Things Your Parents Never Told You About Practicing Safe
Computing in a High Performance Computational Environment
NERSC Users Group MeetingStephen Lau
NERSCApril 20, 2023
NUG Training April 20, 2023
Goals and Overview
• Goals– Increase Cybersecurity Awareness– Overview of Basic Techniques to Reduce Risk– What You Need to Do When You Have an Incident
• Overview– What, How and Why of Computer Security– How NERSC Handles Computer Security– Practicing Safe Computing– In Case of Emergency
NUG Training April 20, 2023
What is Computer Security?
• What are we protecting?– Availability of our systems to users– Downtime of our users– Being good “net citizens”– Prevent bad publicity– New item – preventing cyberterrorism
• Computer security has no guarantees– Not “if” but “when”– Security measures will lower, not eliminate risk– There is no “blueprint” for computer security
NUG Training April 20, 2023
Why Worry?
• Threats are on the increase– NERSC is scanned on average 30-40 times a day– Rate is increasing over time– Our experience
• Unpatched system on the open Internet will get exploited within an “average” of 4 hours
• Threats are becoming more sophisticated– Multi-vector attack methods– Large scale attacks becoming more prevalent
NUG Training April 20, 2023
Hostile Scans
020406080
100120140
1-1
-99
3-8
-99
5-1
3-9
9
7-1
8-9
9
9-2
2-9
9
11-2
7-9
9
2-1
-00
4-7
-00
6-1
2-0
0
8-1
7-0
0
10-2
2-0
0
12-2
7-0
0
3-4
-01
5-9
-01
7-1
4-0
1
Truncated. Actual value = 1621
y = 0.0499x - 3.7754
0
20
40
60
80
100
120
140
Trend Line:Truncated. Actual value = 1621(Code Red 7-19-01) --->
NUG Training April 20, 2023
Why Worry?
• Attack tools becoming easier to use– More and more automation– Technical expertise not required
• More exploitable systems– Industry not “security” savvy– Security typically an afterthought– Proliferation of Internet enabled devices
• Majority unpatched and unattended
NUG Training April 20, 2023
Threat Vectors
• Scanning– Used as a reconnaissance tool– Determine vulnerabilities for later exploit– Fairly automated
• Poorly maintained systems– Exploit waiting to happen– Unpatched or poorly patched systems– Outdated operating systems– Systems running unneeded services
NUG Training April 20, 2023
Threat Vectors
• Social Engineering / User Education (lack of)– Inadvertent misuse of available tools– Unaware of computer security risks– Hard to defend against– Best defense is education
• Worms and Viruses– Morris Worm, Code Red (v1, v2), Nimda, etc.– Self propagating code– Average of 40 worms knock on our door everyday
NUG Training April 20, 2023
Code Red Worm Example
– Different variants of worm, CRv2 triggered July 19, 2001– Exploited Microsoft IIS vulnerability– ~300,000 hosts on the Internet were infected in about 13
hours
NUG Training April 20, 2023
Threat Factors
• Script kiddies– Typically clueless
• Attempts windows exploits on a Cray
• Dedicated attackers– Stepping stone platforms– Claim to fame
• Users and staff– Mobile staff introduces vulnerabilities– Offsite systems beyond our control – Remote and home systems can be compromised
NUG Training April 20, 2023
Other Factors
• Maintaining our mission– Provide our users with an unimpeded environment– Promote development of new computational techniques– Encourage collaboration
• Post Sept 11th factor– Heightened awareness regarding cyberterrorism– New DOE mandates regarding cybersecurity– Effect on high performance computing TBD
• Stay tuned!
