CyberSecurity Summit 2005 Teragrid Incident Response Overview December 13th, 2005 James Marsteller CISSP Information Security Officer Pittsburgh Supercomputing.

Slides:

Advertisements

Similar presentations

INDIANAUNIVERSITYINDIANAUNIVERSITY Global Federated Network Operations Structure (GFNOS) Jim Williams TransPAC2 Principal Investigator

Advertisements

1 US activities and strategy :NSF Ron Perrott. 2 TeraGrid An instrument that delivers high-end IT resources/services –a computational facility – over.

Security Education and Awareness Workshop January 15-16, 2004 Baltimore, MD.

Cybersecurity Summit 2004: Conclusions and Recommendations Tom Bettge and Ginger Caldwell Scientific Computing Division National Center for Atmospheric.

SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer

Dave Jent, PI Luke Fowler, Co-PI Ron Johnson, Co-PI

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

EInfrastructures (Internet and Grids) - 15 April 2004 Sharing ICT Resources – Discussion of Best Practices in the U.S. Mary E. Spada Program Manager, Strategic.

Simo Niskala Teemu Pasanen

1 Ben Woelk RIT Information Security Office Advancing Digital Self Defense Establishing a Culture of Security Awareness at the Rochester Institute of Technology.

Information Assurance and Higher Education Clifton Poole National Defense University Carl Landwehr National Science Foundation Tiffany Olson Jones Symantec.

Network security policy: best practices

Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.

Network, Operations and Security Area Tony Rimovsky NOS Area Director

Incident Handling and Response Breakout Overview.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

Network Security Resources from the Department of Homeland Security National Cyber Security Division.

An Electronic Learning Network Joni FalkBrian Drayton Brian This site is supported by the National.

CI Days: Planning Your Campus Cyberinfrastructure Strategy Russ Hobby, Internet2 Internet2 Member Meeting 9 October 2007.

Keeping you Running Part I Experiences in Helping Local Governments Develop Cyber Security and Continuity Plans and Procedures Stan France & Mary Ball.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center

What is Cyberinfrastructure? Russ Hobby, Internet2 Clemson University CI Days 20 May 2008.

Unit 6b System Security Procedures and Standards Component 8 Installation and Maintenance of Health IT Systems This material was developed by Duke University,

SAN DIEGO SUPERCOMPUTER CENTER Impact Requirements Analysis Team Co-Chairs: Mark Sheddon (SDSC) Ann Zimmerman (University of Michigan) Members: John Cobb.

Coordinating the TeraGrid’s User Interface Areas Dave Hart, Amit Majumdar, Tony Rimovsky, Sergiu Sanielevici.

Instructional & Information Technology Services Fall, Activities and Updates Teresa Macklin Information Security Officer Information Security.

August Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation.

Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.

Russ Hobby Program Manager Internet2 Cyberinfrastructure Architect UC Davis.

Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.

SAN DIEGO SUPERCOMPUTER CENTER NATIONAL CENTER FOR SUPERCOMPUTING APPLICATIONS Case 216 The Incident That Brought Us Together December 12, 2005 Jim Barlow,

InfraGard A Government and Private Sector Alliance Information sharing begins with human relationships – people talking with people whom they trust. Information.

National Center for Supercomputing Applications Barbara S. Minsker, Ph.D. Associate Professor National Center for Supercomputing Applications and Department.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

NSF Cybersecuity Summit May REN-ISAC Goal The goal of the REN-ISAC is to aid and promote cyber security protection and response within the higher.

The Impact of Evolving IT Security Concerns On Cornell Information Technology Policy.

GRID Overview Internet2 Member Meeting Spring 2003 Sandra Redman Information Technology and Systems Center and Information Technology Research Center National.

TeraGrid Operations Overview Mike Pingleton NCSA TeraGrid Operations December 2 nd, 2004.

What Can Go Wrong During a Pen-test? Effectively Engaging and Managing a Pen-test.

Course # Unit 2 - OEP and PEMS. Unit 2 OEP and PEMS HQ OEP  OEP Mission  EP Website PEMS  Overview  Benefits  Current Functionality 

TeraGrid NOS Turnover Jeff Koerner Q meeting December 8, 2010.

