Active Security Infrastructure Stuart Kenny Trinity College Dublin.

Slides:

Advertisements

Similar presentations

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (

Advertisements

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.

HEAnet Conference 2006 John Walsh Grid-Ireland Grid Manager Trinity College Dublin The Grid Computing Infrastructure in Ireland and Abroad.

Data Security in Local Networks using Distributed Firewalls

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Department of Computer Science 1 CSS 496 Business Process Re-engineering for BS(CS)

INTRUSION DETECTION SYSTEM

Resource Management Reading: “A Resource Management Architecture for Metacomputing Systems”

Norman SecureSurf Protect your users when surfing the Internet.

Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,

Penetration Testing Security Analysis and Advanced Tools: Snort.

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

1 Autonomic Computing An Introduction Guenter Kickinger.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

GDT V5 Web Services. GDT V5 Web Services Doug Evans and Detlef Lexut GDT 2008 International User Conference August 10 – 13  Lake Las Vegas, Nevada GDT.

Dynamic Firewalls and Service Deployment Models for Grid Environments Gian Luca Volpato, Christian Grimm RRZN – Leibniz Universität Hannover Cracow Grid.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

03/27/2003CHEP20031 Remote Operation of a Monte Carlo Production Farm Using Globus Dirk Hufnagel, Teela Pulliam, Thomas Allmendinger, Klaus Honscheid (Ohio.

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

Module 4: Configuring ISA Server as a Firewall. Overview Using ISA Server as a Firewall Examining Perimeter Networks and Templates Configuring System.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Event Management & ITIL V3

CSCI 530 Lab Intrusion Detection Systems IDS. A collection of techniques and methodologies used to monitor suspicious activities both at the network and.

Module 9: Designing Network Access Protection. Scenarios for Implementing NAP Verifying the health of: Roaming laptops Desktop computers Visiting laptops.

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

1 Quick Overview Overview Network –IPTables –Snort Intrusion Detection –Tripwire –AIDE –Samhain Monitoring & Configuration –Beltaine –Lemon –Prelude Conclusions.

Section 11: Implementing Software Restriction Policies and AppLocker What Is a Software Restriction Policy? Creating a Software Restriction Policy Using.

And Tier 3 monitoring Tier 3 Ivan Kadochnikov LIT JINR

SNORT Biopsy: A Forensic Analysis on Intrusion Detection System By Asif Syed Chowdhury.

1 HoneyNets. 2 Introduction Definition of a Honeynet Concept of Data Capture and Data Control Generation I vs. Generation II Honeynets Description of.

Securing Your Enterprise with Enterprise Manager 10g Amir Najmi Principal Member of Technical Staff System Management Products Oracle Corporation Session.

Legion - A Grid OS. Object Model Everything is object Core objects - processing resource– host object - stable storage - vault object - definition of.

Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin.

Andrei Gheata, Mihaela Gheata, Andreas Morsch ALICE offline week, 5-9 July 2010.

1 Network Firewalls CSCI Web Security Spring 2003 Presented By Yasir Zahur.

S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.

Migrating Desktop Bartek Palak Bartek Palak Poznan Supercomputing and Networking Center The Graphical Framework.

Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Glen Dobson, Lancaster University Service Grids Workshop NeSC Edinburgh 23/7/04 Endpoint Services Glen Dobson Lancaster University,

PRESENTATION TITLE Presented by: Xxxx Xxxxx. Providence Health & Services Very large Catholic healthcare system 33 hospitals in AK, CA, MT, OR, WA 65,000.

Understand Network Isolation Part 2 LESSON 3.3_B Security Fundamentals.

INFSO-RI Enabling Grids for E-sciencE Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Dept. of Computer Science Trinity.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Update Authorization Service Christoph Witzig,

The Gateway Computational Web Portal Marlon Pierce Indiana University March 15, 2002.

An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin.

