1 / 14

NEEScomm Cybersecurity Briefing

NEEScomm Cybersecurity Briefing. Saurabh Bagchi NEEScomm Cybersecurity Officer. Gaspar Modelo -Howard NEEScomm Cybersecurity Software Engineer. Agenda. Scanning of Remote Sites Incident Response Procedure Best Security Practices Remote Authentication Service

dagan
Download Presentation

NEEScomm Cybersecurity Briefing

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. NEEScomm Cybersecurity Briefing Saurabh Bagchi NEEScomm Cybersecurity Officer Gaspar Modelo-Howard NEEScomm Cybersecurity Software Engineer

  2. Agenda • Scanning of Remote Sites • Incident Response Procedure • Best Security Practices • Remote Authentication Service • NEEScomm Security Operational Duties GOAL • Ensure that NEEScomm can operate and maintain its IT resources to serve the NEES community

  3. Scanning of Remote Sites (1) • Objective: To check the security of the IT resources at the sites • Guiding principles: • Be proactive • Minimize impact to the sites’ activities • Will be done once per year • Remote (non-intrusive) scans from “inside” the network • Limited to site IT assets from inventory • Time schedule determined between SIM and CSO

  4. Scanning of Remote Sites (2) • Candidate scanners to be used: Nessus, Nikto, web app scanners • Critical vulnerabilities will be immediately identified and reported to SIM with mitigation hints • Each discovered vulnerability will follow an incident report procedure • Results of the scan will be documented in a comprehensive archival report

  5. Incident Response Procedure: Reporting • If it pertains to operation of NEES IT resources, at earliest possible opportunity • Form available from http://nees.org (not working yet) • Telephone line set up 1-877-644-1381 • Report the incident via a voice message • Greeting message will prompt for required information and will trigger a ticket which will notify NEEScomm IT support • NEEScomm IT will contact the person reporting the cybersecurity incident to gather standard information, primarily IP and description of incident • Information will be recorded in the current ticketing system and will be tagged as a cybersecurity incident

  6. Incident Response Procedure: Resolution • A team for resolving the incident will be developed by the CSO in consultation with the SIM • Criticality level of the incident will be determined: critical, important, moderate, low • Site IT resource may be taken offline to prevent spread of the security incident • Record will be kept of the incident progression through the ticketing system • Incidents of a grave nature will need to be reported to NSF, as per agreement with NSF

  7. Remote Authentication Service • Modification of previous remote authentication service (gridauth.cgi) by Karan Bhatia • Objective was to make as few changes (to users) as possible • Accessible thru https://neesws.neeshub.org:9443 • Complete URL: https://neesws.neeshub.org:9443/GRIDAUTH/gridauth.cgi?username=uuuuuuu&password=ppppppp

  8. NEEScomm Security Operational Duties • User account administration • NEEScomm servers audit • Source code • File integrity checker • Intrusion detection system

  9. Best Security Practices • Encourage difficult to guess, easy to remember passwords, especially administrators accounts • Keep your systems up-to-date with patches and updated software versions • Monitor system logs periodically • Have backup and disaster recovery processes • Create educational sessions for users – we can help • Screen lock on unattended user terminals • Decide from which IP addresses you will allow users to connect to your critical IT assets • Sites’ feedback is appreciated

  10. Thanks! Questions? Contact: Gaspar Modelo-Howard 765-494-5515 / gmodeloh@purdue.edu Saurabh Bagchi, PhD 765-494-3362 / sbagchi@purdue.edu

  11. Additional Slides

  12. gama.neeshub.org www.neeshub.org User AccountsMigration Migrated: 1258 Existing Accts.: 222 NOT migrated: 367 Migrated: 1258 Migrated: 159 neesforge.neeshub.org Migrated: zero Migrated: 159 Total Number of Accounts: 1639 NOT migrated: 138 ml.neeshub.org Migrated: zero NOT migrated: 1788

  13. Remote Sites Survey (Operating Systems) • Unix 47% • Windows 44% • Others 9%

  14. GRIDAUTH: Remote Authentication Service

More Related