using bro to secure your science dmz
play

Using Bro to Secure Your Science DMZ Robin Sommer International - PowerPoint PPT Presentation

Aug 16, 2022 •369 likes •927 views

Using Bro to Secure Your Science DMZ Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin Using Bro to Secure Your Science DMZ Securing Your

  1. Using Bro to Secure Your Science DMZ Robin Sommer International Computer Science Institute, & Lawrence Berkeley National Laboratory robin@icsi.berkeley.edu http://www.icir.org/robin Using Bro to Secure Your Science DMZ

  2. Securing Your Science DMZ Network 100G 10G 10G Internet 100G Science DMZ Switch Campus LAN 100G Transfer/Storage Nodes 2 Using Bro to Secure Your Science DMZ

  3. Securing Your Science DMZ Network 100G 10G 10G Internet 100G Science DMZ 100G Switch Campus LAN 100G Bro Transfer/Storage Nodes 2 Using Bro to Secure Your Science DMZ

  4. The Bro Platform 3 Using Bro to Secure Your Science DMZ

  5. The Bro Platform Open Source BSD License Analysis Traffic Intrusion Vulnerabilit. Traffic Compliance File Analysis Measure- Detection Mgmt Control Monitoring ment Programming Language Standard Library Platform Packet Processing Tap Network 3 Using Bro to Secure Your Science DMZ

  6. Protecting open-science The Bro Platform Open Source networks for 20 years now. BSD License Analysis Traffic Intrusion Vulnerabilit. Traffic Compliance File Analysis Measure- Detection Mgmt Control Monitoring ment Programming Language Standard Library Platform Packet Processing Tap Network 3 Using Bro to Secure Your Science DMZ

  7. Science DMZ Monitoring with Bro Visibility Detection Performance Control Customization 4 Using Bro to Secure Your Science DMZ

  8. Science DMZ Monitoring with Bro Log files Visibility Host-level visibility Detection Performance Control Customization 4 Using Bro to Secure Your Science DMZ

  9. Connections Logs 5 Using Bro to Secure Your Science DMZ

  10. Connections Logs conn.log Timestamp ts 1393099191.817686 Unique ID uid Cy3S2U2sbarorQgmw6a Originator IP id.orig_h 177.22.211.144 Originator Port id.orig_p 48053 Responder IP id.resp_h 115.25.19.26 Responder Port id.resp_p 2811 IP Protocol proto tcp App-layer Protocol service gridftp,ssl Duration duration 8.405155 Bytes by Originator orig_bytes 13490 Bytes by Responder resp_bytes 16127 TCP state conn_state SF Local Originator? local_orig F State History history ShAdDaFf Outer Tunnels tunnel_parents (empty) 5 Using Bro to Secure Your Science DMZ

  11. HTTP http.log ts 1393099291.589208 uid CKFUW73bIADw0r9pl id.orig_h 2a07:f2c0:90:402:41e:c13:6cb:99c id.orig_p 54352 id.resp_h 2406:fe60:f47::aaeb:98c id.resp_p 80 method POST host com-services.pandonetworks.com uri /soapservices/services/SessionStart referrer - user_agent Mozilla/4.0 (Windows; U) Pando/2.6.0.8 status_code 200 username anonymous password - orig_mime_types application/xml resp_mime_types application/xml 6 Using Bro to Secure Your Science DMZ

  12. SSL ts 1443449046.841848 ssl.log uid CEA05l2D7k0BD9Dda2 id.orig_h 1.2.3.4 id.orig_p 59208 id.resp_h 131.243.231.10 id.resp_p 2811 version TLSv12 cipher TLS_RSA_WITH_AES_256_GCM_SHA384 server_name - CN=lrc-xfer.lbl.gov,OU=Services,O=Open subject Science Grid,DC=DigiCert-Grid,DC=com CN=DigiCert Grid CA-1,O=DigiCert issuer Grid,DC=DigiCert-Grid,DC=com client_subject CN=Foo Bar,O=LBNL HPCS,O=Globus,C=US CN=GO HPCS ONLINE,OU=HPCS client_issuer LBNL,DC=LBL,DC=gov cert_hash 197cab7c6c92a0b9ac5f37cfb0699268 validation_status ok 7 Using Bro to Secure Your Science DMZ