Introduction to ITSM processes. CONFIDENTIAL Agenda Problem Management  Overview  High Level process Change Management  Overview  High Level process.

TCD Site Report Stuart Kenny*, Stephen Childs, Brian Coghlan, Geoff Quigley.

D.Spiga, L.Servoli, L.Faina INFN & University of Perugia CRAB WorkFlow : CRAB: CMS Remote Analysis Builder A CMS specific tool written in python and developed.

IS3220 Information Technology Infrastructure Security

Grid Execution Management for Legacy Code Architecture Exposing legacy applications as Grid services: the GEMLCA approach Centre.

Keith Chadwick 1 Metric Analysis and Correlation Service. CD Seminar.

ETRIKS Platform for bioinformatics ISGC 17/03/15 Pengfei Liu, CC-IN2P3/CNRS.

Frascati, 2-3 July 2008 Slide 1 User Management compliance testing for G-POD HMA-T Phase 2 KO Meeting 2-3 July 2008, Frascati Andrew Woolf, STFC Rutherford.

Cosc 5/4765 NAC Network Access Control. What is NAC? The core concept: –Who you are should govern what you’re allowed to do on the network. Authentication.

HIPS. Host-Based Intrusion Prevention Systems  One of the major benefits to HIPS technology is the ability to identify and stop known and unknown attacks,

SIEM Rotem Mesika System security engineering

Security on OpenStack 11/7/2013

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

Shifting from “Incident” to “Continuous” Response

Intrusion Detection system

Internet Engineering Course

Presentation transcript:

Active Security Infrastructure Stuart Kenny Trinity College Dublin

Active Security Building on concepts investigated during CrossGrid project ( ) and Int.Eu.Grid ( ) Existing Grid security activities focused on prevention –Authentication, authorization Active security focused on –Detection –Reaction 3 components –Security monitoring –Alert Analysis –Control Engine

Active Security Infrastructure

Security Monitoring (Site Level) Monitors state of security of a site Reports detected security events to security alert archive Monitoring performed by ‘R-GMA enabled’ security tools –Snort –Prelude-LML –Rkhunter Extensible –Easy inclusion of additional tools, e.g., Tripwire

Alert Analysis (Management Level) Filter and analyse alerts contained in alert archive –Detect patterns that signify attempted attack Attempts to join alerts into high-level attack scenarios Output –Correlated high-priority Grid alert –New Grid policy Define actions to be taken in response to security event Extensible –Define additional ‘attack scenarios’ and base policies

Control Engine (Site Level) Input: –Grid policies generated by analysis component Site Policy Decision Point –Evaluates requests for guidance from service agents –Decision based on applicable policies Decision contains action to be taken to mitigate risk of possible security incident Extensible –Provision of service agents or plug-ins Pull

Control Engine (Site Level) Active Plug-in –Simple plug-in interface –Plug-ins invoked on policy update –Evaluate plug-in request against updated policy set –User defined code handles response and enforces obligations Grid-Ireland example –Grid4C iptables management endpoint –Dynamic host blocking Push

Grid-Ireland Deployment Grid-Ireland Gateway –Point-of-presence at 18 institutions –Homogenous set of hardware and software –Centrally managed by Grid Operations Centre (OpsCentre) at TCD ASI deployment –Security monitoring installed on gateways at 10 of 18 sites –Analysis component hosted at OpsCentre –Continuously monitoring infrastructure since June 2008

Grid-Ireland Deployment

Analyzer Scenarios: Job Monitoring Scenario models attack as series of state changes –Models states job passes through once submitted to a site –State changes triggered by published alerts Prelude LML and PBS scripts –Can be used as basis for ‘higher-level’ scenarios E.g., job executing restricted command

Analyzer Scenarios: Job Monitoring

Future Work Correlation –Prelude correlation engine LUA rules based Messaging –ActiveMQ Additional scenarios Control Engine –Implement agents and deploy

Questions?