomputer CSIRT 2017 March 5 8

  9. Goal: keep Users/Customers happy Ingredients • Have a clear set of agreed policies (ex. AUP) • Be transparent on why certain actions are requested (Advisories) • Use the proper ’language’ for the intended recipient (Admin/User) • Be prepared to deal with frustrated / swamped users. CSIRT 2017 March 5 9

  10. Security Incidents Incidents, finally . . . CSIRT 2017 March 5 10

  11. Security Incidents in Distributed Infrastructures Definition 1 : A security incident is the act of violating an explicit or implied security policy (ex: local security policy, EGI Acceptable Use Policy) ( https://documents.egi.eu/public/ShowDocument?docid=47 ) • Who violates policies? • Criminals: Automated Attacks, compromised systems rented out for illegal activities (Botnet, used for ddos, spam, distribute malware etc). • Hacktivism, Creative young people • Insiders, Users CSIRT 2017 March 5 11

  12. How attackers access the infra • External, unauthenticated Most serious, needs to be prevented • External, authenticated Ex: stolen Credentials • Local, authenticated Also: Impersonation Vulnerabilities CSIRT 2017 March 5 12

  13. Security in Distributed Infrastructures • Incident Prevention • Incident/Intrusion Detection (also Tue. 16:00, Fyodor, Watz) • Incident Response (Vincent) CSIRT 2017 March 5 13

  14. Who can Work on Security ... CSIRT 2017 March 5 14

  15. Incident Prevention CSIRT 2017 March 5 15

  16. Infrastructure Housekeeping Vulnerability Handling Process: • Vulnerability Detection (often external sources) • Assessment (SVG/RAT) → Criticality • If Critical, develop: HeadsUp/Advisory, Security Monitoring • All Sites need to take action (patch/mitigate) • Follow up (Ticketing) • Monitor the Infrastructure CSIRT 2017 March 5 16

  17. Infrastructure Housekeeping Why: • Prevent being victim of standard attacks (check your logs, a lot background noise) • Clean-Up of an incident is expensive! • Provide an environment where users are ”protected” from each other. • If the infra is not usable/working (for whatever reason) will result in funding issues. CSIRT 2017 March 5 17

  18. Goal: Reducing Security Incidents Number of incidents using grid technology CSIRT 2017 March 5 18

  19. Goal: Reducing Security Incidents Number of incidents using grid technology 1 CSIRT 2017 March 5 18

  20. Grid/Cloud differences • Admin / User role separated in Grid • Grid Admins are Linux Systems experts • Grid Software is verified against EGI’s current Quality Criteria (UMD) • FedCloud RCs (up to Hypervisor, Network) are managed by Admins • VMs are managed by the Users CSIRT 2017 March 5 19

  21. Some Cloud Security Non System Experts (Users) are admins of their Infrastructure they deploy in the cloud. • To mitigate this risk VM Endorsement Policy was developed. • Distinguish between VM Operators/Users • Provide the users with endorsed secure VMs CSIRT 2017 March 5 20

  22. Incident/Intrusion Detection CSIRT 2017 March 5 21

  23. Incident/Intrusion Detection Tue 16:00 Identifying Suspicious Network Activities in Grid Network Tue 16:30 Modern Monitoring Systems (Watz) CSIRT 2017 March 5 22

  24. Incident Response (IR) CSIRT 2017 March 5 23

  25. IR Requirements • Know your perimeter: Security Policies https://wiki.egi.eu/wiki/Security_Policy_Group • Know your Infrastructure, who has which role, what are the communication endpoints. • Have an Incident Response Procedure ( https://wiki.egi.eu/wiki/SEC01 ) CSIRT 2017 March 5 24

  26. Actors and Roles • Site Security Contact • EGI-CSIRT Security Officer on Duty • User • VO-Security Contact • External party CSIRT 2017 March 5 25

