pakiti
play

PAKITI Patching Status System A Race for Security: Identifying - PowerPoint PPT Presentation

Jul 05, 2023 •222 likes •444 views

EGI-InSPIRE PAKITI Patching Status System A Race for Security: Identifying Vulnerabilities on 50 000 Hosts Faster then Attackers Michal Prochzka 1 , Daniel Kouil 1 , Romain Wartel 2 , Christos Kanellopoulos 3 , Christos Triantafyllidis 3 1

  1. EGI-InSPIRE PAKITI Patching Status System A Race for Security: Identifying Vulnerabilities on 50 000 Hosts Faster then Attackers Michal Procházka 1 , Daniel Kouřil 1 , Romain Wartel 2 , Christos Kanellopoulos 3 , Christos Triantafyllidis 3 1 CESNET, 2 CERN, 3 AUTH ISGC 2011, Taipei 1 03/23/11 www.egi.eu www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE RI-261323

  2. Outline ● The problem ● Vulnerability Management ● Pakiti ● Statistics ● Future 2 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  3. The Problem ● Infrastructure is weak as its weakest point ● One hacked worker node is a big danger for the whole infrastructure ● Attackers usually exploits know vulnerabilities ● Number of attacks made by real hackers are very low ● Robot attacks – botnes, script kiddies ● Software updates are essential ● How to check if a host is properly patched? ● It is easy on the desktop machine ● How to check this on EGI infrastructure? 3 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  4. Vulnerability Management ● Common Vulnerability and Exposures (CVE) ● Each vulnerability has assigned an unique number ● Open Vulnerability and Assessment Language (OVAL) ● Defines conditions under which the vulnerability is applicable ● OS and application vendor software repositories ● Usually provides at least two repositories, for security updates, for other updates (features, ...) ● Patches shouldn't be applied automatically 4 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  5. Pakiti ● Originally developed by Steve Traylen ● Current version uses different model for getting and processing the data ● Tool for monitoring patching status on not only distributed infrastructure ● Provides overview of the software versions on the monitored hosts ● Client-server architecture with lightweight client ● Correlates installed packages with the vulnerability definitions 5 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  6. Pakiti Client ● Bash script running under the user rights ● In compare to the original version, which requires root privileges ● Gathers the list of installed packages, kernel version and hostname ● Using generic OS tools to get these data ● Sends data over HTTPs to the Pakiti server(s) ● Supports server or mutual authentication ● No processing is done on the client 6 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  7. Pakiti Vulnerability Sources ● Pakiti regularly synchronizes its database with the vulnerability sources ● OVAL definitions (RedHat) ● vendor's repositories (SL, SLC, CentOS, ...) ● Sources can be configured using web GUI 7 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  8. Pakiti Data Processing ● Each host report is stored in the DB ● Each package version is compared with the version from the vendor's repository and OVAL definitions ● The results are also stored in the DB ● Synchronous and asynchronous processing ● Synchronous mode provides results in realtime ● Asynchronous mode is suitable for large deployments ● Data are processed on regular basis (e.g. once a day) 8 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  9. Pakiti GUI ● Web based GUI which provides ● List of hosts ● List of domains ● List of sites (EGI case) ● List of installed packages for each host ● Required version and list of CVEs for each package if applicable ● Searching hosts by ● package ● CVE ● Configuration: sources settings, ACLs 9 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  10. Pakiti GUI – List of Hosts 10 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  11. Pakiti GUI – Host's details 11 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  12. Pakiti CVE Tags ● Tag can be assigned to each CVE ● Used for further categorization ● EGI CSIRT uses two tags ● EGI-Critical – the problem must be removed ASAP (7 day deadline) ● EGI-High – the problem is there, but it is hard to exploit or the software is not installed by default ● Hosts can be categorized by these tags ● Quick view on the security status of the infrastructure ● EGI CSIRT receives every day an email with list of sites vulnerable to the CVEs tagged as EGI-Criticial 12 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  13. Pakiti CVE Exceptions ● Vulnerabilities can be fixed by the local patch ● Added unique string to the package version ● Pakiti is then unable to detect these local changes ● Pakiti provides list of all installed package versions for each CVE ● Pakiti administrator can add an exceptions for particular package versions ● These package versions will be omitted 13 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  14. Pakiti Authorization ● Pakiti recognizes three roles: Administrator, Viewer and Anonymous viewer ● Administrator can view all results and can change the configuration ● Viewer can only see the results for his/her site(s) ● Anonymous viewer can view only results defined by the anonymous link ● Generated link with limited scope and validity 14 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  15. Statistics ● EGI Pakiti monitors around 1600 hosts from 306 sites with average 865 installed packages every day ● EGEE ● First incident, it takes more than month to patch the systems - unacceptable ● Second incident, more than 14 days – still unacceptable ● EGI ● Several incidents – less then 7 days to patch the whole infrastructure ● Continuous monitoring which catches anomalies 15 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  16. CVE-2010-4170 Number of Vulnerable Hosts 16 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  17. Number of Vulnerable Hosts in Days www.egi.eu EGI-InSPIRE RI-261323

