CyberSecurity for NEEShub: Best-Practices and Lessons Learned Gaspar Modelo-Howard CyberSecurity Engineer George E. Brown, Jr. Network for Earthquake Engineering.

Slides:

Advertisements

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Advertisements

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

System and Network Security Practices COEN 351 E-Commerce Security.

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Network Security Testing Techniques Presented By:- Sachin Vador.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Honeypot and Intrusion Detection System

Module 14: Configuring Server Security Compliance

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Software Security Testing Vinay Srinivasan cell:

Chapter 6 of the Executive Guide manual Technology.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

© 2001 by Carnegie Mellon University SS5 -1 OCTAVE SM Process 5 Background on Vulnerability Evaluations Software Engineering Institute Carnegie Mellon.

OCTAVE-S on TradeSolution Inc.. Introduction Phase 1: Critical Assets and threats Phase 2: Critical IT Components Phase 3: Changes Required in current.

HIPS Host-Based Intrusion Prevention System By Ali Adlavaran & Mahdi Mohamad Pour (M.A. Team) Life’s Live in Code Life.

Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.

Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.

12 Steps to Cloud Security A guide to securing your Cloud Deployment Vishnu Vettrivel Principal Engineering Lead,

October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Small Business Security Keith Slagle April 24, 2007.

CERN IT Department CH-1211 Genève 23 Switzerland t Security Overview Luca Canali, CERN Distributed Database Operations Workshop April

Module 11: Designing Security for Network Perimeters.

Introduction to Information Security

Lesson 19-E-Commerce Security Needs. Overview Understand e-commerce services. Understand the importance of availability. Implement client-side security.

Security fundamentals Topic 2 Establishing and maintaining baseline security.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

Implementing Server Security on Windows 2000 and Windows Server 2003 Fabrizio Grossi.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

How to Mitigate Stay Safe. Patching Patches Software ‘fixes’ for vulnerabilities in operating systems and applications Why Patch Keep your system secure.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

IS3220 Information Technology Infrastructure Security

Syo-401 Question Answer. QUESTION 1 An achievement in providing worldwide Internet security was the signing of certificates associated with which of the.

Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer Saurabh Bagchi NEEScomm Cybersecurity Officer.

Palindrome Technologies all rights reserved © 2016 – PG: Palindrome Technologies all rights reserved © 2016 – PG: 1 Peter Thermos President & CTO Tel:

Unit 2 Personal Cyber Security and Social Engineering Part 2.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Microsoft OS Vulnerabilities April 1, 2010 MIS 4600 – MBA © Abdou Illia.

Working at a Small-to-Medium Business or ISP – Chapter 8

Critical Security Controls

Design for Security Pepper.

Chapter 7: Identifying Advanced Attacks

Secure Software Confidentiality Integrity Data Security Authentication

BUILDING A PRIVACY AND SECURITY PROGRAM FOR YOUR NON-PROFIT

IS4550 Security Policies and Implementation

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

Chapter 27: System Security

ISMS Information Security Management System

How to Mitigate the Consequences What are the Countermeasures?

Operating System Security

Intrusion Detection system

Designing IIS Security (IIS – Internet Information Service)

Presentation transcript:

CyberSecurity for NEEShub: Best-Practices and Lessons Learned Gaspar Modelo-Howard CyberSecurity Engineer George E. Brown, Jr. Network for Earthquake Engineering Simulation

Need for Cyber-Security Colaboratories Trusted Repository Earthquake / Tsunami What should I pay attention to, regarding security, when using HUBzero software?

Agenda NEES Project: What is it? NEES Security Plan Compliance Hubzero Security “Out of the Box” Additional Security Concerns Security Assessments Incidents NEES Security in a Nutshell

NEES Project: What is it? Network of civil engineering experimental facilities aimed at facilitating research on mitigating the impact of earthquakes 14 research labs +5,000 users from around the world

Security Plan Describes a structured process to plan adequate, cost-effective security protection for NEES cyber infrastructure Audience: NEES community Sections –Roles and Responsibilities –Authentication and Authorization –Privacy –Incident Response –Auditing Updated annually

Compliance Moving from NIST SP-800s to Trusted Digital Repositories and Audit Checklist (TRAC / ISO16363) –Security section based on ISO/IEC Security requirements –Security plan and implemented controls –System roles and responsibilities –Risk assessment procedures –Disaster recovery and continuity plan

NEEShub Components Diagram HubZero Joomla!MySQL Open LDAP Apache HTTP PHP Exim SMTP Debian LinuxNEEShub

Hubzero Security (Out of the Box) 1.Group-based Access Control (Joomla/Hubzero) 2.Firewall (IPtables) 3.Single sign-on (LDAP) 4.Network Port restrictions 5.Input Validation for wiki entries 6.Captcha-based Ticketing system Easy to include other security mechanisms to protect against attacks (malware, password guessing, web-based vulnerabilities)

(Additional) Security Concerns 1.Malware Protection 2.Account cracking 3.Joomla/PHP-related vulnerabilities 4.Host and Network Monitoring

Malware Protection ClamAV: free, cross-platform antivirus software tool-kit –command-line scanner, scalable multi-threaded daemon, and automatic database update tool Malware is ‘seasonal’, consider participating in the ClamAV Community Threat Tracking System – Double check possible infected files – Beware of false positives and false negatives Need protection for both servers and user computers

Malware Virustotal.com ClamAV Community Threat Tracking System

Account Cracking Any Internet-facing service is constantly being probed Fail2ban ( scans log files and bans IP addresses that show too many password failures by updating firewall rules to reject the addresses for a specified amount of timewww.fail2ban.org

Joomla/PHP-related Vulnerabilities OWASP PHP Top 5 Attack Vectors –Remote Code Execution –Cross-site scripting –SQL injection –PHP Configuration –File system OWASP Joomla Security Scanner –Good introduction to Joomla! world of core and extensions (modules, components and plugins) –Detects file inclusion, SQL injection, command execution vulnerabilities of a target Joomla! web site –Searches for known vulnerabilities of Joomla! and its components: 611 vulnerability checks (Feb. 2, 2012)

Joomla/PHP-related Vulnerabilities OWASP Zed Attack Proxy –Penetration testing tool for finding vulnerabilities in web applications – SQLmap –Automates process to detect and exploit SQL injection flaws in web applications/databases –Good detection accuracy (nice suite of heuristics) hubZAPbrowser Testing System

Host and Network Monitoring Monitoring network traffic and file systems

Two phases: Internet and Campus –Testing for filtering implementations Review of security policy compliance (Questionnaire) Reviews of users and groups Ports and vulnerabilities scanning Attention to web applications and databases Deployment of permanent scanner server Usage of public resources –Example: Google Safe Browsing Security Assessment

Incident: CVE Vulnerability in Exim4 mailing software –With specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon –Window to patch: 24 hours Testing machines were taken offline, after attackers tried to install new binaries Corrupted machines were scrapped and then rebuilt No production machines were affected, thus no external users were affected –As a precaution, NEEShub users were asked to reset their password Additional measures were implemented to protect environments Lesson Learned: protect the “Post Office”

Probing the mailing list server Intrusion Detection System (IDS)

Epilogue: NEES Security in a Nutshell Access Control Firewalls, access permissions (web servers, file servers and databases), VPN, separation of resources by environment (production, testing, development), file integrity checker Authentication user and group directory (LDAP) Auditing System logs, fail2ban Others security assessments, software patching, intrusion detection systems (IDS) NEES CyberSecurity Plan / University’s Security Policies U.S. Federal Regulations (NIST)

Acknowledgements Pascal Meunier, HUBzero Brian Rohler, NEEShub