  27. IR Communications CSIRT 2017 March 5 26

  28. IR Communications Questions: • You know now the actors, where do you get the contacts? CSIRT 2017 March 5 27

  29. IR Communications Questions: • You know now the actors, where do you get the contacts? • You know that the contacts are in http://goc.egi.eu/ and https://operations-portal.egi.eu/vo/security CSIRT 2017 March 5 27

  30. IR Communications Questions: • You know now the actors, where do you get the contacts? • You know that the contacts are in http://goc.egi.eu/ and https://operations-portal.egi.eu/vo/security • So, . . . what will you ask? . . . report? CSIRT 2017 March 5 27

  31. IR Communications Questions: • You know now the actors, where do you get the contacts? • You know that the contacts are in http://goc.egi.eu/ and https://operations-portal.egi.eu/vo/security • So, . . . what will you ask? . . . report? • , see https://wiki.egi.eu/wiki/EGI_CSIRT: Incident_reporting • Or CSIRT 2017 March 5 27

  32. IR Communications Questions: • You know now the actors, where do you get the contacts? • You know that the contacts are in http://goc.egi.eu/ and https://operations-portal.egi.eu/vo/security • So, . . . what will you ask? . . . report? • , see https://wiki.egi.eu/wiki/EGI_CSIRT: Incident_reporting • Or just contact abuse .at. egi.eu CSIRT 2017 March 5 27

  33. Containment CSIRT 2017 March 5 28

  34. Containment • Stop the incident! How? CSIRT 2017 March 5 29

  35. Containment • Stop the incident! How? • Stop a DN submitting new jobs/starting VMs CSIRT 2017 March 5 29

  36. Containment • Stop the incident! How? • Stop a DN submitting new jobs/starting VMs • Central Argus system CSIRT 2017 March 5 29

  37. Containment • Stop the incident! How? • Stop a DN submitting new jobs/starting VMs • Central Argus system • For the forensics see Vincents talk CSIRT 2017 March 5 29

  38. Forensics CSIRT 2017 March 5 30

  39. Forensics Talk: Computer Forensics Analysis (FyodorVincent) • What went wrong • How to detect it • How to react to it . . . CSIRT 2017 March 5 31

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security Workshop @ ISGC 2010,

Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security Workshop @ ISGC 2010,

Update on Security Policy David Kelsey (RAL) 7 Mar 2010 Security Workshop @ ISGC 2010, Taipei david.kelsey at stfc.ac.uk Overview Why do we need security policies? Joint Security Policy Group (JSPG) Some history

408 views • 28 slides
Building a minimum viable Security Operations Centre ISGC 2019, 2 nd April 2019 Introduction

Building a minimum viable Security Operations Centre ISGC 2019, 2 nd April 2019 Introduction

Building a minimum viable Security Operations Centre ISGC 2019, 2 nd April 2019 Introduction Building on previous presentations at ISGC 2017, 2018 Present current status of work ISGC 2019, 2 nd April 2019 ISGC 2019, 2 nd April 2019

472 views • 34 slides
Manage Security Incident Mingchao Ma STFC RAL, UK ISGC 2010 Security Workshop 7 th March

Manage Security Incident Mingchao Ma STFC RAL, UK ISGC 2010 Security Workshop 7 th March

Manage Security Incident Mingchao Ma STFC RAL, UK ISGC 2010 Security Workshop 7 th March 2010 Overview Actively manage incident handling Be ready BEFORE an incident Based on NIST SP800-61rev1 recommendation

466 views • 32 slides
Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security

Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security

WLCG Group Understanding and preventing common attacks Romain Wartel 7th March 2010, ISGC Security Workshop, Taiwan. 1 Overview Underground market The main motive behind most security attacks: money. 3 Exposure and motivation Grids

434 views • 25 slides
Security and Trust in an Industrial Grid Project ISGC 2011 (23 March 2011, , Taiwan)

Security and Trust in an Industrial Grid Project ISGC 2011 (23 March 2011, , Taiwan)

