An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin.

Slides:

Advertisements

Similar presentations

Intrusion Detection Systems (I) CS 6262 Fall 02. Definitions Intrusion Intrusion A set of actions aimed to compromise the security goals, namely A set.

Advertisements

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (

Author - Title- Date - n° 1 GDMP The European DataGrid Project Team

5.1 Overview of Network Access Protection What is Network Access Protection NAP Scenarios NAP Enforcement Methods NAP Platform Architecture NAP Architecture.

Remote Desktop Services

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

A Computation Management Agent for Multi-Institutional Grids

Network Isolation Using Group Policy and IPSec Paula Kiernan Senior Consultant Ward Solutions.

Fundamentals of Computer Security Geetika Sharma Fall 2008.

HEAnet Conference 2006 John Walsh Grid-Ireland Grid Manager Trinity College Dublin The Grid Computing Infrastructure in Ireland and Abroad.

1 Software & Grid Middleware for Tier 2 Centers Rob Gardner Indiana University DOE/NSF Review of U.S. ATLAS and CMS Computing Projects Brookhaven National.

Lesson 13-Intrusion Detection. Overview Define the types of Intrusion Detection Systems (IDS). Set up an IDS. Manage an IDS. Understand intrusion prevention.

Tools and Services for the Long Term Preservation and Access of Digital Archives Joseph JaJa, Mike Smorul, and Sangchul Song Institute for Advanced Computer.

Security Engineering II. Problem Sources 1.Requirements definitions, omissions, and mistakes 2.System design flaws 3.Hardware implementation flaws, such.

FI-WARE – Future Internet Core Platform FI-WARE Security July 2011 High-level Description.

Lecture 11 Reliability and Security in IT infrastructure.

Workload Management Massimo Sgaravatto INFN Padova.

Sept 27 th – 29 th, 2002Linz 2002, Task Task 3.3 Grid Monitoring Subtask SANTA-G Brian Coghlan, Stuart Kenny Trinity College Dublin.

seminar on Intrusion detection system

Intrusion Detection Systems. Definitions Intrusion –A set of actions aimed to compromise the security goals, namely Integrity, confidentiality, or availability,

Intrusion Detection System Marmagna Desai [ 520 Presentation]

Intrusion Detection Systems Present by Ali Fanian In the Name of Allah.

Active Security Infrastructure Stuart Kenny Trinity College Dublin.

1 Autonomic Computing An Introduction Guenter Kickinger.

CERN - IT Department CH-1211 Genève 23 Switzerland t Monitoring the ATLAS Distributed Data Management System Ricardo Rocha (CERN) on behalf.

TeraGrid Science Gateways: Scaling TeraGrid Access Aaron Shelmire¹, Jim Basney², Jim Marsteller¹, Von Welch²,

SOS EGEE ‘06 GGF Security Auditing Service: Draft Architecture Brian Tierney Dan Gunter Lawrence Berkeley National Laboratory Marty Humphrey University.

SALSA-NetAuth Joint Techs Vancouver, BC July 2005.

OV Copyright © 2013 Logical Operations, Inc. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

1 School of Computer, National University of Defense Technology A Profile on the Grid Data Engine (GridDaEn) Xiao Nong

Module 10: Monitoring ISA Server Overview Monitoring Overview Configuring Alerts Configuring Session Monitoring Configuring Logging Configuring.

OV Copyright © 2011 Element K Content LLC. All rights reserved. Network Security  Network Perimeter Security  Intrusion Detection and Prevention.

Grid Security Issues Shelestov Andrii Space Research Institute NASU-NSAU, Ukraine.

Intrusion Detection Prepared by: Mohammed Hussein Supervised by: Dr. Lo’ai Tawalbeh NYIT- winter 2007.

Event Management & ITIL V3

Network and Perimeter Security Paula Kiernan Senior Consultant Ward Solutions.

Interception and Analysis Framework for Win32 Scripts (not for public release) Tim Hollebeek, Ph.D.

Jeremy Kackley, James Jacobs, Paulus Wahjudi and Jean Gourd.

1 CERN’s Computer Security Challenges Denise Heagerty CERN Computer Security Officer Openlab Security Workshop, 27 Apr 2004.

Supporting further and higher education The Akenti Authorisation System Alan Robiette, JISC Development Group.

Framework for MDO Studies Amitay Isaacs Center for Aerospace System Design and Engineering IIT Bombay.

Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Trinity College Dublin.

S E C U R E C O M P U T I N G Not For Public Release 1 Intrusion Tolerant Server Infrastructure Dick O’Brien OASIS PI Meeting July 25, 2001.

INFSO-RI Enabling Grids for E-sciencE EGEE is a project funded by the European Union under contract INFSO-RI Grid Accounting.