NUG Training April 20, 2023
NERSC Computational Environment
• Unlike enterprise institutions– Enterprise oriented computer security techniques fail
• High performance platforms
• High bandwidth/performance applications – Unique applications with unique requirements and traffic
patterns
• Diverse and distributed resources• Multi-institutional collaborations across all levels
NUG Training April 20, 2023
NERSC Computer Security
• NERSC uses a "layered approach" or "defense in depth”
• Use of multiple tools and techniques leverages off strengths and weaknesses– Multiple sensors to detect and prevent intrusions– No single points of failure
• No single tool or technique guarantees a secureenvironment
NUG Training April 20, 2023
Defense in Depth
• External Perimeter Defense– Bro Intrusion Detection System– Router filtering– Host shunning
• Network Protection– Firewalls where appropriate– Subnet traffic filtering
NUG Training April 20, 2023
Defense in Depth
• Host Level Security– Periodic host scanning– Vulnerability eradication– Anti-virus software
• Education– Periodic in-house training for NERSC staff– Education of NERSC users regarding cybersecurity
NUG Training April 20, 2023
Bro (We’re watching you)
• High performance intrusion detection system developed at LBNL and AT&T ACRI
• Passively monitors a network link– Taps directly into fiber coming into NERSC
• Records all sessions• Selectively ignores some information
– i.e. ftp data
• Bro allows us to “reconstruct the crime”– Data recorded for unencrypted interactive sessions
NUG Training April 20, 2023
Bro
• Works in conjunction with border router to drop (shun) hosts at the border
• Detects stepping stones– Compromised system used as a gateway
• Detects “backdoors”– i.e. telnet servers on non-standard port
• Detects file sharing systems– Gnutella, Napster, KaZaa
NUG Training April 20, 2023
Most Common Security Incidents at NERSC
• Sniffed passwords– Someone gets a hold of a user password– Externally compromised system– Exposure via unencrypted means
• Unpatched systems– New systems (not yet patched)– Toolkits used to exploit known vulnerabilities– Visitors and staff unknowingly bring in vulnerable or pre-
hacked systems
NUG Training April 20, 2023
Practicing Safe Computing
• Things you can do to reduce your chance and the impact of a compromise– By no means is this list exhaustive– You can follow all these guidelines and still be hacked
• MAINTAIN BACKUPS– #1 preventive measure– Make sure your backups are actually backing up the right
thing
• Keep your workstation patched
NUG Training April 20, 2023
Practicing Safe Computing
• Use virus protection software on Windows systems– Remember to update your virus checker at LEAST once a
week– Don’t rely on “automatic” updating
• Eliminate clear text password usage– Use SSH, scp, sftp where possible– Don’t “stepping stone” from an unencrypted session into an
encrypted session• i.e. don’t telnet from home to work and then from work SSH into
NERSC
NUG Training April 20, 2023
Practicing Safe Computing
• Disable services that are not needed– Work with your local system administrators to do this– Unix
• Echo, discard, daytime, telnet, rcp, rsh, sadmind, dtspcd
– Windows• Disable IIS (just say NO to IIS)• Disable open shares
• Don’t run executable email attachments– Primary method of spreading viruses
• “I Love you” virus• “Melissa” virus
NUG Training April 20, 2023
Practicing Safe Computing
• Passwords– Choose a non easily guessed password
• NERSC has guidelines for choosing passwords– http://hpcf.nersc.gov/policy/password.html
• Mix alphanumeric with special characters (!@#$%^*()>?”{},.;l’-)• Example:
– Use first letters of a saying you can remember» Non politically correct example: Stellar sequence» “Oh, Be A Fine Girl, Kiss Me!” = o,BaF6,KM!
– If you must expose your clear text password, make sure it’s different than your encrypted ones!
– DON’T share your passwords
NUG Training April 20, 2023
Practicing Safe Computing
• Use encryption wherever possible– Encrypt your email (especially private information)
• PGP
– Use SSH and SSH tunneling wherever possible• Remember to use a passphrase on your SSH key
– Encrypt private files– Ensure deletion of files (especially Windows systems)
• Freeware tools available to securely delete files
NUG Training April 20, 2023
Practicing Safe Computing
• Security isn’t only for your office environment– Home systems are heavily targeted– Be wary of public systems and networks– Wireless systems are NOT secure
• Physical security– Use screensavers with password lock
• Prevents other people from using your system
– Secure all portable electronic devices (Keep your seatbacks and tray tables in an upright and locked position)
• Laptops, cell phones, PDAs, voicemail• Keep them with you or lock them down
NUG Training April 20, 2023
Practicing Safe Computing(for the more adventurous)
• Host based filtering systems– Windows Platform
• Kerio Firewall • Zone Alarm
– Linux / Unix• Ipchains• tcpwrappers
• Scan your workstation– Determines vulnerabilities and services enabled– Contact your local system administrator first– WARNING: Don’t scan other people’s workstations!
NUG Training April 20, 2023
Free Scanning Tools
• Nessus– Server/client model– Client
• Windows/Java/Unix– Server
• Unix– http://www.nessus.org
• Nmap– Unix/Windows platforms– http://www.insecure.org
NUG Training April 20, 2023
In Case of Emergency
• Be “cyber security” aware– Watch for strange “new” files– Odd behavior of your system– Unexplained accesses to your account– Processes you can’t account for– Watch what you “click”
• Are the ‘dancing pigs’ worth it?
• Report strange occurrences– Notify your local system administrators– NERSC mandates users report compromises
• This includes EXTERNAL compromises
NUG Training April 20, 2023
In Case of Emergency
• NERSC will NEVER do the following:– Ask you for your password, even over the phone– Give your email address to an outside source without your
permission
• Never underestimate social engineering– If in doubt, ask for a call back number and hang up
• Computer security related matters should be handled via telephone or encrypted email whenever possible
NUG Training April 20, 2023
In Case of Emergency
• For computer security related emergencies– Phone NERSC Operations
• 24hrs/day, 7 days a week• +1 (510) 486-8600
– Email: [email protected]
• To contact me:– Stephen Lau– Email: [email protected]– Phone: +1 (510) 486-7178– PGP Key Fingerprint:
• 44C8 C9CB C15E 2AE1 7B0A 544E 9A04 AB2B F63F 748B
Top Related