Download - NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center [email protected]
![Page 1: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/1.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure NPACI: National Partnership for Advanced Computational Infrastructure
NPACI/SDSC Security Activities
Tom Perrine
San Diego Supercomputer Center
![Page 2: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/2.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
2
My Goal is...
• to convince you that – you need to care about security– security is the core service that enables all other
services
• to explain what we are doing to protect our users
• to help you learn to protect yourself
![Page 3: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/3.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
3
NPACI Incident Response
• users report to local security activity (if any)
• users may report directly to UTexas or SDSC (7x24 coverage)
• NPACI security contacts at security.sdsc.edu
![Page 4: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/4.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
4
NPACI: National Partnership for Advanced Computational Infrastructure
SDSC Security Activities
• Research - PICS
• Operational - Security Technologies
• Awareness, education, partnerships
![Page 5: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/5.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
5
NPACI: National Partnership for Advanced Computational Infrastructure
Pacific Institute for Computer Security (PICS)
• funded directed research
• complementary to SecTech, CERT, COAST, vendors
• multi-year program
• looking at (designing!) next years threats
![Page 6: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/6.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
6
NPACI: National Partnership for Advanced Computational Infrastructure
Security Technologies (SecTech)
• operational day-to-day security
• network and host monitoring
• policies, standards, guidelines, procedures
• consult to system administrators
• testbed for PICS tools
![Page 7: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/7.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
7
NPACI: National Partnership for Advanced Computational Infrastructure
Partnerships
• San Diego Regional Information Watch (SDRIW)
• High Tech Criminal Investigation Association (HTCIA)
• NPACI
• UCSD Network Operations
• DoD HPC Modernization Office
![Page 8: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/8.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
8
NPACI: National Partnership for Advanced Computational Infrastructure
Our Security Goals
• safe, but otherwise as open as possible
• low cost to recover from incidents
• “It’s not our (only) job.”
• protect our computing infrastructure and our customers
• be a security asset to the Internet community
![Page 9: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/9.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
9
The Threat
• threats at differing levels of sophistication
• lots of “ankle-biters”, mostly harmless to us
• fewer, but more sophisticated
• very few, but extremely dangerous
• they exploit the tool “food chain”
![Page 10: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/10.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
10
Very!!
Moderate
sophistication
"script or browser users"
hundreds
tens of thousands
"millions"
population
Threat Pyramid
“aggressive” thousands
![Page 11: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/11.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
11
most sophisticated cracker
average system administrator
Sophistication Trends
![Page 12: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/12.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
12
Sample of Incidents
• East Coast University
• Web Servers
• Denial of Service
• DoD “joy riders”
• Theft of intellectual property
• university web site defaced with porn
![Page 13: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/13.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
13
East Coast University
• hundreds of hosts
• tens of groups of intruders
• “wars” over parts of the campus nets
• took months to clean up
![Page 14: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/14.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
14
Denial of Service
• “smurf”, “flood”, “teardrop”, etc.
• can cause DoS to large networks with a PC and a modem
• common as dirt
• very hard to trace
![Page 15: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/15.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
15
DoD “joy riders”
• two California teens
• dozens of DoD sites (and .COMs and .EDUs)
• could have unintentionally masked more serious efforts
• we were lucky
![Page 16: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/16.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
16
Theft of PhD work
• northern California
• PhD thesis notes stolen and accepted for publication in journal by someone else
• never proven - suspected stolen from public file server
• a different University has ID’ed theft of work as primary security concern
![Page 17: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/17.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
17
Funded work stolen and patented
• industry-funded research at a .EDU stolen/copied
• patents filed by funding company’s competitor
• grant not renewed
![Page 18: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/18.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
18
Phantom Menace and The Matrix
• illegal copies found on university computers
• advertised on web for sale
• university served with court orders
![Page 19: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/19.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
19
University Web Site defaced with porn
• research group’s web and FTP site taken over and used to distribute pornography
• massive embarrassment
• also held stolen software, could have cost $$$ from SPA
![Page 20: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/20.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
20
Current events (since 1 June)• 2 intrusions at SDSC
– password sniffed at remote site
• 60+ probes/sweeps at SDSC
• 5+ intrusions at UCSD
• 297 web site defacements– 6 .MIL– 33 .EDU– 6 NASA– 25 other .GOV
![Page 21: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/21.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
21
Security Policy
• protect users - data, proprietary information, privacy
• protect infrastructure
• enable new ways to use resources (safely)
• avoid service interruptions
• prevent unauthorized use and abuse of resources
![Page 22: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/22.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
22
User Authentication
• “be liberal in what you accept”
• support as many authentication schemes as we can afford
• end goal - no plain-text passwords for any service
![Page 23: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/23.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
23
Supported Authentication Mechanisms
• Kerberos Version 5
• Secure Shell (SSH)
• SSL+LDAP for HTTP - integrate w/K5 when practical
• SecureNetKey (SNK) tokens
• S/Key
• plain text passwords - GONE!
![Page 24: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/24.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
24
Host/network monitoring• TCP wrappers installed on ALL UNIX hosts
• PICS research network monitors on DMZ network
• centralized logging of all UNIX hosts, NT in progress
• PICS/SecTech log analysis - 1.1 million records/day (6/29/1999)
![Page 25: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/25.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
25
Why you should protect yourself
• you have things of value– intellectual property– reputation– personal privacy
• “privacy act data”/”medical records data”
• possible loss of $$$ sponsorship
![Page 26: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/26.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
26
How you can protect yourself
• insist on secure services
• encryption is Good (https, imaps, SSH, Kerberos)
• install SSH and use it
• turn off TELNET and FTP
![Page 27: NPACI/SDSC Security Activities Tom Perrine San Diego Supercomputer Center tep@sdsc.edu](https://reader030.vdocument.in/reader030/viewer/2022033107/56649eab5503460f94bb08a5/html5/thumbnails/27.jpg)
NPACI: National Partnership for Advanced Computational Infrastructure
27
References
• http://security.sdsc.edu
• http://www.sdriw.org
• http://sd-htcia.com
• http://www-no.ucsd.edu