  13. Bro Analyzers AYIYA Ident Rlogin BitTorrent Kerberos Rsh DCE_RPC Login SIP DHCP Modbus SMTP DNP3 MySQL SNMP DNS NCP SOCKS DTLS NFS SSH FTP NTP SSL Finger NetBIOS Syslog GTPv1 PE Telnet Gnutella POP3 Teredo HTTP Portmapper X509 ICMP Radius ZIP IRC RDP 8 Using Bro to Secure Your Science DMZ

  14. Host-level Visibility Leverage control over end hosts. 9 Using Bro to Secure Your Science DMZ

  15. Host-level Visibility Leverage control over end hosts. iSSHD Source: NERSC 9 Using Bro to Secure Your Science DMZ

  16. Science DMZ Monitoring with Bro Log files Visibility Host-level visibility Detection Performance Control Customization 10 Using Bro to Secure Your Science DMZ

  17. Science DMZ Monitoring with Bro Log files Visibility Host-level visibility Suspicious activity Detection Intelligence feeds Performance Control Customization 10 Using Bro to Secure Your Science DMZ

  18. Watching for Suspicious Logins 11 Using Bro to Secure Your Science DMZ

  19. Watching for Suspicious Logins SSH::Watched_Country_Login Successful login from an unexpected country. 11 Using Bro to Secure Your Science DMZ

  20. Watching for Suspicious Logins SSH::Watched_Country_Login Successful login from an unexpected country. SSH::Interesting_Hostname_Login Successful login from an unusual host name. smtp.big-university.edu 11 Using Bro to Secure Your Science DMZ

  21. Intelligence Integration Internal Internet Network 12 Using Bro to Secure Your Science DMZ

  22. Intelligence Integration Internal Internet Network Intelligence Traffic Monitoring IP addresses HTTP , FTP , SSL, SSH, FTP , DNS names DNS, SMTP , … URLs File hashes Feeds CIF JC3 Spamhaus Custom/Proprietary 12 Using Bro to Secure Your Science DMZ

  23. Intelligence Integration Internal Internet Network Intelligence Traffic Monitoring IP addresses HTTP , FTP , SSL, SSH, FTP , DNS names DNS, SMTP , … URLs ts 1258565309.806483 File hashes uid CAK677xaOmi66X4Th Feeds id.orig_h 192.168.1.103 id.resp_h 192.168.1.1 CIF note Intel::Notice JC3 indicator baddomain.com Spamhaus indicator_type Intel::DOMAIN Custom/Proprietary where HTTP::IN_HOST_HEADER source My-Private-Feed notice.log 12 Using Bro to Secure Your Science DMZ

  24. Science DMZ Monitoring with Bro Log files Visibility Host-level visibility Suspicious activity Detection Intelligence feeds Performance Control Customization 13 Using Bro to Secure Your Science DMZ

  25. Science DMZ Monitoring with Bro Log files Visibility Host-level visibility Suspicious activity Detection Intelligence feeds Bro Cluster Performance Shunting Control Customization 13 Using Bro to Secure Your Science DMZ

  26. Scaling Bro to 100G Science DMZ 100G Switch 100G Bro 100G 100G Transfer/Storage Nodes 14 Using Bro to Secure Your Science DMZ

  27. Scaling Bro to 100G Science DMZ 100G Switch 100G 100G 100G Transfer/Storage Nodes 14 Using Bro to Secure Your Science DMZ

  28. Scaling Bro to 100G Science DMZ 100G Switch Load-balancer 100G 100G 10G 10G 10G 10G 100G Transfer/Storage Nodes Bro Cluster 14 Using Bro to Secure Your Science DMZ

  29. Scaling Bro to 100G Science DMZ 100G Switch Load-balancer 100G 100G 10G 10G 10G 10G 100G NIC NIC NIC NIC Transfer/Storage Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Nodes Bro Bro Bro Bro Bro Bro Bro Bro Node Node Node Node Bro Cluster 14 Using Bro to Secure Your Science DMZ