Security and Trust in an Industrial Grid Project ISGC 2011 (23 March 2011, , Taiwan) Andreas Schreiber <Andreas.Schreiber@dlr.de> German Aerospace Center (DLR), Cologne http://www.dlr.de/sc Folie 1 ISGC 2011 > Andreas

450 views • 26 slides
Grid Operational Security: from EGEE to EGI Mingchao Ma STFC RAL, UK ISGC 2010, Taipei,

Grid Operational Security: from EGEE to EGI Mingchao Ma STFC RAL, UK ISGC 2010, Taipei,

Grid Operational Security: from EGEE to EGI Mingchao Ma STFC RAL, UK ISGC 2010, Taipei, Taiwan Overview Current EGEE operational security Transition - a regional view ROC in EGEE NGI in EGI Challenges in EGI and

638 views • 19 slides
Creating a trust-group for security information sharing (in Asia Pacific?) Romain Wartel, ISGC

Creating a trust-group for security information sharing (in Asia Pacific?) Romain Wartel, ISGC

Creating a trust-group for security information sharing (in Asia Pacific?) Romain Wartel, ISGC 2018, Taipei, 20 March 2018 Indicators of compromise Examples of indicators: IP or domain names May be shared and used for legitimate

338 views • 18 slides
Operational Security in EGEE Romain Wartel, CERN IT EGEE Operational Security Coordination Team

Operational Security in EGEE Romain Wartel, CERN IT EGEE Operational Security Coordination Team

Enabling Grids for E-sciencE Operational Security in EGEE Romain Wartel, CERN IT EGEE Operational Security Coordination Team http://www.eu-egee.org/security/ International Symposium on Grid Computing (ISGC) 2008 Academia Sinica, Taipei, 7 - 11

362 views • 14 slides
ISGC - - Academia Academia Sinica Sinica ISGC 28 July 2004 28 July 2004 Iosif Legrand

ISGC - - Academia Academia Sinica Sinica ISGC 28 July 2004 28 July 2004 Iosif Legrand

ISGC - - Academia Academia Sinica Sinica ISGC 28 July 2004 28 July 2004 Iosif Legrand Legrand Iosif California Institute of Technology July 2004 Iosif Legrand Monitoring Services An essential part of managing a global Data

569 views • 28 slides
NeIC EISCAT_3D support project: Nordic computing challenge John White NeIC ISGC 2017, Taipei,

NeIC EISCAT_3D support project: Nordic computing challenge John White NeIC ISGC 2017, Taipei,

NeIC EISCAT_3D support project: Nordic computing challenge John White NeIC ISGC 2017, Taipei, March 9 th 2017 1 Introduction Solar-terrestrial connection and EISCAT EISCAT_3D project Nordic e-Infrastructure Collaboration (NeIC)

532 views • 29 slides
f Lothar A T Bauerdick Fermilab ISGC 2004 July 27, 2004 f U.S. Grids Science Drivers

f Lothar A T Bauerdick Fermilab ISGC 2004 July 27, 2004 f U.S. Grids Science Drivers

Grid-3 and the Open Science Grid in the U.S. LATBauerdick, Fermilab International Symposium on Grid Computing ISGC 2004 Academia Sinica, Taipei, Taiwan f Lothar A T Bauerdick Fermilab ISGC 2004 July 27, 2004 f U.S. Grids

740 views • 35 slides
SES, Moving security messages throughout the ether. Workshop on GENI and Security

SES, Moving security messages throughout the ether. Workshop on GENI and Security

SES, Moving security messages throughout the ether. Workshop on GENI and Security UC-Davis, January 2009 Doug Pearson / Wes Young Addressing the Workshop question: How can GENI itself be adequately secured and protected from

471 views • 16 slides
Docker Security Workshop Goals of this Workshop Understand and get Understand and get

Docker Security Workshop Goals of this Workshop Understand and get Understand and get

Docker Security Workshop Goals of this Workshop Understand and get Understand and get comfortable with Docker comfortable with Linux security technologies security technologies Swarm Mode Security AppArmor Secrets Management seccomp

