Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Essentials for Fermilab System Administrators.

Published byFrank Lionel Hutchinson Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Essentials for Fermilab System Administrators."— Presentation transcript:

1 Security Essentials for Fermilab System Administrators

2 Why Computer Security? Civilization is Risk. -- Not Big Brother Civilization is Risk. -- Not Big Brother November 6, 2012Security Essentials for Fermilab System Administrators2

3 Why Computer Security? Civilization is Risky. Civilization is Risky. November 6, 2012Security Essentials for Fermilab System Administrators3

4 Dealing With Risk Recognize | Reduce | Recover November 6, 2012Security Essentials for Fermilab System Administrators4

5 Organization CIO: Vicky White CISO: Irwin Gaines FCSC: Joe Klemencic FIR: The Computer Security Team Division & Sector Coordinators CIO: Vicky White CISO: Irwin Gaines FCSC: Joe Klemencic FIR: The Computer Security Team Division & Sector Coordinators November 6, 2012Security Essentials for Fermilab System Administrators5

6 Recognizing Risks High Bandwidth Enormous Storage Posh.gov Location Nothing Marketable High Bandwidth Enormous Storage Posh.gov Location Nothing Marketable November 6, 2012Security Essentials for Fermilab System Administrators6

7 Recognizing Risks High Bandwidth Enormous Storage Posh.gov Location Nothing Marketable* High Bandwidth Enormous Storage Posh.gov Location Nothing Marketable* November 6, 2012Security Essentials for Fermilab System Administrators7

8 Recognizing Risks IP & warez SPAM Malware Botnets DDoS attacks IP & warez SPAM Malware Botnets DDoS attacks November 6, 2012Security Essentials for Fermilab System Administrators8

9 Recognizing Risks Stolen Credentials Destruction Of Data Waste Of Bandwidth Waste Of Time Frustration Stolen Credentials Destruction Of Data Waste Of Bandwidth Waste Of Time Frustration November 6, 2012Security Essentials for Fermilab System Administrators9

10 Recognizing Risks Default root/admin privs Visiting malicious sites Watering Hole infections Visitor systems Promiscuous USB sharing Lack of gruntlement Default root/admin privs Visiting malicious sites Watering Hole infections Visitor systems Promiscuous USB sharing Lack of gruntlement November 6, 2012Security Essentials for Fermilab System Administrators10

11 Recent News Stuxnet/Duqu/Flame Flashback/SabPub Trojan-Downloader:Java/GetShell.A Stuxnet/Duqu/Flame Flashback/SabPub Trojan-Downloader:Java/GetShell.A November 6, 2012Security Essentials for Fermilab System Administrators11

12 Critical Vulnerabilities 12/2011: telnetd remote code execution 03/2012: RDP vulnerability (MS12-020) 06/2012: Cumulative IE (MS012-037) 06/2012: CERN/FNAL Hypernews 10/2012: ColdFusion 12/2011: telnetd remote code execution 03/2012: RDP vulnerability (MS12-020) 06/2012: Cumulative IE (MS012-037) 06/2012: CERN/FNAL Hypernews 10/2012: ColdFusion November 6, 2012Security Essentials for Fermilab System Administrators12

13 TLAs for TCB: ISM? DID. Integrated Security Management (ISM) Defense In Depth (DID) Integrated Security Management (ISM) Defense In Depth (DID) November 6, 2012Security Essentials for Fermilab System Administrators13

14 Recognizing Risks: ISM Computer Security not an add-on Not "one size fits all" Largely common sense Computer Security not an add-on Not "one size fits all" Largely common sense November 6, 2012Security Essentials for Fermilab System Administrators14

15 DID: Perimeter Controls Protocols blocked at border Proxies Transient blocks Mail virus scanning Protocols blocked at border Proxies Transient blocks Mail virus scanning November 6, 2012Security Essentials for Fermilab System Administrators15

16 DID: Central Authentication Primary passwords off the net Single turn-off point No visible services w/o Strong Auth Lab systems scanned for compliance Primary passwords off the net Single turn-off point No visible services w/o Strong Auth Lab systems scanned for compliance November 6, 2012Security Essentials for Fermilab System Administrators16

