security service challenge security monitoring
play

Security Service Challenge & Security Monitoring Jinny Chien - PowerPoint PPT Presentation

Nov 18, 2022 •653 likes •1.05k views

Enabling Grids for E-sciencE Security Service Challenge & Security Monitoring Jinny Chien Academia Sinica Grid Computing OSCT Security Workshop on 7 th March in Taipei www.eu-egee.org 1 Jinny Chien, ASGC Training and Dissemination

  1. Enabling Grids for E-sciencE Security Service Challenge & Security Monitoring Jinny Chien Academia Sinica Grid Computing OSCT Security Workshop on 7 th March in Taipei www.eu-egee.org 1 Jinny Chien, ASGC Training and Dissemination

  2. Motivation Enabling Grids for E-sciencE • After today’s training, we expect you to understand : – Handle the Incident Response Procedure – Ensure communication channels with the involved admins are in place. – Deal with sudden security attacks – Etc… • Overview – Introduction – Security Service Challenge – Security Monitoring – Conclusion 2 Training and Dissemination Jinny Chien, ASGC

  3. Security Service Challenge (SSC) Enabling Grids for E-sciencE • The objective : The goal of the LCG/EGEE Security Service Challenge, is to investigate whether sufficient information is available to be able conduct an audit trace as part of an incident response, and to ensure that appropriate communications channels are available. • The concept: At first CERN security team submit a testing job to the specific sites and site security contact must according to the clues and reply the answer at the limited time. In general the challenge executed once every year. 3 Training and Dissemination Jinny Chien, ASGC

  4. SSC-Objective Enabling Grids for E-sciencE 4 Training and Dissemination Jinny Chien, ASGC

  5. Stages / Role of SSC Enabling Grids for E-sciencE • Stages of the SSC 1. Security Challenge targeting the principal site of each of the LCG/EGEE Regional Operation Centers(ROC) 2. Security Challenge targeting the individual sites in each ROC • Roles 1. The Test Operator (TOP) : who submits the challenging job, issues the alert, escalates the alert as required and checks the response. 2. The Security Contact of the target site, who receives and acknowledges the alert, makes the necessary investigation and submits the response back to TOP 5 Training and Dissemination Jinny Chien, ASGC

  6. SSC Enabling Grids for E-sciencE The challenge is executed by submitting a Grid Job from a User Interface (UI). • SSC level 1 : – challenges the Workload Management System(WMS) of the Grid: Resource Broker(RB) and Computing Element(CE) • SSC level 2 : – challenges the Storage Elements(SE) on the Grid • SSC level 3 : – challenges the Operational Diligence of the LCG/EGEE Grid Sites • SSC level 4 : coming soon • Materials for SSC – The materials are available for download from https://twiki.cern.ch/ twiki/bin/view/LCG/LCGSecurityChallenge 6 Training and Dissemination Jinny Chien, ASGC

  7. SSC Common Setup Enabling Grids for E-sciencE • SSCs were run in two stages: – Stage 1: targeting the principal sites in the regions – Stage 2: targeting the individual sites in each ROC • The jobs were submitted from an User Interface(UI) to a chosen Grid Computing Element(CE) via a Resource Broker (RB) using standard Grid commands • They consist of a set of small, non-intrusive programs. • Not intrusive, only ‘legal’ operations are executed (job submission), file transfer,…) • No penetration tests, no execution of exploits etc. 7 Training and Dissemination Jinny Chien, ASGC

  8. Enabling Grids for E-sciencE Security Service Challenge 1 8 Training and Dissemination Jinny Chien, ASGC

  9. SSC-1 Objective and Setup Enabling Grids for E-sciencE • SSC-1 (2005- March 2006) targeted the Workload Management System(WMS) : Resource Broker (RB) and Computing Element (CE) • It tested whether sufficient information was available and whether communication channels were sufficiently open. • Did not address the Security Incident Response Procedure • Used Savannah as the vehicle for communication between the Test Operator (TOP) and the Target sites. 9 Training and Dissemination Jinny Chien, ASGC

  10. SSC-1 - Task Enabling Grids for E-sciencE • Given: Time range, IP-address of the target computer, UNIX-UID of challenging job on target • The Sites had to find out 1. The DN of grid-credentials/certificate used by the job submitter? 2. The IP-address of the submitting network device (UI)? 3. The name of the executable which ran on the target computer? 4. The data and the precise time when the executable ran? 10 Training and Dissemination Jinny Chien, ASGC

