How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France)

Slides:



Advertisements
Similar presentations
Presented by Nikita Shah 5th IT ( )
Advertisements

Secure and Web Browsing Sébastien Dellabella – Computer Security Team.
4 th Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 4 th (CS) 2 /HEP Workshop,
Being Proactive and Less Reactive in Security Operations and Cyber Attack Response Christina Raftery, MCSE, CISSP FBI Los Angeles Field Office.
3 rd Control System Cyber-Security Workshop A Summary of this year’s meeting Dr. Stefan Lüders (CERN Computer Security Officer) with contributions from.
The Case for Tripwire® Nick Chodorow Sarah Kronk Jim Moriarty Chris Tartaglia.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Module 6: Configuring Windows XP Professional to Operate in a Microsoft Network.
Auditing Active Directory Presented to the National State Auditors Association 2014 Information Technology Conference.
HIPAA Security Standards What’s happening in your office?
System and Network Security Practices COEN 351 E-Commerce Security.
70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment, Enhanced Chapter 9: Implementing and Using Group Policy.
Presented by C.SARITHA ( 07R91A0568) INTRUSION DETECTION SYSYTEM.
Brian Bradley.  Data is any type of stored digital information.  Security is about the protection of assets.  Prevention: measures taken to protect.
Designed By: Technical Training Department
Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060
Network security policy: best practices
Mobility Methods for document access while away from the office.
Technical Training: DIR-615
Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?
NDSU IT Security Theresa Semmens Chief Information Technology Security Officer Jeff Gimbel Senior Security Analyst.
Security Risk Management Marcus Murray, CISSP, MVP (Security) Senior Security Advisor, Truesec
Web Payments via Christopher Woods Aaron Buma. Agenda  Introduction  About it  Why to use it  Services they Provide  Seller Protection  Ebay Aspect.
10969A Active Directory® Services with Windows Server® Course 10699A
AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
Common Cyber Defenses Tom Chothia Computer Security, Lecture 18.
The Microsoft Baseline Security Analyzer A practical look….
Control System Cyber-Security Workshop A Summary of Yesterday’s Meeting Dr. Stefan Lüders (CERN IT/CO) with slides from P. Chochula (ALICE), S. Gysin (FNAL),
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
Office of Campus Information Security Driving a Security Architecture by Assessing Risk Stefan Wahe Sr. Information Security Analyst.
BIT 285: ( Web) Application Programming Lecture 15: Tuesday, February 24, 2015 Microsoft Azure Instructor: Craig Duckett.
I-Hack’08 International Hacking Competition “Details”
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
Sebastian Lopienski CERN Computer Security Team Securing your servers and code (and how we can help you)
© Copyright 2010 Hemenway & Barnes LLP H&B
Status of Exchange deployment Alberto Pace for the IT/IS group Desktop Forum, April 3 rd 2003.
ITS – Identity Services ONEForest Security Jake DeSantis Keith Brautigam
Module 11: Designing Security for Network Perimeters.
INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.
FIT03.05 Explain features of network maintenance.
Campus Network upgrade and Wi-Fi Rollout REVIEW AND PHASE 3 PROJECT MANAGER TASKS.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Problems to Overcome Implementation Issues at CERN Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan) October 11th 2009.
Proposed UW Minimum Computer Security Standards From C&C 28 Jan 2005 Draft.
Website Design:. Once you have created a website on your hard drive you need to get it up on to the Web. This is called "uploading“ or “publishing” or.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Control System Cyber-Security Workshop A Summary of Yesterday’s Meeting Dr. Stefan Lüders (CERN Computer Security Officer) with slides from B. Copy (CERN),
3 rd Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop,
Control System Cyber-Security Workshop Exchanging ideas on HEP security Dr. Stefan Lüders (CERN Computer Security Officer) (CS) 2 /HEP Workshop, Kobe (Japan)
Education – Partnership – Solutions Information Security Office of Budget and Finance Christopher Giles Governance Risk Compliance Specialist The Internet.
Critical Infrastructure Protection and the Role of the Next Generation Firewall Blaž Ivanc.
SMOOTHWALL FIREWALL By Nitheish Kumarr. INTRODUCTION  Smooth wall Express is a Linux based firewall produced by the Smooth wall Open Source Project Team.
Dr. Pipat Sookavatana. IT for Business Communication and Information Exchange Web access File and Printer Sharing Information Access Advertisement.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.
Al Lilianstrom CD/LSC/SOS/ESG  Blocked?  Operating Systems  Baselines  Detection  TiSSUE  Compliance  Windows  OS/X  Questions.
ISSeG Integrated Site Security for Grids WP2 - Methodology
CompTIA Security+ SY0-401 Real Exam Question Answer
Common Methods Used to Commit Computer Crimes
Control system network security issues and recommendations
Recommending a Security Strategy
Unit 27: Network Operating Systems
Information Security Session October 24, 2005
Chapter 27: System Security
ISO/IEC 27001:2005 A brief introduction Kaushik Majumder
TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.
EDUCAUSE Security Professionals Conference 2018 Jason Pufahl, CISO
Presentation transcript:

How things go wrong. The lucky one and the unlucky one Dr. Stefan Lüders (CERN Computer Security Officer) 3 rd (CS) 2 /HEP Workshop, Grenoble (France) October 9 th, 2011

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The Lucky One

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The SCADA Researcher A month earlier, the Researcher reported to the U.S. Department of Homeland Security who informed us via SWITCH and MELANI.

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 What happened?

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Counter-Measures Standard event response: Inform stakeholders Prepare press statement Take documents offline incl. Google cache Change passwords on all instances (can be costly!) Check access logs for unauthorized activity: Weve been able to identify the corresponding actions, e.g. the original scan for the document and WTS accesses Lessons Learned: Starting to block access from the Internet for selected service accounts (i.e. non-personal accounts) Working on a general policy prohibiting service accounts on LXPLUS and CERNTS

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The Unlucky One

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 The Attack

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Counter-Measures Standard event response: Inform stakeholders Prepare press statement Check network logs and attacker Ips Forensics of compromised server Difficult if local admins already have tampered with the data Determination of compromise extent Reinstallation after all (painful) Lessons Learned: Patching is a must Central syslogging is a must, too Adequate security training is beneficial for all (Once bitten, twice shy ) Deployment of so-called Security Baselines

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Security Baselines …define basic security objectives …are simple, pragmatic & complete, and do not imply technical solutions All systems/services must be implemented and deployed in compliance with their corresponding Security Implementation Document Non-compliance will ultimately lead to reduced network connectivity (i.e. closure of CERN firewall openings, ceased access to other network domains, full disconnection from the network). Today, we have Security Baselines… …for servers (EDMS )EDMS …for file hosting services (EDMS )EDMS …for web hosting services (EDMS )EDMS …for Industrial Embedded Devices (EDMS )EDMS

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Prevention is the key Training & Awareness Dedicated training courses on Secure programming in Java/PHP/Perl/Python and …for Web applications Mandatory on-line security course every two years for all CERN account owners Awareness poster campaign through-out CERN Check out at Consulting & Assistance Helping system owners with securing their services Website scanning …plus Nessus…

Dr. Stefan Lüders (CERN IT/CO) DESY 20. Februar 2007 How things go wrong. Dr. Stefan Lüders 3 rd CS2HEP October 9 th 2011 Thank you! Questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.