17 DID: Services Accounts Unkerberizable: Service Now Kronos Exchange … Unkerberizable: Service Now Kronos Exchange … November 6, 2012Security Essentials for Fermilab System Administrators17

18 Major Applications Critical to the mission of the Laboratory Most things do not fall in this category Very stringent rules & procedures You'll know if you're in this category Critical to the mission of the Laboratory Most things do not fall in this category Very stringent rules & procedures You'll know if you're in this category November 6, 2012Security Essentials for Fermilab System Administrators18

19 Minor Applications Important to the mission of the Laboratory Most things do not fall in this category Stringent rules & procedures You'll know if you're in this category Important to the mission of the Laboratory Most things do not fall in this category Stringent rules & procedures You'll know if you're in this category November 6, 2012Security Essentials for Fermilab System Administrators19

20 Grid Security Training Grid SysAdmin GUMS/VOMS Admin Griddleware Developer Grid SysAdmin GUMS/VOMS Admin Griddleware Developer November 6, 2012Security Essentials for Fermilab System Administrators20 Security Essentials for Grid System Administrator Security Essentials for Grid System Administrator

21 Patch/Configuration Mgmt Baselines: Linux, Mac, Windows All systems must meet their baseline All systems must be regularly patched Non-essential services off Windows, especially, must run AV Baselines: Linux, Mac, Windows All systems must meet their baseline All systems must be regularly patched Non-essential services off Windows, especially, must run AV November 6, 2012Security Essentials for Fermilab System Administrators21

22 Patch/Configuration Mgmt Exceptions/Exemptions: Documented case why OS is "stuck" Patch and manage as securely Exceptions/Exemptions: Documented case why OS is "stuck" Patch and manage as securely November 6, 2012Security Essentials for Fermilab System Administrators22

23 Anti-Virus Windows & Mac Baselines Linux with Samba/CIFS Central Update Server & Logging Respond to alerts! Windows & Mac Baselines Linux with Samba/CIFS Central Update Server & Logging Respond to alerts! November 6, 2012Security Essentials for Fermilab System Administrators23

24 Central Logging Use clogger Attackers will sanitize local logs Aids forensic investigations Problems may get noticed earlier Use clogger Attackers will sanitize local logs Aids forensic investigations Problems may get noticed earlier November 6, 2012Security Essentials for Fermilab System Administrators24

25 Critical Vulnerabilities Active exploits declared critical Pose a clear and present danger Must patch by a given date or be blocked Handled via TIssue events Active exploits declared critical Pose a clear and present danger Must patch by a given date or be blocked Handled via TIssue events November 6, 2012Security Essentials for Fermilab System Administrators25

26 AV Alerts & Automatic Blocking Some bad viruses cause an immediate block May require a "Wipe & Reinstall" If not, a thorough scan is performed May be returned to service, if successful Inconvenience is unavoidable, alas Some bad viruses cause an immediate block May require a "Wipe & Reinstall" If not, a thorough scan is performed May be returned to service, if successful Inconvenience is unavoidable, alas November 6, 2012Security Essentials for Fermilab System Administrators26

27 Computer Security Incidents Report suspicious events to x2345 or Service Now > Security Incident Follow FIR instructions during incidents Keep infected machines off the network Preserve system for expert investigation Not to be discussed! Report suspicious events to x2345 or Service Now > Security Incident Follow FIR instructions during incidents Keep infected machines off the network Preserve system for expert investigation Not to be discussed! November 6, 2012Security Essentials for Fermilab System Administrators27

28 Fermi Incident Response (FIR) Triage initial reports Coordinate investigation Work with local Sysadmins, experts May take control of affected systems Maintain confidentiality Triage initial reports Coordinate investigation Work with local Sysadmins, experts May take control of affected systems Maintain confidentiality November 6, 2012Security Essentials for Fermilab System Administrators28

29 Prohibited Activities Blatant disregard of computer security Unauthorized or malicious actions Unethical behavior Restricted central services Security & cracker tools http://security.fnal.gov/policies/cpolicy.html Blatant disregard of computer security Unauthorized or malicious actions Unethical behavior Restricted central services Security & cracker tools http://security.fnal.gov/policies/cpolicy.html November 6, 2012Security Essentials for Fermilab System Administrators29

