1 / 18

GGF Fall 2004

GGF Fall 2004. Brussels, Belgium September 20th, 2004. James Marsteller Pittsburgh Supercomptuing Center Jam@psc.edu. TeraGrid Security WorkGroup. WG Charter Submitted To Executive Council Dec ‘03 Weekly Meetings Initial SecWG Efforts:

rod
Download Presentation

GGF Fall 2004

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center Jam@psc.edu

  2. TeraGrid Security WorkGroup • WG Charter Submitted To Executive Council Dec ‘03 • Weekly Meetings • Initial SecWG Efforts: • TG / E-Science SC03 Demo (Foreign Certificate Authority Acceptance Policy) • SSH Implementation (Version & Password Recommendations) • Site Security Points Of Contact • Security Officers & Incident Response Contacts

  3. TeraGrid Security WorkGroup • Jan 9th 2004 - First TG Security Event • TG Node was compromised • Focus of the TG Security WG is Response • Security Point Of Contact List Was First Step • NOT TG CENTRIC! • So What Did We Do????

  4. Responding & Communicating Events • Established Security “hotline” • Response “Playbook” Developed • Incident Mailing List • Encrypted Communications • Coordinated Evidence Gathering • Weekly “Response” Calls

  5. Identifying, Responding & Communicating Events • Established Security “hotline” • 24/7 Reservation less Conference # • Any Site Can Initiate • Only Known To Response Personnel • 800 Number & International Access

  6. Identifying, Responding & Communicating Events • Response Playbook • Who/How To Contact Methodology • Initial Responders • Secondary Responders • Help Desk Staff • How to Respond to Event • PR Guidelines • 800 Number & International Access

  7. Identifying, Responding & Communicating Events • Incident Reporting Guidelines Example: • How much time (in person-hours) did staff at your site spend dealing with the incident? • How were you notified? • What steps did you take to investigate at your site to determine if there was a compromised account or system? • What did you determine? • If there was a compromise: What damage was done? What steps did you take to respond/recover?

  8. Identifying, Responding & Communicating Events • Incident Mailing List • Used To Alert TG Staff Of Incident • Subscribed Response Staff • Triggers Help Desk/Pagers/Cell Phones

  9. Encrypted Communications • PGP Key Signing • Shared Password for Email Communications (Changes Frequently) • Encrypted Website To Archive Critical Information • Encrypted Communications Are VERY IMPORTANT!

  10. Coordinated Evidence Gathering • Playbook Outlines Requirements: • Protecting “Chain Of Custody” • Proper Logging • Reliable Copies Of Process Accounting • Established Communication Channel with FBI • Level Of Effort Responding • Staff Hours & Capitol

  11. Weekly Response Calls • ‘Closed’ Participant List • Share Latest Attack Vectors • Honeypots, Non-TG News • Update On Current Investigations

  12. Lessons Learned:What Did We Learn?

  13. Lessons Learned • A Quick, Secure, Coordinated Response is Critical! • Shared Users Accounts & Passwords • Shared Authentication = Quick Propagation • Separation Of Users and Admin Accounts

  14. Lessons Learned • Need A TG Security Baseline • Different Organizations, Different Goals • Government, Higher Ed, Research • Service Requirement, Public Relations, Privacy Reqs, Acceptable Use • How To Handle Non-TG Customers? • Different OS’s, Software and Hardware

  15. Lessons Learned • How To Achieve A Security Baseline • Security Memorandum Of Understanding (M.O.U.) • What is expected of each site • Communication of Events/Incidents • Confidentiality of others • Response Expectations • Site & TG Risk Assessment (FRAP)

  16. Lessons Learned • How To Achieve A Security Baseline • Security Baseline Requirements • Host • Network • Testing • Patching • Change Mgmt - Certification Process • Response • Physical Security • Incident Detection • Auditing

  17. Future Actions/Challenges • Ensuring A Security Baseline • Uniform Compliance Auditing & Reporting • Security Resources • Personnel • Software/Hardware • Maintaining Security In A Dynamic Distributed Environment

  18. Useful Resources • Stanford Release: http://securecomputing.stanford.edu/alerts/multiple-unix-6apr2004.html • Research and Education Networking ISAC: http://www.ren-isac.net • My Email: jam@psc.edu

More Related