  11. Sample: SSC-1 Enabling Grids for E-sciencE • Date - 2006-03-08 • Subject: Security Service Challenge • Local date and time of request creation: • and time period of challenge, • 2006-03-08 10:38:39 (CET, UTC+2) • between: 08:23:00 -and- 08:34:00 UTC • Initials of test operator: psa • Virtual Organization (VO): • Dear LCG/EGEE Site Security Officer, • LCG/EGEE siteName: • This e-mail constitutes a security service challenge • alert. You have received this because you have opened • Resource Broker (RB): • an e-mail destined to this site's security officer. In • Regional Operation Center (ROC): • case you are not the security officer of this site, • IP-address of the target computer: • please forward this e-mail to - • lcg00189.grid.sinica.edu.tw • aproc-security@list.grid.sinica.edu.tw • just stating so. This will allow us to improve our • UNIX-UID of challenging job on target: 18118 • procedures, and we thank you in advance. • --- Security_Service_Challenge_Description • …… ------------ • We thank you for your collaboration, • Within the time period indicated above, a security • service challenge was launched on your site. The • UNIX-UID on the target computer as noted above, was • associated with the challenge. Training and Dissemination

  12. SSC-1 in AP Enabling Grids for E-sciencE • Executed time : 2006/3/5 – 2006/3/13 • Targeted Sites :  Australia-UNIMELB-LCG2  GOG-Singapore  INDIACMS-TIFR  LCG_KNU  Taiwan-IPAS-LCG2  Taiwan-NCUCC-LCG2  TOKYO-LCG2,  TW-NCUHEP – Total sites are 8 • The final report – https://twiki.cern.ch/twiki/pub/LCG/SSC1/ SSC_1_Debrief_2006-04-18.pdf 12 Training and Dissemination Jinny Chien, ASGC

  13. Enabling Grids for E-sciencE Security Service Challenge 2 13 Training and Dissemination Jinny Chien, ASGC

  14. SSC-2 Objective and Setup Enabling Grids for E-sciencE • SSC-2 tested the traceability of storage operations (2007). • From the Worker Node (WN) a sequence of seven storage operations have been executed. – lcg_crx, lcg_lgx, lcg_repx, lcg_rx, lcg_cpx, lcg_delx • Did not address the Security Incident Response Procedure • Used the Global Grid User Support (GGUS) as the vehicle for communication between the Test Operator and the Target Sites. 14 Training and Dissemination Jinny Chien, ASGC

  15. SSC-2 - Task Enabling Grids for E-sciencE • Given: User DN, Time range and SE • The Sites had to find out: 1. For each of the identified storage operation, please indicate:  The exact time (UTC).  The type of operation.  The URLs, filenames, catalog names and file paths involved. 2. Please indicate the IP-address of the User Interface (UI) that was used for the Job Submission 15 Training and Dissemination Jinny Chien, ASGC

  16. SSC-2 in AP Enabling Grids for E-sciencE • Executed time : 2007/4/20 – 2007/5/4 • Targeted Sites : – 18 sites, 8 countries • The procedure is http://lists.grid.sinica.edu.tw/apwiki/Security_Service_Challenge? highlight=%28security%29 • The final report could be found https://twiki.cern.ch/twiki/pub/ LCG/SSC2/SSC_2_Stage_2_Report_AsiaPacific.pdf 16 Training and Dissemination Jinny Chien, ASGC

  17. The result of SSC2 Enabling Grids for E-sciencE name atus Reply ack Site n St Stat Re Fe Feedbac Status : Australia-UNIMELB-LCG2 OK YES YES (1) Error – could GOG-Singapore Error NO NO not submit a SSC HK-HKU-CC-01 OK YES YES job IN-DAE-VECC-01 OK NO NO (2) OK – success INDIACMS-TIFR Error NO NO JP-KEK-CRC-01 Error NO NO JP-KEK-CRC-02 OK YES NO Reply : KR-KISTI-GCRT-01 OK YES YES (1) Yes – Reply the LCG_KNU OK YES NO answer NCP-LCG2 OK YES YES (2) No – Not reply PAKGRID-LCG2 OK YES NO the answer Taiwan-IPAS-LCG2 OK YES NO Taiwan-NCUCC-LCG2 OK YES YES TOKYO-LCG2 OK YES YES Feedback : TW-FTT Error NO NO (1) Yes – provide TW-NTCU-HPC-01 OK YES YES the feedback TW-NIU-EECS-01 OK YES NO (2) No – Not TW-NCUHEP OK NO NO provide the feedback Training and Dissemination

  18. Enabling Grids for E-sciencE Security Service Challenge 3 18 Training and Dissemination Jinny Chien, ASGC

  19. Preparing/Running Regional SSC3 Enabling Grids for E-sciencE TestOperator (TOp) is attacker and incident coordinator and ... – Get/Install SSC software from svn repository.  Malicious binary (might need some tweaking)  Job-Submission framework (scripts). Available for gLite, globus (Aashish).  Job-Monitoring webserver. – Certificate, VO and all the rest.  Get a grid certificate (short lived) for the TOp.  Negotiate an identity used for TOp with a VO (this VO has to be supported by all sites).  Make sure the default communication channels to the sites to be challenged work.  Check sufficient queue length/WallClockTime. 72h nice, everything less needs some additional tweaking, but possible. Min. is 12h. 19 Training and Dissemination Jinny Chien, ASGC