  18. Pakiti Proxy Client ● Pakiti can be integrated into the existing monitoring infrastructure (e.g. Nagios) ● Pakiti client prints results to the stdout and then monitoring system transfers them using its own mechanisms to the central monitoring server ● Data are then presented to the Pakiti Proxy Client which then sends them on behalf of the monitored host to the Pakiti server ● Each Pakiti Proxy Client has to be authorized 18 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  19. Pakiti Technology ● Pakiti is written in PHP, so it can be easily changed in order to fit the administrator's needs ● Uses MySQL in non-transactional mode ● Users are autheticated by the Apache web server, Pakiti does only authorization 19 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  20. Pakiti v3 ● Reworked from scratch ● Improved performance ● Modular design ● Simplified configuration ● Unified import system for the OVALs and package repositories ● Additional access channels: RPC and CLI ● Additional output formats: CSV, XML 20 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

  21. Thank you. Questions? michalp@ics.muni.cz http://pakiti.sf.net https://pakiti.egi.eu 21 03/23/11 www.egi.eu EGI-InSPIRE RI-261323

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Pakiti Patching Status System Michal Prochzka OSCT F2F Meeting - Amsterdam www.eu-egee.org

Pakiti Patching Status System Michal Prochzka OSCT F2F Meeting - Amsterdam www.eu-egee.org

Enabling Grids for E-sciencE Pakiti Patching Status System Michal Prochzka OSCT F2F Meeting - Amsterdam www.eu-egee.org INFSO-RI-508833 History Enabling Grids for E-sciencE Yumit Written by Steve Traylen (RAL) Client has to

596 views • 23 slides
ALPR Camera Replacement Sponsored by Control Module, Inc Gavin Colwell Cavin Farley Zachary

ALPR Camera Replacement Sponsored by Control Module, Inc Gavin Colwell Cavin Farley Zachary

ECE SD Team 2010 ALPR Camera Replacement Sponsored by Control Module, Inc Gavin Colwell Cavin Farley Zachary Murtishi Background ALPR (automatic license plate recognition) systems are becoming common in access control solutions Our sponsor,

715 views • 18 slides
Project Plan Oculus Rift Inspection and Training Tool The Capstone Experience Team Union Pacific

Project Plan Oculus Rift Inspection and Training Tool The Capstone Experience Team Union Pacific

Project Plan Oculus Rift Inspection and Training Tool The Capstone Experience Team Union Pacific Michael Aughton Sam Berndt Grant King Mitch Leinbach William Norman Department of Computer Science and Engineering Michigan State University

227 views • 12 slides
TexProtects Tutorials Project Partner: TexProtects Project Name: TexProtects Tutorials Team

TexProtects Tutorials Project Partner: TexProtects Project Name: TexProtects Tutorials Team

TexProtects Tutorials Project Partner: TexProtects Project Name: TexProtects Tutorials Team Introduction Jacob Lancaster Mauhib Iqbal Role: Project Leader Role: Project Manager Field: Computer Science Field: Computer Engineering Steven

485 views • 19 slides
Meeting Goals International Hydrographic Organization S100WG4 Aalborg, Denmark, February

Meeting Goals International Hydrographic Organization S100WG4 Aalborg, Denmark, February

S100 Working Group 4 Meeting Goals International Hydrographic Organization S100WG4 Aalborg, Denmark, February 27-March 1 Organisation Hydrographique Internationale Welcome Delegates 18 Member States 15 Expert Contributors and other

169 views • 14 slides
the compelling alternative What is Cyber Security? Definition used: Protection of information

the compelling alternative What is Cyber Security? Definition used: Protection of information

the compelling alternative What is Cyber Security? Definition used: Protection of information systems (hardware, software and associated infrastructure), the data on them and the services they provide, from unauthorised access, harm or misuse .