  30. Scaling Bro to 100G Science DMZ 100G Switch Load-balancer API 100G Shunting 100G 10G 10G 10G 10G 100G NIC NIC NIC NIC Transfer/Storage Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Nodes Bro Bro Bro Bro Bro Bro Bro Bro Node Node Node Node Bro Cluster 14 Using Bro to Secure Your Science DMZ

  31. 100G Bro at LBNL http://go.lbl.gov/100g 15 Using Bro to Secure Your Science DMZ

  32. Shunting at LBNL 16 Using Bro to Secure Your Science DMZ

  33. Shunting at LBNL 16 Using Bro to Secure Your Science DMZ

  34. Science DMZ Monitoring with Bro Log files Visibility Host-level visibility Suspicious activity Detection Intelligence feeds Bro Cluster Performance Shunting Control Customization 17 Using Bro to Secure Your Science DMZ

  35. Science DMZ Monitoring with Bro Log files Visibility Host-level visibility Suspicious activity Detection Intelligence feeds Bro Cluster Performance Shunting Black- and whitelisting Control Traffic engineering Customization 17 Using Bro to Secure Your Science DMZ

  36. Network Control Science DMZ 100G Switch Load-balancer API 100G Shunting 100G 10G 10G 10G 10G 100G NIC NIC NIC NIC Transfer/Storage Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Nodes Bro Bro Bro Bro Bro Bro Bro Bro Node Node Node Node Bro Cluster 18 Using Bro to Secure Your Science DMZ

  37. Network Control Science DMZ 100G Switch Network Control Load-balancer API 100G 100G 10G 10G 10G 10G 100G NIC NIC NIC NIC Transfer/Storage Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Bro Nodes Bro Bro Bro Bro Bro Bro Bro Bro Node Node Node Node Bro Cluster 18 Using Bro to Secure Your Science DMZ

  38. Blacklisting: “Catch & Release” Dropping 19 Using Bro to Secure Your Science DMZ

  39. Blacklisting: “Catch & Release” Dropping Source: Indiana Unversity 19 Using Bro to Secure Your Science DMZ

  40. Whitelisting: IU’s SciPass 20 Using Bro to Secure Your Science DMZ

  41. Whitelisting: IU’s SciPass Source: Indiana University 20 Using Bro to Secure Your Science DMZ

  42. Upcoming: Bro’s NetControl Framework 21 Using Bro to Secure Your Science DMZ

  43. Upcoming: Bro’s NetControl Framework drop_connection ( connection , timeout ) drop_address ( host , timeout ) shunt_flow ( flow , timeout ) redirect (flow, port, timeout) Backends OpenFlow, iptables, acld; Arista planned. 21 Using Bro to Secure Your Science DMZ

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing

DIMACS Workshop On Secure Routing March 10, 2010 How Secure are Secure How Secure are Secure Interdomain Routing Protocols? Interdomain Routing Protocols? $ $ Sharon Goldberg Microsoft Research & Boston University y Michael Schapira

701 views • 54 slides
Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message

Simple and Communication Complexity Efficient Almost Secure and Perfectly Secure Message Transmission Schemes Yvo Desmedt 1 , 2 Stelios Erotokritou 1 Reihaneh Safavi-Naini 3 1 Department of Computer Science University College London, UK 2

459 views • 33 slides
THE SECURE PROJECT: SOME RESULTS COMING FROM THE RESEARCH OF SCIENCE CURRICULA AND TEACHERS

THE SECURE PROJECT: SOME RESULTS COMING FROM THE RESEARCH OF SCIENCE CURRICULA AND TEACHERS

THE SECURE PROJECT: SOME RESULTS COMING FROM THE RESEARCH OF SCIENCE CURRICULA AND TEACHERS AND LEARNERS OPINIONS ON SCIENCE EDUCATION . Job de Meyere (1) , Dagmara Sokolowska (2) , Elvira Folmer (3) , Barbara Rovsek (4) , Wim Peeters (5)