  20. SSC-3 Objective and Setup Enabling Grids for E-sciencE • SSC-3 -a more realistic simulation of an incident, it challenges the Operational Responsiveness of LCG/ EGEE Grid Sites. • The Job is launched from a User Interface (UI); – It runs with valid credentials. – Once running, it will exploit its environment to conceal its activities. – Sign of life will be reported through an out-of-band channel. 20 Training and Dissemination Jinny Chien, ASGC

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Including Security Monitoring in Cloud Service Level Agreement (SLA) Amir Teshome Supervisors

Including Security Monitoring in Cloud Service Level Agreement (SLA) Amir Teshome Supervisors

Including Security Monitoring in Cloud Service Level Agreement (SLA) Amir Teshome Supervisors Louis Rilling Christine Morin July 5, 2016 Amir Teshome Including Security Monitoring in Cloud SLA 1 / 11 Introduction SLAs & Security

1.26k views • 57 slides
Security as an App and Security as a Service: New

Security as an App and Security as a Service: New

Security as an App and Security as a Service: New Killer Applica6ons for So9ware Defined Networking? Guofei Gu SUCCESS Lab, Texas A&M

447 views • 42 slides
All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring

All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of Infrastructure Monitoring Systems Andrei Costin EURECOM, France 1 st Workshop on Security & Privacy in the Cloud (SPC) 30 Sep 2015, Florence Italy Agenda

640 views • 63 slides
Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day

Application Security as a Service: Start Your Application Security Initiative in Less than a Day David Harper Practice Principal Fortify on Demand #MicroFocusCyberSummit Agenda The Application Security Problem Security Gate Secure DevOps

37.39k views • 30 slides
CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to

CloudWatcher: Network Security Monitoring Using OpenFlow in Dynamic Cloud Networks (or: How to Provide Security Monitoring as a Service in Clouds?) Seungwon Shin Guofei Gu SUCCESS Lab SUCCESS Lab Texas A&M University Texas A&M

314 views • 6 slides
Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Security Monitoring and Enforcement for the Cloud Model Aryan TaheriMonfared

Infrastructure Architecture for a Cloud IaaS Provider Software Defined Networking and Network Virtualization Network Monitoring Security Enforcement Inter-Domain Routing for Virtualized Networks Security Monitoring and Enforcement for the

795 views • 42 slides
UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE

UCP GROUP Maritime Security Services UCP GROUP ONE SOLUTION ONE PLATFORM ONE SECURITY SERVICE Maritime Security - Commercial Shipping Security - Cruise Liner Security - Super-Yacht Security Maritime Security Services UCP GROUP is a market

247 views • 22 slides
1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

1 Current Security Monitoring Current Network Monitoring Visualization Humans learn visually

Overview The Thin Blue Line: Security SysAdmins Current state of Internet Security Better Tools for System Administration: all metrics show bad -> worse unpatched software vulnerabilities Enhancing the Human-Computer

583 views • 6 slides
secmon Basic Oracle Security Monitoring Basic Oracle Security Monitoring motivation & start

secmon Basic Oracle Security Monitoring Basic Oracle Security Monitoring motivation & start

secmon Basic Oracle Security Monitoring Basic Oracle Security Monitoring motivation & start motivation & start internet security evaluate password cracker to check security of passwords passwords problems problems default

703 views • 27 slides
Agricultural Monitoring for Food Security National Food Security Division, Ministry of

Agricultural Monitoring for Food Security National Food Security Division, Ministry of

Agricultural Monitoring for Food Security National Food Security Division, Ministry of Agriculture, Livestock and Fisheries STARS Results Sharing Workshop Kibo Palace, Arusha Tanzania, July 26-27 2016 Introduction Assessing crop growing

586 views • 12 slides
Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST

www.liberouter.org Tools for Security Analysis of Traffic on L7 Practical course 50th TF-CSIRT meeting and FIRST Regional Symposium for Europe Security Tools as a Service Flow monitoring overview Flow monitoring extended by application layer

1.99k views • 184 slides
Defense Security Service Defense Security Service Cybersecurity Operations Division

Defense Security Service Defense Security Service Cybersecurity Operations Division

UNCLASSIFIED//FOUO Defense Security Service Defense Security Service Cybersecurity Operations Division Counterintelligence UNCLASSIFIED//FOUO UNCLASSIFIED Defense Security Service DSS Mission Capability DSS Supports national security and