1 NSF/TeraGrid Science Advisory Board Meeting July 19-20, San Diego, CA Brief TeraGrid Overview and Expectations of Science Advisory Board John Towns TeraGrid.

TeraGrid Gateway User Concept – Supporting Users V. E. Lynch, M. L. Chen, J. W. Cobb, J. A. Kohl, S. D. Miller, S. S. Vazhkudai Oak Ridge National Laboratory.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

NOS Report Jeff Koerner Feb 10 TG Roundtable. Security-wg In Q a total of 11 user accounts and one login node were compromised. The Security team.

How to Build a NOC. Identify Customers –Who are your customers? Understand Customer Expectations –What are your user expectations? –SLA’s? Support Service.

Cyberinfrastructure Overview Russ Hobby, Internet2 ECSU CI Days 4 January 2008.

Cyberinfrastructure: Many Things to Many People Russ Hobby Program Manager Internet2.

Sergiu April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair.

Data, Visualization and Scheduling (DVS) TeraGrid Annual Meeting, April 2008 Kelly Gaither, GIG Area Director DVS.

Network, Operations and Security Area Tony Rimovsky NOS Area Director

1 CREATING AND MANAGING CERT. 2 Internet Wonderful and Terrible “The wonderful thing about the Internet is that you’re connected to everyone else. The.

Internet2 Abilene & REN-ISAC Arbor Networks Peakflow SP Identification and Response to DoS Joint Techs Winter 2006 Albuquerque Doug Pearson.

TeraGrid User Portal Migration Project Summery Jeff Koerner Director of Operations TeraGrid GIG Matt Heinzel Director TeraGrid GIG September 2009.

Resources for Meeting Internet Safety Requirements Cheryl Elliott James Madison University Bill Johnsen Virginia Beach City Public Schools Educational.

Policy, Standards and Guidelines Breakout Co-Chairs Victor Hazlewood OCIO Cyber Security, ORNL Kim Milford ISO, University of Rochester.

FEPRE IT Presentation Peter Dolukhanov. Aims & Objectives Give an overview of the current proposed IT infrastructure Discuss and get feedback on the current.

MANAGING INCIDENT RESPONSE By: Ben Holmquist. 2 Outline Key Terms and Understanding Personnel and Plan Preparation Incident Detection Incident Response.

Anytime, Anywhere Access Benefits Functionality Work Order Administration Dispatch Work Order Work Order Details New Work Order Additional Functionality.

Blackboard Learn 9.1 Communicating with Students © 2010 Blackboard Inc. All rights reserved.

TeraGrid’s Process for Meeting User Needs. Jay Boisseau, Texas Advanced Computing Center Dennis Gannon, Indiana University Ralph Roskies, University of.

Gateways security Aashish Sharma Security Engineer National Center for Supercomputing Applications (NCSA) University of Illinois at Urbana-Champaign.

15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK

Joint Techs, Columbus, OH

Incident Response Plan for the Open Science Grid

Federated Environments and Incident Response: The Worst of Both Worlds

Computer Emergency Response Team

Tom Barton (WG Chair) University of Chicago and Internet2

Presentation transcript:

CyberSecurity Summit 2005 Teragrid Incident Response Overview December 13th, 2005 James Marsteller CISSP Information Security Officer Pittsburgh Supercomputing Center

What is the Teragrid? “The TeraGrid is an NSF funded open scientific discovery infrastructure combining leadership class resources at eight partner sites to create an integrated, persistent computational resource”

Teragrid Facts  Launched August 2001  40 Teraflops of computing power  2 Petabyes of storage  Gig Interconnects (Dedicated Network)  Specializes in data analysis and visualization resources

Teragrid Partners  National Science Foundation  Indiana University  NCSA  ORNL  PSC  Purdue University  SDSC  University of Texas  UC/ANL

Teragrid Backbone

The Challenge… Developing a security baseline that satisfies a broad range of organizations including: Major Universities and Government Research Facilities.  Need A TG Security Baseline  Different Organizations, Different Goals  Government, Higher Ed, Research  Service Requirement, Public Relations, Privacy Reqs, Acceptable Use  How To Handle Non-TG Customers?

