1 / 11

Computer Security Status C5 Meeting, 2 Nov 2001

Computer Security Status C5 Meeting, 2 Nov 2001. Denise Heagerty, CERN Computer Security Officer. Computer Security Team. Multi-disciplinary part-time team Members: Lionel Cons , Mike Gerard, Denise Heagerty, Jan Iven, Paolo Moroni, Jarek Polok Close collaboration with PDP-IS (Vlado Bahyl)

sian
Download Presentation

Computer Security Status C5 Meeting, 2 Nov 2001

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Computer Security StatusC5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer

  2. Computer Security Team • Multi-disciplinary part-time team • Members: Lionel Cons , Mike Gerard, Denise Heagerty, Jan Iven, Paolo Moroni, Jarek Polok • Close collaboration with PDP-IS (Vlado Bahyl) • Ad-hoc collaboration within IT Division for emergencies and advice • Security team is currently 2.8 FTEs • Windows security expertise is needed

  3. Incident Summary, 1 Nov 2001

  4. Security Activities 2001 • Security Operations, including CERT • collaboration with IT Division Services • Firewall strengthening project • Network security scanning project • Host based intrusion detection project • Security consultancy • Improve security awareness

  5. Security Operations Tasks • respond to Incidents (CERT) • follow up with users, sys admins, experts • International follow up via SWITCH CERT • recommend or require changes • request emergency action, escalate to management • check logs for intrusion signatures • monitor and follow up security advisories • with help from experts: anti-virus, mail, web, … • Provide advice: Computer.security@cern.ch Responsibility for Security Operations is rotated weekly between 4 people

  6. Firewall Strengthening Project • Firewall strengthening project included • Ability to protect high numbered ports • Improved resilience against DoS attacks • Fail-over capability • Higher bandwidth for external Internet access • Gigabit path for designated applications • Firewall strengthening Schedule: • First introduced in June 2001 • Reverted to fail-over path due to instabilities • Will be re-introduced with new hardware in Nov 2001 • Planned protection of high numbered ports • Port numbers may be blocked to react to an emergency • Pre-announced ports will be blocked to protect critical applications, following discussion with affected parties

  7. Network Security Scanning Project • Initially targeted at web servers • First scan started in Jan 2001 • Web servers are detected and vulnerability tested • Results are emailed to administrators • Significantly reduced impact of Code Red & Nimda • Now regular scanning of all servers • Started in May 2001 • Detects all servers responding on the network • Open SMTP relays and insecure anonymous ftp servers followed up in June • An essential tool for security risk analysis • Identifies potentially vulnerable systems • Provides information on port number usage

  8. Host Based Intrusion Detection • goal is to rapidly detect host break-ins • e.g. attempts to exploit security holes • architecture is platform-independent • initial prototype on LXPLUS • combines data from several sources • system log files, network data, accounting • can profit from existing tools • e.g. SNORT break-in signatures • early practical experience is needed • need to distinguish break-ins from false alarms • project has just started • architecture document and a first prototype available

  9. Other Activities • Security Awareness • http://cern.ch/security web pages, CNL articles: • recommendations, scanning, passwords, ssh • Front Page Weekly Bulletin article • DTF, FOCUS, CSPB kept informed • Major incidents have had the most impact! • Security collaboration and advice • e.g. GRID project, PVSS, EDMS, LHC Controls, wireless LAN, remote access for ST Division external contractors, ad-hoc HEP security meeting (proposed at CHEP01) • Computer Security Policy Board formed • http://cern.ch/mgt-cspb • http:/cern.ch/ComputingRules : file services added

  10. Network Certification: action from Eloise 2000 • Goal is to better control application servers running on the network • Requires agreed rules and good collaboration • Tasks of the system/application administrator • System configuration requirements • Vulnerability checking and correction • Clear rules for insecure servers • Difficult to implement • Administrators are not always aware of servers running • Conflict between latest patches and stability • Interpretation of the rules for different systems/services

  11. Security plans for 2002 • Assure security operations • improve Windows security expertise (fellow) • Consolidate existing projects • firewall, scanning, intrusion detection, awareness • Progress network certification • draft proposal for new Computing Rules • resource estimate for associated tools • Participate in LHC/GRID security • 2 posts proposed

More Related