30 Mandatory Sysadmin Registration All Sysadmins must be registered Primary Sysadmin is responsible for configuring and patching http://security.fnal.gov -> "Verify your node registration" All Sysadmins must be registered Primary Sysadmin is responsible for configuring and patching http://security.fnal.gov -> "Verify your node registration" November 6, 2012Security Essentials for Fermilab System Administrators30

31 Sysadmins Get Risk-Roled System manager for security Assist and instruct users to do it right Vigilant observer of your systems (and sometimes users’) behavior System manager for security Assist and instruct users to do it right Vigilant observer of your systems (and sometimes users’) behavior November 6, 2012Security Essentials for Fermilab System Administrators31

32 Role of Sysadmins Manage your systems sensibly, securely Services comply with Strong Auth rules Report potential incidents to FIR Act on relevant bulletins Keep your eyes open Manage your systems sensibly, securely Services comply with Strong Auth rules Report potential incidents to FIR Act on relevant bulletins Keep your eyes open November 6, 2012Security Essentials for Fermilab System Administrators32

33 Protecting Your Systems Shut off unneeded services Set up needed services properly Set up a suitable firewall Keep informed & patched on OS issues Use clogger Shut off unneeded services Set up needed services properly Set up a suitable firewall Keep informed & patched on OS issues Use clogger November 6, 2012Security Essentials for Fermilab System Administrators33

34 Users: We Get Mail You haven’t won $10M Don’t open (most) attachments Best not to click links in mail Disable scripting for mail You haven’t won $10M Don’t open (most) attachments Best not to click links in mail Disable scripting for mail November 6, 2012Security Essentials for Fermilab System Administrators34

35 Users: We Get Mail Can you trust the (so-called) sender? Received: from [123.28.41.241] (unknown [123.28.41.241]) by hepa1.fnal.gov (Postfix) with ESMTP id 808F76F247 for ; Thu, 01 Apr 2010 09:41:02 -0500 (CDT) From: Wayne E Baisley To: Wayne E Baisley route: 123.28.32.0/19 descr: VietNam Post and Telecom Corporation (VNPT) address: Lo IIA Lang Quoc te Thang Long, Cau Giay, Ha Noi Can you trust the (so-called) sender? Received: from [123.28.41.241] (unknown [123.28.41.241]) by hepa1.fnal.gov (Postfix) with ESMTP id 808F76F247 for ; Thu, 01 Apr 2010 09:41:02 -0500 (CDT) From: Wayne E Baisley To: Wayne E Baisley route: 123.28.32.0/19 descr: VietNam Post and Telecom Corporation (VNPT) address: Lo IIA Lang Quoc te Thang Long, Cau Giay, Ha Noi November 6, 2012Security Essentials for Fermilab System Administrators35

36 Users: Pass the Word Use strong passwords Longer is better Use different passwords Or variants, at least Use strong passwords Longer is better Use different passwords Or variants, at least November 6, 2012Security Essentials for Fermilab System Administrators36

37 Other Duties As Assigned Guard against malicious web code Protect your Kerberos password Report possible security incidents to x2345 or Service Now > Security Incident Guard against malicious web code Protect your Kerberos password Report possible security incidents to x2345 or Service Now > Security Incident November 6, 2012Security Essentials for Fermilab System Administrators37

38 Data Backup Policy For Users Decide what data requires protection How to be recovered, if needed Arrange backups with Sysadmins Or do your own backups Occasionally test retrieval Decide what data requires protection How to be recovered, if needed Arrange backups with Sysadmins Or do your own backups Occasionally test retrieval November 6, 2012Security Essentials for Fermilab System Administrators38

39 The Incidental Computist Some non-Lab-business use is allowed: http://security.fnal.gov/ProperUse.htm (I prefer personal iPhone/iPad/Droid via an external network …) Some non-Lab-business use is allowed: http://security.fnal.gov/ProperUse.htm (I prefer personal iPhone/iPad/Droid via an external network …) November 6, 2012Security Essentials for Fermilab System Administrators39

40 Activities to Avoid Anything that: Is illegal Is prohibited by Lab/DOE policy May embarrass the Lab Interferes with job performance Consumes excessive resources Anything that: Is illegal Is prohibited by Lab/DOE policy May embarrass the Lab Interferes with job performance Consumes excessive resources November 6, 2012Security Essentials for Fermilab System Administrators40

