Cyber Security Review, April 23-24, 2002, 0 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Establishing an OU Hierarchy for Managing and Securing Clients Base design on business and IT needs Split hierarchy Separate user and computer OUs Simplifies.

Secure Sockets Layer eXtended (SSLX) Next Generation Internet Security Overview Presentation April 2011.

CSS Central: Central Management Utility Screen View Samples Next.

Sandia is a multiprogram laboratory operated by Sandia Corporation, a Lockheed Martin Company, for the United States Department of Energy’s National Nuclear.

Module 5: Creating and Configuring Group Policy

70-290: MCSE Guide to Managing a Microsoft Windows Server 2003 Environment Chapter 1: Introduction to Windows Server 2003.

Exchange server Mail system Four components Mail user agent (MUA) to read and compose mail Mail transport agent (MTA) route messages Delivery agent.

70-293: MCSE Guide to Planning a Microsoft Windows Server 2003 Network, Enhanced Chapter 7: Planning a DNS Strategy.

Apache : Installation, Configuration, Basic Security Presented by, Sandeep K Thopucherela, ECE Department.

Introduction to UNIX Acknowledgement:Thanks to Dr Andrew Horner for the original version of this set of slides. All trademarks are the properties of their.

MCTS Guide to Microsoft Windows Server 2008 Network Infrastructure Configuration Chapter 11 Managing and Monitoring a Windows Server 2008 Network.

Hands-On Microsoft Windows Server Connecting Through Terminal Services Terminal server – Enables clients to run services and software applications.

Macintosh Configuration Management Will Jorgensen 1.

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

Module 16: Software Maintenance Using Windows Server Update Services.

Linux Operations and Administration

Ch 8-3 Working with domains and Active Directory.

LabMan Conference: June 8 & 9, 2010 Lauren Nicholas, Moravian College

Microsoft Windows 2003 Server. Client/Server Environment Many client computers connect to a server.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

BASIC NETWORK CONCEPTS (PART 6). Network Operating Systems NNow that you have a general idea of the network topologies, cable types, and network architectures,

Linux Operations and Administration

Fundamentals of Networking Discovery 1, Chapter 2 Operating Systems.

Chapter-4 Windows 2000 Professional Win2K Professional provides a very usable interface and was designed for use in the desktop PC. Microsoft server system.

Services and Disk Management. Default Services (some) Alerter ClipBook Server Computer Browser DNS Client Event Log Messenger Net Logon Network DDE Network.

Hands-On Microsoft Windows Server 2008 Chapter 1 Introduction to Windows Server 2008.

Module 4: Add Client Computers and Devices to the Network.

PPD Computing “Business Continuity” Windows and Mac Kevin Dunford May 17 th 2012.

Configuration Management with Cfengine Steven Kreuzer NYC BSD Users Group July 2008.

11 SECURITY TEMPLATES AND PLANNING Chapter 7. Chapter 7: SECURITY TEMPLATES AND PLANNING2 OVERVIEW  Understand the uses of security templates  Explain.

Chapter 9: Novell NetWare

Module 13: Maintaining Software by Using Windows Server Update Services.

Robert Fourer, Jun Ma, Kipp Martin Copyright 2006 An Enterprise Computational System Built on the Optimization Services (OS) Framework and Standards Jun.

Eric Holtel.  Introduction  Project Description  Demonstration  Deliverables  Conclusion.

SMS 2003 Deployment and Managing Windows Security Rafal Otto Internet Services Group Department of Information Technology CERN 26 May 2016.

Kevin Dunford – Windows Support & Development What do I do.. Support, configuration, and development of - Windows servers, desktops, Laptops, printers,

BZUPAGES.COM. What is a VPN VPN is an acronym for Virtual Private Network. A VPN provides an encrypted and secure connection "tunnel" path from a user's.

Computer Emergency Notification System (CENS)

Module 7: Managing the User Environment by Using Group Policy.

ICT development office ICT research, planning and training dept. Network development and administration dept. System development and operation dept. President.

Computer Systems Lab The University of Wisconsin - Madison Department of Computer Sciences Linux Clusters David Thompson

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Change and Configuration Management.

Planning a Microsoft Windows 2000 Administrative Structure Designing default administrative group membership Designing custom administrative groups local.

Lieberman Software Random Password Manager & Two-Factor Authentication.

The BioBox Initiative: Bio-ClusterGrid Maddie Wong Technical Marketing Engineer Sun APSTC – Asia Pacific Science & Technology Center.

Jefferson Lab Site Report Sandy Philpott Thomas Jefferson National Accelerator Facility Newport News, Virginia USA

Networking in Linux. ♦ Introduction A computer network is defined as a number of systems that are connected to each other and exchange information across.

Member: Wei-Jie Hsiao 、 Hui-Hsiung Chung Advisor: Quicy Wu Date: Mar.23 1.

General rules 1. Rule: 2. Rule: 3. Rule: 10. Rule: Ask questions ……………………. 11. Rule: I do not know your skill. If I tell you things you know, please stop.

