Presentation is loading. Please wait.

Presentation is loading. Please wait.

Active Security Infrastructure Stuart Kenny Trinity College Dublin.

Published byEvan Harris Modified over 9 years ago

Similar presentations

Presentation on theme: "Active Security Infrastructure Stuart Kenny Trinity College Dublin."— Presentation transcript:

1 Active Security Infrastructure Stuart Kenny Trinity College Dublin

2 Active Security Building on concepts investigated during CrossGrid project (2002-2005) and Int.Eu.Grid (2006-2008) Existing Grid security activities focused on prevention –Authentication, authorization Active security focused on –Detection –Reaction 3 components –Security monitoring –Alert Analysis –Control Engine

3 Active Security Infrastructure

4 Security Monitoring (Site Level) Monitors state of security of a site Reports detected security events to security alert archive Monitoring performed by ‘R-GMA enabled’ security tools –Snort –Prelude-LML –Rkhunter Extensible –Easy inclusion of additional tools, e.g., Tripwire

5 Alert Analysis (Management Level) Filter and analyse alerts contained in alert archive –Detect patterns that signify attempted attack Attempts to join alerts into high-level attack scenarios Output –Correlated high-priority Grid alert –New Grid policy Define actions to be taken in response to security event Extensible –Define additional ‘attack scenarios’ and base policies

6 Control Engine (Site Level) Input: –Grid policies generated by analysis component Site Policy Decision Point –Evaluates requests for guidance from service agents –Decision based on applicable policies Decision contains action to be taken to mitigate risk of possible security incident Extensible –Provision of service agents or plug-ins Pull

7 Control Engine (Site Level) Active Plug-in –Simple plug-in interface –Plug-ins invoked on policy update –Evaluate plug-in request against updated policy set –User defined code handles response and enforces obligations Grid-Ireland example –Grid4C iptables management endpoint –Dynamic host blocking Push

8 Grid-Ireland Deployment Grid-Ireland Gateway –Point-of-presence at 18 institutions –Homogenous set of hardware and software –Centrally managed by Grid Operations Centre (OpsCentre) at TCD ASI deployment –Security monitoring installed on gateways at 10 of 18 sites –Analysis component hosted at OpsCentre –Continuously monitoring infrastructure since June 2008

9 Grid-Ireland Deployment

10

11 Analyzer Scenarios: Job Monitoring Scenario models attack as series of state changes –Models states job passes through once submitted to a site –State changes triggered by published alerts Prelude LML and PBS scripts –Can be used as basis for ‘higher-level’ scenarios E.g., job executing restricted command

12 Analyzer Scenarios: Job Monitoring

13

14

15 Future Work Correlation –Prelude correlation engine LUA rules based Messaging –ActiveMQ Additional scenarios Control Engine –Implement agents and deploy

16 Questions?

Download ppt "Active Security Infrastructure Stuart Kenny Trinity College Dublin."

Similar presentations

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (http://lead.ou.edu)

LEAD Portal: a TeraGrid Gateway and Application Service Architecture Marcus Christie and Suresh Marru Indiana University LEAD Project (
Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.

1 Chapter 7 Intrusion Detection. 2 Objectives In this chapter, you will: Understand intrusion detection benefits and problems Learn about network intrusion.
1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.

1 Security on OpenStack 11/7/2013 Brian Chong – Global Technology Strategist.
Dr Gordon Russell, Napier University Unit 5.3 - Data Dictionary 1 Data Dictionary Unit 5.3.

Dr Gordon Russell, Napier University Unit Data Dictionary 1 Data Dictionary Unit 5.3.
HEAnet Conference 2006 John Walsh Grid-Ireland Grid Manager Trinity College Dublin The Grid Computing Infrastructure in Ireland and Abroad.

HEAnet Conference 2006 John Walsh Grid-Ireland Grid Manager Trinity College Dublin The Grid Computing Infrastructure in Ireland and Abroad.
Data Security in Local Networks using Distributed Firewalls

Data Security in Local Networks using Distributed Firewalls
Www.BeyondSecurity.comwww.SecurITeam.com Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.

Beyond Security Ltd. Port Knocking Beyond Security Noam Rathaus CTO Sunday, July 11, 2004 Presentation on.
Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.

Chapter 8 Information Systems Controls for System Reliability— Part 1: Information Security Copyright © 2012 Pearson Education, Inc. publishing as Prentice.
Department of Computer Science 1 CSS 496 Business Process Re-engineering for BS(CS)

Department of Computer Science 1 CSS 496 Business Process Re-engineering for BS(CS)
INTRUSION DETECTION SYSTEM

INTRUSION DETECTION SYSTEM
Resource Management Reading: “A Resource Management Architecture for Metacomputing Systems”

Resource Management Reading: “A Resource Management Architecture for Metacomputing Systems”
Norman SecureSurf Protect your users when surfing the Internet.

Norman SecureSurf Protect your users when surfing the Internet.
Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,

Auditing for Security Management By Cyril Onwubiko Network Security Analyst at COLT Telecom Invited Guest Lecture delivered at London Metropolitan University,
Penetration Testing Security Analysis and Advanced Tools: Snort.

Penetration Testing Security Analysis and Advanced Tools: Snort.
A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis

A Policy-based Approach to Wireless LAN Security Management George Lapiotis, Byungsuk Kim, Subir Das, Farooq Anjum Speaker: George Lapiotis
1 Autonomic Computing An Introduction Guenter Kickinger.

1 Autonomic Computing An Introduction Guenter Kickinger.
© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.

© 2001 Carnegie Mellon University S8A-1 OCTAVE SM Process 8 Develop Protection Strategy Workshop A: Protection Strategy Development Software Engineering.
GDT V5 Web Services. GDT V5 Web Services Doug Evans and Detlef Lexut GDT 2008 International User Conference August 10 – 13  Lake Las Vegas, Nevada GDT.

GDT V5 Web Services. GDT V5 Web Services Doug Evans and Detlef Lexut GDT 2008 International User Conference August 10 – 13  Lake Las Vegas, Nevada GDT.
Dynamic Firewalls and Service Deployment Models for Grid Environments Gian Luca Volpato, Christian Grimm RRZN – Leibniz Universität Hannover Cracow Grid.

Dynamic Firewalls and Service Deployment Models for Grid Environments Gian Luca Volpato, Christian Grimm RRZN – Leibniz Universität Hannover Cracow Grid.

Similar presentations

Ads by Google