Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.
-
Upload
walker-newey -
Category
Documents
-
view
212 -
download
0
Transcript of Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC.
Security in the NT Environment at SLAC
HEPNT at CERNDecember 4, 1998
Bob Cowles, SLAC
12/04/98 Bob Cowles - SLAC 2
Background
• Over 3000 hosts respond to ping– 1200 over NT machines– 800 over Unix machines
• Business Services Division– PeopleSoft Financials & Human Resources– WinNT workstations; Oracle DB on Unix
• 150 W/S in central offices
• 50 W/S in departments distributed around Lab
12/04/98 Bob Cowles - SLAC 3
Crisis -> Response
• Serious intrusion in June 1998– Over 20 Unix hosts compromised (root)– Over 40 user accounts used
• Response– Cut off from Internet for a week– Changed all passwords– Applied deferred security patches– Increased packet filtering
12/04/98 Bob Cowles - SLAC 4
Challenge - Priorities
• Prevent unauthorized access to business systems and confidential data
• Protect accelerator control systems
• Protect physics data and programs
12/04/98 Bob Cowles - SLAC 5
Challenge - Constraints
• Implement security measures consistent with the research mission– Open– Collaborative
• Credible response to vulnerabilities– Password compromise– Local admin & PC mode of thinking
12/04/98 Bob Cowles - SLAC 6
Threat Analysis
• Attack on Oracle DB– Alter data– Read personal or confidential data– Denial of Service
• External Attack
• Internal (authenticated user) Attack
• Adapt to new threats over next 2 years
12/04/98 Bob Cowles - SLAC 7
Countermeasures I
• External– Filter out NT networking protocols– Strengthen passwords (passfilt)
• Internal– Emphasize SP3 + Hotfixes– Promote SMS and central mgmt tools– Proposed significant tightening of all NT W/S
12/04/98 Bob Cowles - SLAC 8
Problems I
• General revolt at proposal– “Personal Computer”– Inadequate support– Non-standard configurations– Inventive requirements
• One size does not fit all
12/04/98 Bob Cowles - SLAC 9
Countermeasures II
• Use Business Services Division as a pilot– Significantly increase restrictions on NT– Use latest technology to provide:
• safety
• functionality
• Examined many alternatives– Filtering routers, firewalls, VPNs, IDS, etc.
12/04/98 Bob Cowles - SLAC 10
Problems II
• Latest technology is very immature (!) and vendors don’t understand it
• Required features in the next release (RSN)
• Solutions require – Lots of inter-group cooperation & coordination– Very easy to have 3-4 inadequate solutions for
the same problem
• BSD users are all over the Lab
12/04/98 Bob Cowles - SLAC 11
Strawman I
• Use VLANs to put all users “together”
• Very heavy filtering on internal router
• Many users have two workstations– Communicate externally & with rest of Lab
• No tight controls on configuration
– Communicate with PeopleSoft applications• Centrally maintained
• Standard configuration
12/04/98 Bob Cowles - SLAC 12
BSDnet
Rest of SLAC
DataWarehouse
BISWeb Server
TestPeopleSoft
ProdPeopleSoft
FDDI
User01 UserYY UserXX
Strawman I
BSDDomain Cntlr
12/04/98 Bob Cowles - SLAC 13
Strawman I :-(
• Cost of additional W/S and network equip.
• Fear of “yellow cables”
• Loss of desktop space - user reaction
• Confusing relationship between domains
• Concerns about “piped” cross authentication (e.g. new web browsers)
12/04/98 Bob Cowles - SLAC 14
BSDnet
Rest of SLAC
DataWarehouse
BISWeb Server
TestPeopleSoft
ProdPeopleSoft
FDDI
User01 UserYY UserXX
Strawman II
BSDDomain Cntlr
12/04/98 Bob Cowles - SLAC 15
Strawman II :-(
• Very difficult to packet filter properly (SQL*Net uses ephemeral ports)
• Possible performance issues with Two-tier PeopleSoft client
• Questionable protection in time of intrusion
12/04/98 Bob Cowles - SLAC 16
BSDnet
Rest of SLAC
WTSServer
DataWarehouse
BISWeb Server
TestPeopleSoft
ProdPeopleSoft
FDDI
User01 UserYY UserXX
Strawman III
BSDDomain Cntlr
12/04/98 Bob Cowles - SLAC 17
Strawman III :-(
• Still problems during/immediately after intrusion– Mission critical functions– Access to BIS web server required
• WTS is new technology – What if it fails?– What if it can’t handle the load?
12/04/98 Bob Cowles - SLAC 18
BSDnet
Secure BSDnet
Rest of SLAC
WTS+Citrix Farm
DataWarehouse
BISWeb Server
TestPeopleSoft
ProdPeopleSoft
FDDI
User01
UserMC
UserYY UserXX
Plan A
BSDDomain Cntlr
12/04/98 Bob Cowles - SLAC 19
BSDnet
Secure BSDnet
Rest of SLAC
WTS+Citrix Farm
DataWarehouse
BISWeb Server
TestPeopleSoft
ProdPeopleSoft
FDDI
“Air Gap”
“Air Gap”
User01
UserMC
UserYY UserXX
Plan A - Intrusion
BSDDomain Cntlr
12/04/98 Bob Cowles - SLAC 20
Plan A :-)
• Mission critical work can be done using what works now
• WTS+Citrix provides add’l flexibility and security options
• Token cards will provide two-factor authentication
• IDS will watch for what gets past filters
Patrick
12/04/98 Bob Cowles - SLAC 21
Current Status
• Testing WTS farm with live users
• Developing specifications for configration on user machines (apps, registry, etc.)
• Network hardware being installed
• Estimated completion - April 1
12/04/98 Bob Cowles - SLAC 22
Comments?
• What have we overlooked?
• What are YOU doing in this area?
• How do you handle user administrated W/S?
• Feedback is appreciated!