418 views • 25 slides
Open-Source Web Server Identification In The IPv4 Address Space: Side-Channeling HTTP Ruben van

Open-Source Web Server Identification In The IPv4 Address Space: Side-Channeling HTTP Ruben van

Open-Source Web Server Identification In The IPv4 Address Space: Side-Channeling HTTP Ruben van der Ham 04.07.2019 Background Pipeline Overview Identification Evaluation Conclusion Background RFC2616 Server:

315 views • 17 slides
Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland

Cybersecurity A presentation to the National Association of Black Accountants Cleveland Chapter Contents Cybersecurity and risk management 1 Cybersecurity and the regulatory 2 environment Cybersecurity and the audit 3 4 Appendix

685 views • 37 slides
Corporate Culture: One Beggars Attempt At Mormonism Mormon Studies Conference Presentation

Corporate Culture: One Beggars Attempt At Mormonism Mormon Studies Conference Presentation

Corporate Culture: One Beggars Attempt At Mormonism Mormon Studies Conference Presentation April 2012 Daymon M. Smith

190 views • 7 slides
Avon Community School Corporation Grades 7-9 Student Introduction What is NWEA? NWEA is a

Avon Community School Corporation Grades 7-9 Student Introduction What is NWEA? NWEA is a

Avon Community School Corporation Grades 7-9 Student Introduction What is NWEA? NWEA is a test to measure your academic progress. Achievement tests Delivered by computer How does the NWEA test work? Questions appear on your

285 views • 13 slides
See What Matters Basic Function Keys Home Button Settings Scroll Bar Terms from Document

See What Matters Basic Function Keys Home Button Settings Scroll Bar Terms from Document

See What Matters Basic Function Keys Home Button Settings Scroll Bar Terms from Document Refresh Back Search Forward Function Analysis Search by Highlighting Text 1) Highlight Term in Document Text 2) Click Search Function

288 views • 17 slides
Inserting a YouTube video into a PowerPoint Presentation Follow these steps to embed a YouTube

Inserting a YouTube video into a PowerPoint Presentation Follow these steps to embed a YouTube

Inserting a YouTube video into a PowerPoint Presentation Follow these steps to embed a YouTube video into a PowerPoint slide that will play when you run your presentation. This tutorial is using PowerPoint 2010. 1. Open the YouTube video you wish

460 views • 3 slides
REMIT Inside Information Platform Key Principles: Market Participants are responsible

REMIT Inside Information Platform Key Principles: Market Participants are responsible

REMIT Inside Information Platform Key Principles: Market Participants are responsible for the publication of Inside Information that they hold to the wider market, before they trade on it. Inside Information should be available to

620 views • 4 slides
Take todays poll to get ready for our meeting @TCNJCloudProj Introduction Who we are &

Take todays poll to get ready for our meeting @TCNJCloudProj Introduction Who we are &

Follow TCNJ Cloud Project on Twitter! Take todays poll to get ready for our meeting @TCNJCloudProj Introduction Who we are & whats our role in project? Devon Manfredo Jessica Lamboy Why are we here today? And now, a

378 views • 17 slides
Pipeline Status at the Start of Cycle 4 Crystal Brogan 1 Calibration Pipeline

Pipeline Status at the Start of Cycle 4 Crystal Brogan 1 Calibration Pipeline

Pipeline Status at the Start of Cycle 4 Crystal Brogan 1 Calibration Pipeline Performance Calibration Pipeline in production use for Cycle 2 and 3 for standard observing modes

354 views • 17 slides
1 2 3 4 5 For certain users, when selecting items in the Enterprise Menu, the Menu will be

1 2 3 4 5 For certain users, when selecting items in the Enterprise Menu, the Menu will be