490 views • 33 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Service Security by Chris Riley 11/21/2009 www.hkmconsultingllc.com 1 overview Web-based

Service Security by Chris Riley 11/21/2009 www.hkmconsultingllc.com 1 overview Web-based

Service Security by Chris Riley 11/21/2009 www.hkmconsultingllc.com 1 overview Web-based Services (SOAP / REST) challenge organizations in ways similar to web applications. Unlike web applications, service contracts provide simpler

1.21k views • 31 slides
The Widening Talent Gap: The greatest security challenge of our time Presented by: Experis

The Widening Talent Gap: The greatest security challenge of our time Presented by: Experis

INFORMATION SECURITY The Widening Talent Gap: The greatest security challenge of our time Presented by: Experis Information Security Practice Thursday, April 14, 2016 General Information Share the webinar Questions: Submit your

420 views • 14 slides
Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar

Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar

Security of diabetes monitoring apps Research project 1 Security and Network Engineering Edgar Bohte & Roy Vermeulen Why diabetes? 2 3 The upside 4 Smartphone app security 5 Health data confidentiality 6 Diabetes data integrity

645 views • 28 slides
Improve Vehicle Positioning in Cooperative Intelligent Transport Systems (C-ITS) By Mohsen Fadaee

Improve Vehicle Positioning in Cooperative Intelligent Transport Systems (C-ITS) By Mohsen Fadaee

Australian Centre for Space Engineering Research (ACSER) Improve Vehicle Positioning in Cooperative Intelligent Transport Systems (C-ITS) By Mohsen Fadaee Nejad Cooperative Intelligent Transport Systems (C-ITS) A revolution in transport

509 views • 21 slides
Standards vs. Guidelines Guidelines are developed by the Access Board but must be adopted by

Standards vs. Guidelines Guidelines are developed by the Access Board but must be adopted by

www.access-board.gov Public Right-of Way Accessibility Guidelines (PROWAG) Juliet Shoultz, P.E Transportation Systems Engineer US Access Board Standards vs. Guidelines Guidelines are developed by the Access Board but must be adopted by

371 views • 34 slides
CITIES, HEALTH AND WELL-BEING NOVEMBER 2011 Road Traffic Crashes in Indian Cities: Design and

CITIES, HEALTH AND WELL-BEING NOVEMBER 2011 Road Traffic Crashes in Indian Cities: Design and

CITIES, HEALTH AND WELL-BEING NOVEMBER 2011 Road Traffic Crashes in Indian Cities: Design and Planning of cities Geetam Tiwari MoUD Chair Professor Indian Institute of Technology Delhi Urban Age Conference, Hong Kong, 16-17 November, 2011

602 views • 22 slides
diversity

diversity

diversity

296 views • 16 slides
HSCC invited talk, Wednesday 29 March 2006 Hybrid Systems . . . And Everything Else John Rushby

HSCC invited talk, Wednesday 29 March 2006 Hybrid Systems . . . And Everything Else John Rushby

HSCC invited talk, Wednesday 29 March 2006 Hybrid Systems . . . And Everything Else John Rushby Computer Science Laboratory SRI International Menlo Park CA USA John Rushby, SR I . . . and Everything Else: 1 Overview Some of the computer

842 views • 68 slides
Public Hearing IH 35E From: FM 2181 To: US 380 October 20, 2011 Denton, TX IH 35E Corridor

Public Hearing IH 35E From: FM 2181 To: US 380 October 20, 2011 Denton, TX IH 35E Corridor

TxDOT Public Hearing: IH 35E from FM 2181 to US 380 Public Hearing IH 35E From: FM 2181 To: US 380 October 20, 2011 Denton, TX IH 35E Corridor Project Location US 380 FM 2181 PGBT IH 635 October 20, 2011 TxDOT Public Hearing: IH 35E

663 views • 21 slides
Pro-Forestry Counter-Movement Study Overheads 2 3 COUNTER-MOVEMENT HYPOTHESES: VALUES 1.

Pro-Forestry Counter-Movement Study Overheads 2 3 COUNTER-MOVEMENT HYPOTHESES: VALUES 1.

Pro-Forestry Counter-Movement Study Overheads 2 3 COUNTER-MOVEMENT HYPOTHESES: VALUES 1. Preference for anthropocentric values is positively associated with level of identification with the countermovement. 2. Preference for

489 views • 13 slides
CS 10: Problem solving via Object Oriented Programming Winter

CS 10: Problem solving via Object Oriented Programming Winter

CS 10: Problem solving via Object Oriented Programming Winter 2017 Tim Pierson 260 (255) Sudikoff Day 19 PaHern Matching Agenda 1. Regular

817 views • 48 slides

More recommend