1.94k views • 147 slides
CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D

CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D

CCC Leadership in Embedded Security Workshop 2017 Tomas Vagoun Cybersecurity R&D Coordinator Na4onal Coordina4on Office for NITRD Strategic Plan for Federal Cybersecurity R&D Federal Cybersecurity R&D Goals S&T for effec5ve

530 views • 5 slides
23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop

23-25, August, 2017 @ Taipei.TW 2017 Belle II TRG/DAQ workshop An Announcement 0. workshop place 1. workshop major targets 2. schedule, lunch boxes, banquet 3. your badge 4. weather forecast 5. workshop photo 6. scenery after workshop

256 views • 11 slides
EWG on Maritime Security Brunei Darussalam and New Zealand Co-Chairs 2014 2017 ADMM-PLUS EWG

EWG on Maritime Security Brunei Darussalam and New Zealand Co-Chairs 2014 2017 ADMM-PLUS EWG

Progress Report on the ADMM-Plus EWG on Maritime Security Brunei Darussalam and New Zealand Co-Chairs 2014 2017 ADMM-PLUS EWG ON MARITIME SECURITY 2014-2017 Work Plan ADMM-PLUS EWG ON MARITIME SECURITY Counter-Piracy Workshop 2014 June

773 views • 19 slides
TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies

TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.OR G TCIPG TECHNICAL CLUSTERS AND THREADS Trustworthy Trustworthy Technologies for Wide Technologies for Local Responding To and Trust Assessment Area Monitoring and Area

291 views • 8 slides
HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST 17+ 200+ 70+ 5

HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST 17+ 200+ 70+ 5

HOW TO CONNECT VEHICLE IN SAFE AND SECURE WAY MIKKO HURSKAINEN TECHNOLOGIST 17+ 200+ 70+ 5 YEARS IN AUTOMOTIVE TOP NOTCH LOCATIONS EMBEDDED SOFTWARE PROFESSIONALS AROUND SOFTWARE PROJECTS BUILDING THE GLOBE BUSINESS DELIVERED

616 views • 34 slides
Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood

Efficient Packet Classification for Intrusion Detection Using FPGA Haoyu Song, John W. Lockwood Applied Research Lab : Reconfigurable Network Group Department of Computer Science and Engineering

214 views • 9 slides
Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what

Side-channel based intrusion detection for industrial control systems I have no idea what this device is doing, but at least its still doing the same thing. CRITIS 2017, October 9 th , 2017 Pol Van Aubel 1/31 Authors Joint work:

928 views • 31 slides
Business Continuity at DESY a collection of themes and thoughts covering among others

Business Continuity at DESY a collection of themes and thoughts covering among others

Business Continuity at DESY a collection of themes and thoughts covering among others measures, procedures and dependencies Peter van der Reest, Yves Kemp, DESY IT Hepix Spring 2014, 21.05.2014 General DESY risk assessment > DESY

469 views • 15 slides
Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian

Software Security VMI (Virtual Machine Introspection) / VMM-based Intrusion Prevention Julian Vetter Prof. Jean-Pierre Seifert Security in Telecommunications TU Berlin SoSe 2016 julian (sect) Software Security SoSe 2016 1 / 21

220 views • 21 slides
Goals of IDS Detect wide variety of intrusions Previously known and unknown attacks

Goals of IDS Detect wide variety of intrusions Previously known and unknown attacks

Goals of IDS Detect wide variety of intrusions Previously known and unknown attacks Suggests need to learn/adapt to new attacks or changes in behavior Detect intrusions in timely fashion May need to be be real-time,

638 views • 29 slides
Outline Intrusion detection systems CSci 5271 Malware and the network Introduction to Computer

Outline Intrusion detection systems CSci 5271 Malware and the network Introduction to Computer

Outline Intrusion detection systems CSci 5271 Malware and the network Introduction to Computer Security Announcements intermission Day 22: Malware and Denial of Service Stephen McCamant Denial of service and the network University of

684 views • 10 slides

More recommend