671 views • 44 slides
Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure

Advanced Tools from Modern Cryptography Lecture 12 MPC: UC-secure OT UC-Secure OT UC-secure OT is impossible (even against PPT adversaries) in the plain model (i.e., without the help of another functionality) But possible from simple

527 views • 16 slides
Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science

Systems and Software Verification Laboratory Secure C Programming: Memory Management Lucas Cordeiro Department of Computer Science lucas.cordeiro@manchester.ac.uk Secure C Programming Lucas Cordeiro (Formal Methods Group)

1.63k views • 144 slides
and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure

CS 1655 / Spring 2010 Secure Data Management and Web Applications 06 Secure Coding Alexandros Labrinidis University of Pittsburgh Secure Coding From: Secure Coding: Principles and Practices by Mark G. Graff & Kenneth R. Van Wyk

753 views • 17 slides
Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

SECUR E SOCIAL, EMOTIONAL, AND COGNITIVE UNDERSTANDING AND REGULATION Created by Success for All, University of Michigan, and Harvard University Be Be Good! Good! WHA WHAT IS T IS SECURE? SECURE? SECURe is a school-wide program designed

957 views • 59 slides
Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is

Secure Coprocessor What is Secure coprocessor: Robust. (A system that is not easily or is not wholly affected by a bug in one aspect of it. ) General-purpose computational environments. Secure temper responsive physical package.

366 views • 14 slides
Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state

One-Slide Summary Users often authenticate themselves by providing passwords. We store and compare hashes of passwords, Semi-Secure Semi-Secure where a hash is a secure one-way function. A cookie is a bit of state associated with a webpage

103 views • 9 slides
How to secure the life science ecosystem in the Greater Copenhagen Region Dr. Peter Hngaard

How to secure the life science ecosystem in the Greater Copenhagen Region Dr. Peter Hngaard

How to secure the life science ecosystem in the Greater Copenhagen Region Dr. Peter Hngaard Andersen Managing Director, IFD November 7th, 2016 r Innovation Fund Denmark - Agenda Jammer kommode I have a dream 2 Knowledge

589 views • 18 slides
Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and

Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and

Fast and Secure Updatable Encryption August 10, 2020 1 Norwegian University of Science and Technology (NTNU), Norway 2 Bergische Universitt Wuppertal, Germany 1 Colin Boyd 1 Gareth T. Davies 2 Kristian Gjsteen 1 Yao Jiang 1 Table of contents

578 views • 46 slides
Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE

Secure Returns SAFE AS A VAULT Secure SECONDS TO UPLOAD Efficient ACCESSIBLE ANYWHERE Convenient What is Secure Returns ? Secure Returns is a secure website where you and your clients can securely upload & download confidential

202 views • 9 slides
SEcure Neighbour Discovery (SEND) Arun Raghavan Department of Computer Science IIT Kanpur

SEcure Neighbour Discovery (SEND) Arun Raghavan Department of Computer Science IIT Kanpur

The Problem SEcure Neighbour Discovery Miscellanea SEcure Neighbour Discovery (SEND) Arun Raghavan Department of Computer Science IIT Kanpur CS625: Advanced Computer Networks Arun Raghavan SEcure Neighbour Discovery (SEND) The Problem

624 views • 44 slides
Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC

Black-Box Constructions of Concurrently Secure Protocols Huijia (Rachel) Lin Rafael Pass MIT & BU Cornell Secure MPC Secure MPC Goal: Allow a set of distrustful parties to compute ANY function f on their own Secure MPC Goal: Allow a set

1.11k views • 98 slides
Who tells you that your secure product is actually secure?

Who tells you that your secure product is actually secure?