A Data Stream Publish/Subscribe Architecture with Self-adapting Queries Alasdair J G Gray and Werner Nutt School of Mathematical and Computer Sciences,

1 Service Creation, Advertisement and Discovery Including caCORE SDK and ISO21090 William Stephens Operations Manager caGrid Knowledge Center February.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

Vendor Management from a Vendor’s Perspective. Agenda Regulatory Updates and Trends Examiner Trends Technology and Solution Trends Common Issues and Misconceptions.

1 Flexible, High-Speed Intrusion Detection Using Bro Vern Paxson Computational Research Division Lawrence Berkeley National Laboratory and ICSI Center.

Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.

Computer Security By Duncan Hall.

INFSO-RI Enabling Grids for E-sciencE Grid-wide Intrusion Detection Stuart Kenny*, Brian Coghlan Dept. of Computer Science Trinity.

WebWatcher A Lightweight Tool for Analyzing Web Server Logs Hervé DEBAR IBM Zurich Research Laboratory Global Security Analysis Laboratory

Globus: A Report. Introduction What is Globus? Need for Globus. Goal of Globus Approach used by Globus: –Develop High level tools and basic technologies.

LSF Universus By Robert Stober Systems Engineer Platform Computing, Inc.

The Gateway Computational Web Portal Marlon Pierce Indiana University March 15, 2002.

Role Of Network IDS in Network Perimeter Defense.

TCD Site Report Stuart Kenny*, Stephen Childs, Brian Coghlan, Geoff Quigley.

Grid Execution Management for Legacy Code Architecture Exposing legacy applications as Grid services: the GEMLCA approach Centre.

© ITT Educational Services, Inc. All rights reserved. IS3220 Information Technology Infrastructure Security Unit 10 Network Security Management.

Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –

INTRODUCTION TO XSEDE. INTRODUCTION  Extreme Science and Engineering Discovery Environment (XSEDE)  “most advanced, powerful, and robust collection.

SIEM Rotem Mesika System security engineering

IBM Workload Scheduler 2015 Take the Complexity Out of Workload Automation, while Keeping the Technology Up-to-Date IEM fixlets and Centralized Agent Update.

Managing Secure Network Systems

Security Methods and Practice CET4884

Joseph JaJa, Mike Smorul, and Sangchul Song

Red Flags Rule An Introduction County College of Morris

Shifting from “Incident” to “Continuous” Response

Intrusion Detection system

Presentation transcript:

An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin

Overview Grid-Ireland security monitoring Infrastructure Analysis Future work

Grid-Ireland Security Monitoring Grid-Ireland Gateway –Point-of-presence at 18 institutions –Centrally managed by Grid Operations Centre (OpsCentre) at TCD Track overall state of security of infrastructure Existing Grid security activities focused on prevention –Authentication, authorization Active security focused on –Detection –Reaction Communication via Grid monitoring system: –R-GMA

Monitoring Why do we need detection –Grid only as strong as weakest link No knowledge of state of security of sites –Security Service Challenge level 1 debriefing report Sites not responding due to –Security contact list not up to date –Security contact was overloaded –Security contact did not understand alert –Security contact had not received guidance Retention period for log files not sufficiently long Complexity of analysing log files Active Response –“5 pillars of cybersecurity” (iSGTW 09 April 2008) Can never produce 100% secure general purpose computing system Speed of attack and ensuing spread of system damage is more rapid than a human can manage or mitigate

Security Monitoring (Site Level) Monitors state of security of a site Reports detected security events to security alert archive Monitoring performed by ‘R- GMA enabled’ security tools –Snort –Prelude-LML Extensible –Easy inclusion of additional tools, e.g., Tripwire R-GMA –Relational model –Soft state registration and discovery –Fault tolerance and load balancing –Information security

Grid-Ireland Deployment

Alert Analysis (Management Level) Filter and analyse alerts contained in alert archive –Detect patterns that signify attempted attack Attempts to join alerts into high-level attack scenarios Output –Correlated high-priority Grid alert –New Grid policy Define actions to be taken in response to security event Extensible –Define additional ‘attack scenarios’ and base policies

Control Engine (Site Level) Input: –Grid policies generated by analysis component Site Policy Decision Point –Evaluates requests for guidance from service agents –Decision based on applicable policies Decision contains action to be taken to mitigate risk of possible security incident Active Plug-in –Plug-ins invoked on policy update –User defined code handles response and enforces obligations Pull Push

Analyzer Scenarios: Job Monitoring Scenario models attack as series of state changes –Models states job passes through once submitted to a site –State changes triggered by published alerts Prelude LML and PBS scripts –Can be used as basis for ‘higher-level’ scenarios E.g., job executing restricted command This is effectively Grid user tracing

Analyzer Scenarios: Job Monitoring

Future work Detection –How to detect ‘Grid-attacks’ Mostly compromised hosts –Need new sensors Correlation approach –Need to evaluate more techniques Pre-requisite, consequences Probabilistic How to define scenarios –Automated approach? Control –Integrate with existing control mechanisms?