1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

Slides:



Advertisements
Similar presentations
Computer viruses Hardware theft Software Theft Unauthorized access by hackers Information Theft Computer Crimes.
Advertisements

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Denise Heagerty, CERN, HEPiX Meeting Oct HEPiX Security Workshop Overview of talks Some extracts of general interest LCG Security Group FNAL, KEK,
Chapter 12 Network Security.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Vijay krishnan Avinesh Dupat  Collection of tools (programs) that enable administrator-level access to a computer or computer network.  The main purpose.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Securing Instant Messaging Matt Hsu. Outline Introduction Instant Messaging Primer Instant Messaging Vulnerabilities and Exploits Securing Instant Messaging.
Cyber Security – Our Approach James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Kaspersky Open Space Security: Release 2 World-class security solution for your business.
Internet Relay Chat Security Issues By Kelvin Lau and Ming Li.
1 Computer Security: Protect your PC and Protect Yourself.
EDUCAUSE Security 2006 Internet John Brown University.
Threats and ways you can protect your computer. There are a number of security risks that computer users face, some include; Trojans Conficker worms Key.
Information Security Information Technology and Computing Services Information Technology and Computing Services
Internet Safety CSA September 21, Internet Threats Malware (viruses) Spyware Spam Hackers Cyber-criminals.
INTRODUCING F-SECURE POLICY MANAGER
Chapter 2 Information Security Overview The Executive Guide to Information Security manual.
Outline  Infections  1) r57 shell  2) rogue software  What Can We Do?  1) Seccheck  2) Virus total  3) Sandbox  Prevention  1) Personal Software.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Chapter 15: Security (Part 1). The Security Problem Security must consider external environment of the system, and protect the system resources Intruders.
Demystifying Backdoor Shells and IRC Bots: The Risk … By : Jonathan.
National Energy Research Scientific Computing Center (NERSC) Computer Security – The New Threats Stephen Lau NERSC Center Division, LBNL June 24, 2004.
CERN’s Computer Security Challenge
Proposed mid-term Security Strategies for CERN Prepared by ad-hoc working group members: Lionel Cons, Francois Fluckiger, Denise Heagerty, Jan Iven, Jean-Michel.
How CERN reacted to the Blaster and Sobig virus attack Christian Boissat, Alberto Pace, Andreas Wagner.
| nectar.org.au NECTAR TRAINING Module 5 The Research Cloud Lifecycle.
Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.
Safeguarding OECD Information Assets Frédéric CHALLAL Head, Systems Engineering Team OECD.
Time lag between discovering issue and resolving Difficult to find solutions and patches that can help resolve issue Service outages expensive and.
Chapter 13 Understanding E-Security. 2 OBJECTIVES What are security concerns (examples)? What are two types of threats (client/server) Virus – Computer.
TECHNOLOGY GUIDE THREE Protecting Your Information Assets.
1 Figure 4-16: Malicious Software (Malware) Malware: Malicious software Essentially an automated attack robot capable of doing much damage Usually target-of-opportunity.
Network problems Last week, we talked about 3 disadvantages of networks. What are they?
BOTNETS Presented By : Ramesh kumar Ramesh kumar 08EBKIT049 08EBKIT049 A BIGGEST THREAT TO INERNET.
Security at NCAR David Mitchell February 20th, 2007.
Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.
Denial of Service (DoS) DoS attacks are aggressive attacks on an individual computer or groups of computers with the intent to deny services to intended.
Virus and anti virus. Intro too anti virus Microsoft Anti-Virus (MSAV) was an antivirus program introduced by Microsoft for its MS-DOS operating system.
Week 10-11c Attacks and Malware III. Remote Control Facility distinguishes a bot from a worm distinguishes a bot from a worm worm propagates itself and.
7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
Module 11: Designing Security for Network Perimeters.
Operational Circular No 5 Use of CERN Computing Facilities.
What is Spam? d min.
Computer Security Risks for Control Systems at CERN Denise Heagerty, CERN Computer Security Officer, 12 Feb 2003.
CERN - European Organization for Nuclear Research Beyond ACB – VPN’s FOCUS June 13 th, 2002 Frédéric Hemmer & Denise Heagerty- IT Division.
Module  Introduction Introduction  Techniques and tools used to commit computer crimes Techniques and tools used to commit computer crimes.
Computer Security Status Update FOCUS Meeting, 28 March 2002 Denise Heagerty, CERN Computer Security Officer.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
LESSON 5-2 Protecting Your Computer Lesson Contents Protecting Your Computer Best Practices for Securing Online and Network Transactions Measures for Securing.
Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.
Introduction to Network Security. Acknowledgements.
NETWORK SECURITY Definitions and Preventions Toby Wilson.
“Lines of Defense” against Malware.. Prevention: Keep Malware off your computer. Limit Damage: Stop Malware that gets onto your computer from doing any.
MIS323 – Business Telecommunications Chapter 10 Security.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Basic Security Networking for Home and Small Businesses – Chapter 8.
1 Integrated Site Security Project Denise Heagerty CERN 22 May 2007.
Computer Security Sample security policy Dr Alexei Vernitski.
1 Botnets Group 28: Sean Caulfield and Fredrick Young ECE 4112 Internetwork Security Prof. Henry Owen.
1 Outline of this module By the end of this module you will be able to: Understand why computer security is important; Name the different threats to.
Internet security for the home Paul Norton MEng(Hons) MIEE Electronic engineer working for Pascall Electronics Ltd. on the Isle of Wight A talk on Internet.
TECHNOLOGY GUIDE THREE
Information Security Session October 24, 2005
Lecture 3: Secure Network Architecture
Implementing Client Security on Windows 2000 and Windows XP Level 150
Designing IIS Security (IIS – Internet Information Service)
Test 3 review FTP & Cybersecurity
Presentation transcript:

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004

2 Outline Incident summary, Viruses, Worms and Backdoors Risks and actions taken so far Software risks and restrictions P2P, IRC, IM, … Balancing risk with academic freedom Risks from visiting users Protecting control systems Protecting GRID resources Summary of CERN’s computer security challenges

3 Incident Summary, Incident Type 5931 System compromised (intruder has control) security holes in software (e.g. ssh, kernel, IE, web, CVS) Compromised CERN accounts sniffed or guessed passwords Serious Viruses and worms Blaster/Welchia (414), Sobig (12), Slammer(3) Unauthorised use of file servers and P2P software insufficient access controls, P2P file-sharing, Skype 15162Serious SPAM incidents e.g. CERN systems used to originate SPAM 1196Miscellaneous security alerts Total Incidents

4 Viruses, Worms and Backdoors (1) are a serious security threat: Infections increasingly occur before anti-virus patterns are available Infections regularly include backdoors which give system control to intruders Backdoors are difficult to detect e.g. initiated by a client program in response to pre-defined normal packets Infections increasingly include keyloggers Used to collect passwords, credit card details, etc Most infected PCs belong to visitors Managed by individuals and not part of CERN domain

5 Viruses, Worms and Backdoors (2) Actions taken so far: Pro-active anti-virus response E.g. Beta pattern files, specific filters on mail gateways, new viruses are reported, detection tools identify infected systems to disconnect Computers must be registered and kept secure Computers detected as insecure can be blocked from the network and the registered contact informed Collaboration is generally good, but expertise is insufficient Strong management recommendation to run centrally managed systems (Windows and Linux) More than 5000 Windows and 3500 Linux PCs have automated patches More than 1000 PCs are individually managed (visitors, non-standard) Dual boot systems need to keep both systems patched

6 Risks from client software Client software bypasses traditional security checks E.g. firewalls, application gateways, trusted web sites P2P file sharing software is a target for spreading viruses Reports say more than 50% of KaZaA files contain viruses IRC (Internet Relay Chat) is used by intruders E.g. to communicate together, to upload stolen data, to advertise tricked data IM (Instant Messaging) is targeted by intruders E.g. Compromised systems via security holes, connections to non- trusted servers (ICQ), links to tricked web sites Client systems may be converted to Bots Allows intruders to control many systems e.g. to launch DDoS attacks

7 Software Restrictions Software installation and use is restricted Personal use of P2P software is NOT permitted IRC bots and servers are NOT permitted Clients are permitted and used for a professional purpose Personal installations of IM are not permitted CERN’s standard Windows/XP configuration includes Messenger Systems and applications must be kept secure Relies on user awareness and competence Competes with publicity from the “friends network”

8 Balancing risk with academic freedom Risks: Personal use of CERN’s computing and network facilities is permitted Defined at e.g. personal and web surfing Social engineering tricks succeed E.g. virus infected attachments executed, insecure web sites visited Academic curiosity increases risk E.g. Insecure software and spyware unintentionally installed Counter-Measures: Awareness raising campaigns Restrictive Rules

9 Risks from Visiting Users CERN’s users are located around the world Many are based at universities and research labs Visiting users increasingly bring their laptops Need network access to CERN services and general Internet Relies on users keeping their laptops secure Network based tools detect some problems, e.g. scanning Users need to access CERN systems remotely Key services directly on the Internet (mail, web, files) Terminal Services offer additional functionality (client-server) VPN for special cases (users agree to additional security rules) Insecure laptops (connected directly or by VPN) are the biggest source of viruses Enforced network registration helps to fix them quickly, but does not prevent the problem

10 Protecting Control Systems Accelerator and technical control systems are connected on a physically separate network No direct Internet access to/from off-site Access restrictions on-site are difficult to manage Off-site access for specialists Experts can be at home or at remote sites around the world Some systems are managed by outsourced contracts Connect via gateways, e.g. Windows Terminal Services Token based authentication proposed for critical systems Stability v Updates Automated patching and software updates based on needs and risk Critical systems Reduce risk with gateways, firewalls, one-time passwords, …

11 Protecting GRID resources GRID computing distributes applications across many sites with significant computing power Risks for GRID resources have been analysed Security holes are considered high risk Requires a rapid process for applying security updates Respond rapidly to suspected break-ins Good collaboration between CSIRTs Reduce risk by combining relevant security tools e.g. firewalls, access control, intrusion detection Limit the risk for DoS attacks Restrict network access to GRID systems Respond rapidly to attacks, e.g. disconnect from the network

12 Summary of security challenges Limit the impact of viruses and worms Avoid significant computer and network downtime Protect client and server software Solutions beyond vulnerability scanning and automated patching Limit the ability of users to introduce security exposures P2P, IRC, IM are prone to social engineering tricks Prevent network access for insecure systems How to detect security exposures before allowing network access? Protect control systems Solutions must be easily manageable and allow remote Internet access for authorised experts Scale security solutions to GRIDs Tools need to be easy, fast and automated

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.