CIT 470: Advanced Network and System AdministrationSlide #1 CIT 470: Advanced Network and System Administration Change and Configuration Management.

Core 3: Communication Systems. Network software includes the Network Operating Software (NOS) and also network based applications such as those running.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Configuring and Troubleshooting Identity and Access Solutions with Windows Server® 2008 Active Directory®

Administering Microsoft Windows Server 2003 Chapter 2.

Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Mike Memory.

Linux Operations and Administration

Creating and Managing Networks CSC February, 1999.

Planning Server Deployments Chapter 1. Server Deployment When planning a server deployment for a large enterprise network, the operating system edition.

Packaging and Deploying Windows Applications

Integrating ArcSight with Enterprise Ticketing Systems

NTP, Syslog & Secure Shell

SUBMITTED BY: NAIMISHYA ATRI(7TH SEM) IT BRANCH

TYPES OF SERVER. TYPES OF SERVER What is a server.

CIT 470: Advanced Network and System Administration

Printer Admin Print Job Manager

Utilize Group Policy Terminal Server Settings

IS3440 Linux Security Unit 9 Linux System Logging and Monitoring

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

LO3 – Understand Business IT Systems

Presentation transcript:

Cyber Security Review, April 23-24, 2002, 0 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility JLab David J. Bianco

Cyber Security Review, April 23-24, 2002, 1 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Table of Contents Introduction JLab’s Environment What is cfengine? JLab’s cfengine architecture JLab templates Summary Questions

Cyber Security Review, April 23-24, 2002, 2 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility JLab’s Unix Environment ~90 central computing Unix servers (Linux, Solaris, HP) General computing resources, web, , etc. ~50 CAD nodes (HP) ~185 compute farm nodes (Linux) A large number of user-managed Unix workstations (mostly Linux)

Cyber Security Review, April 23-24, 2002, 3 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility JLab’s Unix Environment The lab’s Unix admin staff is just 6 people. Changes are made to these machines all the time As with any environment, proper communication & documentation can be a problem Once a problem is fixed… will it remain fixed? Several recent incidents have underscored the need for proper configuration management In January 2002, JLab started looking into cfengine to help solve these problems

Cyber Security Review, April 23-24, 2002, 4 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility What is cfengine? Stands for “Configuration Engine” Policy driven configuration management for a network of machines Open source Unix & NT/2000 Mostly Unix, though

Cyber Security Review, April 23-24, 2002, 5 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility What is cfengine? Developed by Mark Oslo University College in 1993 Used on an estimated 100,000 nodes worldwide Currently in version 2.0

Cyber Security Review, April 23-24, 2002, 6 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility What is cfengine? Three main parts cfagent Network services Declarative configuration templates Optional anomaly detection service

Cyber Security Review, April 23-24, 2002, 7 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility JLab’s cfengine Architecture Cfengine Unix Clients (Desktops & Servers) Cfengine master server Configuration Database Critical File Database

Cyber Security Review, April 23-24, 2002, 8 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility JLab’s cfengine Architecture Cfengine master server contains Cfengine binaries for all platforms ‘All configuration templates Master copies of critical system/software configuration files Cfengine clients contain Local copies of their own binaries A complete copy of the configuration templates

Cyber Security Review, April 23-24, 2002, 9 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility JLab’s cfengine Architecture Clients use crontab to run “cfexecd –F” every 30 minutes Wrapper to run cfagent and any output to the system administrator “splay time” keeps all client from overloading the master at once Cfagent automatically copies updated binaries and config templates from master Most configuration checks are performed during each run Expensive checks (file sweeps) performed only during the midnight run

Cyber Security Review, April 23-24, 2002, 10 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility JLab’s cfengine Architecture Administrator can also run cfengine manually Local root user (on a single client): cfagent (local root user) Cfengine admin (remotely from the master): cfrun

Cyber Security Review, April 23-24, 2002, 11 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Installing cfengine on a host Starting cfengine installation for Tue Mar 5 09:08:42 EST 2002 Installation host is: SunOS Generating keypair... DONE Exchanging keypairs... Running cfagent for the first time... cfengine:sysdevs1: Update of image /home/janed/.ssh/authorized_keys from master /local/cfengine/REPOSITORY/common/home/janed/.ssh/authorized_keys on cfm.jlab.org [Additonal config output] Run /local/cfengine/bin/cfinstall as root Log is /tmp/cfinstall-

Cyber Security Review, April 23-24, 2002, 12 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Summary JLab uses cfengine 2.0 to manage configuration on a network of hundreds of Unix hosts The configuration master contains full copies of all configuration binaries, templates and important system files All network connections are encrypted and mutually authenticated The template files are modular, enabling us to pick and choose among the pieces we run for a particular host

Cyber Security Review, April 23-24, 2002, 13 Operated by the Southeastern Universities Research Association for the U.S. Depart. Of Energy Thomas Jefferson National Accelerator Facility Questions? David J. Bianco