Who tells you that your secure product is actually secure? Think about the 6me it stays on the field It went through a security evalua6on

866 views • 28 slides
Secure Grid Services for Cooperative Work in Medicine and Life Science Anette Weisbecker,

Secure Grid Services for Cooperative Work in Medicine and Life Science Anette Weisbecker,

Secure Grid Services for Cooperative Work in Medicine and Life Science Anette Weisbecker, Fraunhofer IAO, Stuttgart International Symposium on Grid Computing Taipei, 11 th April 2008 Overview MediGRID Application Classes and

622 views • 24 slides
Where do trains stay when theyre off duty? NGB/LNMB Seminar on Operations Research and Public

Where do trains stay when theyre off duty? NGB/LNMB Seminar on Operations Research and Public

Where do trains stay when theyre off duty? NGB/LNMB Seminar on Operations Research and Public Transportation Ramon Lentink January 18 th , 2006 ORTEC P.O. Box 490 2800 AL Gouda Groningenweg 6k The Netherlands Tel. +31 (0)182 540 500

384 views • 24 slides
Anodic Aluminium Oxide for Passivation in Silicon Solar Cells School of Photovoltaic &

Anodic Aluminium Oxide for Passivation in Silicon Solar Cells School of Photovoltaic &

Anodic Aluminium Oxide for Passivation in Silicon Solar Cells School of Photovoltaic & Renewable Energy Engineering Zhong Lu Supervisor: Alison Lennon Co-supervisor: Stuart Wenham May. 2015 Outline Introduction to the Research Topic

563 views • 25 slides
UMBC A B M A L T F O U M B C I M Y O R T 1 (4/17/07) I E S R C E O V U

UMBC A B M A L T F O U M B C I M Y O R T 1 (4/17/07) I E S R C E O V U

Digital Systems Terminations I CMPE 650 Terminations From our previous analysis, a cable needs to be terminated when Its long (its length exceeds 1/6 the electrical length of the rising edge) and reflections occur Its short (its

1.15k views • 18 slides
Class E broadband amplifier w ith C-LC shunt netw ork Basic theory, simulation and prototype A.

Class E broadband amplifier w ith C-LC shunt netw ork Basic theory, simulation and prototype A.

San Diego, CA Jan 09 CLASS E RF/MICROWAVE POWER AMPLIFIERS Class E broadband amplifier w ith C-LC shunt netw ork Basic theory, simulation and prototype A. Mediano 1 , K. Narendra 2 , C. Prakash 2 , 1 I3A, University of Zaragoza, Zaragoza, Spain

198 views • 9 slides
EKT 103 KT 103 CHAPTER CHAPTER 5 5 DC Machine Contents Contents Overview of Direct

EKT 103 KT 103 CHAPTER CHAPTER 5 5 DC Machine Contents Contents Overview of Direct

EKT 103 KT 103 CHAPTER CHAPTER 5 5 DC Machine Contents Contents Overview of Direct Current Machines O er ie of Direct C rrent Machines Construction Principle of Operation P i i l f O ti Types of DC Machine Power

1.22k views • 82 slides
Solar cells for energy harvesting A. Kaminski-Cachopo IMEP-LAHC, Grenoble, France 1

Solar cells for energy harvesting A. Kaminski-Cachopo IMEP-LAHC, Grenoble, France 1

Solar cells for energy harvesting A. Kaminski-Cachopo IMEP-LAHC, Grenoble, France 1 Introduction Solar energy conversion in electricity well established thanks to: - continuous increase of solar cells efficiencies - decrease of

437 views • 42 slides
Slide 1 / 31 1 A 60-W light bulb operating on a 120-volt household circuit has a resistance

Slide 1 / 31 1 A 60-W light bulb operating on a 120-volt household circuit has a resistance

Slide 1 / 31 1 A 60-W light bulb operating on a 120-volt household circuit has a resistance closest to A 60 B 120 C 240 D 180 E 360 Slide 2 / 31 2 Which of the following is equivalent to the unit of electrical resistance? A C/V B

550 views • 11 slides
Carbon Nanotube Interconnects Azad Naeemi and James Meindl Georgia Institute of Technology

Carbon Nanotube Interconnects Azad Naeemi and James Meindl Georgia Institute of Technology

Carbon Nanotube Interconnects Azad Naeemi and James Meindl Georgia Institute of Technology Microelectronics Research Center azad@gatech.edu Sponsored by Semiconductor Research Corporation and MARCO Interconnect Focus Center Transistor and

251 views • 23 slides

More recommend