Building a Teragrid Security Team  ANL: Ti Leggett, JP Navarro, Gene Rackow  SDSC: Abe Singer, Bill Link, Victor Hazelwood  NCSA: Jim Barlow, Jeff Rosendale, Tim Brooks, Aashish Sharma  PSC: Jim Marsteller (Chair), Derek Simmel, Bryan Webb  ORNL: James Rome, Greg Pike  CalTech: Mark Bartelt  UTexas: Bill Jones  Purdue: David Seidl, Anna Squicciarini, Greg Hedrick  IU: Dave Hancock, Doug Pearson

Building a Teragrid Security Team  First Steps:  Drafted a Security Memorandum of Understanding (M.O.U)  Incident Response Contact List  Security “Hotline”

Security M.O.U.  Goal: A communications tool to define security expectations among EFT Sites. Not intended to replace existing site policy. Establish Policy - Not Implementation  Focus Areas:  Security Baselines  Incident Response  Change/Patch Management  Awareness  Accountability/Privacy

Incident Response Framework …a “crash” course  IR Team Creation  IR Procedures  Playbook and IR Flowchart  Secure Communications  Encrypted  24/7 Security “Hotline”  Information Repository  Encrypted IM

Identifying, Responding & Communicating Events  Response Playbook  Who To Contact Methodology  Initial Responders  Secondary Responders  Help Desk Staff  How to Respond to Event  PR Guidelines  800 Number & International Access

Identifying, Responding & Communicating Events  Security “hotline”  24/7 Reservation less Conference #  Any Site Can Initiate  Only Known To Response Personnel  All participants are announced and challenged  800 Number & International Access  Only transmitted encrypted to protect eavesdropping

Identifying, Responding & Communicating Events  Mailing Lists  “General” List: Used to announce weekly IR calls, new vulnerabilities, share IR related information.  Emergency List  Used to alert TG Staff of an incident  Response Staff Subscription  Can be tied to Trigger (Pagers, Phones, NOC)

Encrypted Communications  Encrypted Communications Are VERY IMPORTANT!  PGP/GPG encrypted  Shared Password for Communications (Changes Frequently)  Encrypted Website To Archive Critical Information  Site Based Encrypted Instant Messaging (JABBER)

Coordinated Evidence Gathering  Playbook Outlines Requirements:  Protecting “Chain Of Custody”  Proper Logging  Reliable Copies Of Process Accounting  Level Of Effort Responding  Staff Hours & Capitol

Weekly Response Calls  ‘Closed’ only to TG IR Personnel  Forum for Detailed Description of Security Events and Q&A  Share Latest Attack Vectors  Non-TG News  Update On Current Investigations

Current Teragrid IR Challenges:  Customer Service Coordination  Single point of contact for user  User services and Security  Getting useful information from the user  Managing accounts across TG Resource Providers  Which sites have disabled?  What needs to be done to reactivate?  User Service insight to all of this information  IR Sharing/Reporting  Today all based w static webpages  IR Trouble Ticket System  Action taken site by site  Action/information needed  NSF Notification procedure/threshold  Expansion of the Teragrid and beyond

Customer Service Coordination

User Questions for a Compromised Account: 1.Do you use the password of the compromised account at other TG sites or other general accounts (Hotmail, Amazon, Paypal, Ebay)? 2.What was the time of your last known login? Where was it from?’ 3.From what locations do you usually login (hostnames/IP)? 4.Which sites/machines have you used? 5.What locations (hosts) can we expect to you to login from? 6.Can accounts at other TG sites be closed down, or do you expect to use them in the future? If so, which sites are not needed: (PSC, SDSC, NCSA, ANL, Purdue, Indiana, ORNL, Texas, etc.) 7.Do you have any idea how someone may have gotten your login info (login/password)? what machines may possibly be compromised? your desktop? some other machine you used?

Expanding beyond the Teragrid  What is the criteria for notifying funding sources?  Every Account/Host compromise?  How to maintain as TG grows?  Newbie Guide & Security M.O.U.  How to effectively engage other organizations?  Other Grid Communities, Research communities and International organizations

Useful Resources  security.teragrid.org   Research and Education Networking ISAC:  My