1 2 3 4 5 For certain users, when selecting items in the Enterprise Menu, the Menu will be shrunk horizontally and text will only be viewable by using the scroll bar at the bottom of the page. 6 In the previous release users security

527 views • 31 slides
PARCC By Roger Nepton and Edwin Salcedo PARCC GETTING STARTED The following slides will

PARCC By Roger Nepton and Edwin Salcedo PARCC GETTING STARTED The following slides will

PARCC By Roger Nepton and Edwin Salcedo PARCC GETTING STARTED The following slides will demonstrate the log in and exiting procedures. LOGGING IN They will need to sign in. During our practice runs we do not sign in. Logging in,

1.03k views • 41 slides
PRESENTATION ON SMART PHONE RECORD YOUR VIDEO WITH PRESENTATION ON SMART PHONE What do you need

PRESENTATION ON SMART PHONE RECORD YOUR VIDEO WITH PRESENTATION ON SMART PHONE What do you need

RECORD YOUR VIDEO WITH PRESENTATION ON SMART PHONE RECORD YOUR VIDEO WITH PRESENTATION ON SMART PHONE What do you need PowerPoint/Google Slide Screen recorder FOLLOW THESE SIMPLE STEPS Create your presentation with PowerPoint or Google slide

399 views • 29 slides
Abi bility Eligibility C Chec hecker er W Walk T Thr hrough Head to

Abi bility Eligibility C Chec hecker er W Walk T Thr hrough Head to

Abi bility Eligibility C Chec hecker er W Walk T Thr hrough Head to https://www.myabilitynetwork.com/ Click on Eligibility, then click on Make an Eligibility Request Click Select Click Medicare (HETS) from the

169 views • 13 slides
INTERACTIVE PHYSICS INSTRUCTIONAL MODULE-10 Lean Institute - ODU 1 MarineT ech 2009 -2011

INTERACTIVE PHYSICS INSTRUCTIONAL MODULE-10 Lean Institute - ODU 1 MarineT ech 2009 -2011

MarineT ech 2009 -2011 STEM Preparation through Marine Engineering, Science and Technology Experiences INTERACTIVE PHYSICS INSTRUCTIONAL MODULE-10 Lean Institute - ODU 1 MarineT ech 2009 -2011 STEM Preparation through Marine Engineering,

1.35k views • 75 slides
THE PROCESS OF RESPONDING TO THE ITEM ? Algebra I Biology English II Totals PE SR PE SR PE

THE PROCESS OF RESPONDING TO THE ITEM ? Algebra I Biology English II Totals PE SR PE SR PE

M ISSOURI EOC A SSESSMENTS TAC M EETING C OG L ABS , F IELD T RIAL , AND A DMINISTRATION August 22, 2013 T OPICS Cog Labs SR Field Trial Tool Enhancements Administration 2 C OG L ABS Purposes To gain insight into the cognitive process

365 views • 35 slides
Outpatient Quality Reporting Program Support Contractor Tools for Success: Resources for the

Outpatient Quality Reporting Program Support Contractor Tools for Success: Resources for the

Outpatient Quality Reporting Program Support Contractor Tools for Success: Resources for the Hospital OQR Program Presentation Moderator: Tamara Heron, MBA, Project Coordinator Outpatient Quality Reporting Outreach & Education Support

512 views • 15 slides
State Dashboards June 26, 2017 NY Sample School-At-A-Glance 2 Thinking Aloud 1. Quickly

State Dashboards June 26, 2017 NY Sample School-At-A-Glance 2 Thinking Aloud 1. Quickly

State Dashboards June 26, 2017 NY Sample School-At-A-Glance 2 Thinking Aloud 1. Quickly form pairs 2. We are presenting you with two different At a Glance reports for either K-8 or HS 3. One Regent will be the recorder and one

785 views • 37 slides
The Basics of Mand Training August 2, 2016 National Autism Conference Penn State University

The Basics of Mand Training August 2, 2016 National Autism Conference Penn State University

The Basics of Mand Training August 2, 2016 National Autism Conference Penn State University Mike Miklos Pennsylvania Training and Technical Assistance Network Pennsylvania Training and Technical Assistance Network What is a Mand? In

934 views • 67 slides

More recommend