41 Activities to Avoid Services like Skype and BitTorrent not forbidden but very easy to misuse! Services like Skype and BitTorrent not forbidden but very easy to misuse! November 6, 2012Security Essentials for Fermilab System Administrators41

42 Data Privacy Generally, Fermilab respects privacy You are required to do likewise Special cases for Sysadmins during Security Incidents Or written Directorate approval Generally, Fermilab respects privacy You are required to do likewise Special cases for Sysadmins during Security Incidents Or written Directorate approval November 6, 2012Security Essentials for Fermilab System Administrators42

43 Privacy of Email and Files May not use information in another person’s files seen incidental to any activity (legitimate or not) for any purpose w/o explicit permission of the owner or "reasonable belief the file was meant to be accessed by others." May not use information in another person’s files seen incidental to any activity (legitimate or not) for any purpose w/o explicit permission of the owner or "reasonable belief the file was meant to be accessed by others." November 6, 2012Security Essentials for Fermilab System Administrators43

44 Offensive Materials Material on computer ≈ Material on desk A line management concern Not a computer security issue per se Material on computer ≈ Material on desk A line management concern Not a computer security issue per se November 6, 2012Security Essentials for Fermilab System Administrators44

45 Software Licensing Fermilab is strongly committed to respecting intellectual property rights. Use of unlicensed commercial software is a direct violation of lab policy. Fermilab is strongly committed to respecting intellectual property rights. Use of unlicensed commercial software is a direct violation of lab policy. November 6, 2012Security Essentials for Fermilab System Administrators45

46 Summary: User Responsibilities Appropriate use of computing resources Prompt incident reporting Proper PII handling (separate training) Know how your data is backed up Respect privacy of electronic information Appropriate use of computing resources Prompt incident reporting Proper PII handling (separate training) Know how your data is backed up Respect privacy of electronic information November 6, 2012Security Essentials for Fermilab System Administrators46

47 Summary: Admin Responsibilities System registration AV, patching, configuration mgmt Strong Authentication access control No restricted services (email, dns, etc.) System registration AV, patching, configuration mgmt Strong Authentication access control No restricted services (email, dns, etc.) November 6, 2012Security Essentials for Fermilab System Administrators47

48 Questions? nightwatch@fnal.gov for questions about security policy computer_security@fnal.gov questions about security incidents http://security.fnal.gov/ nightwatch@fnal.gov for questions about security policy computer_security@fnal.gov questions about security incidents http://security.fnal.gov/ November 6, 2012Security Essentials for Fermilab System Administrators48

49 Security Essentials for Fermilab System Administrators

Download ppt "Security Essentials for Fermilab System Administrators."

Similar presentations

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.
Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.

Online Banking Fraud Prevention Recommendations and Best Practices This document provides you with fraud prevention best practices that every employee.
Basic Computer Security. Outline F Why Computer Security F Fermilab Strategy: –Integrated Computer Security –Defense in Depth F Your role and responsibilities.

Basic Computer Security. Outline F Why Computer Security F Fermilab Strategy: –Integrated Computer Security –Defense in Depth F Your role and responsibilities.
Computer Viruses.

Computer Viruses.
Basic Computer Security. Outline F Why Computer Security F Fermilab Strategy: –Integrated Computer Security –Defense in Depth F Your role and responsibilities.

Basic Computer Security. Outline F Why Computer Security F Fermilab Strategy: –Integrated Computer Security –Defense in Depth F Your role and responsibilities.
Security Essentials for Fermilab System Administrators.

Security Essentials for Fermilab System Administrators.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Security Essentials for Desktop System Administrors.

Security Essentials for Desktop System Administrors.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.

Security Awareness: Applying Practical Security in Your World Chapter 6: Total Security.
EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.

EMU/ICT Incident Response Team Firewall Access Session Presenter: IRT TEAM Member.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

Firewall 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.

GET CONTROL! Avoid The Headache… Five Simple Steps to a Safer Computer – NUIT Tech Talk.
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.

Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
APA of Isfahan University of Technology In the name of God.

APA of Isfahan University of Technology In the name of God.

Similar presentations

Ads by Google