220 likes | 236 Views
Security in the NT Environment at SLAC. HEPNT at CERN December 4, 1998 Bob Cowles, SLAC. Background. Over 3000 hosts respond to ping 1200 over NT machines 800 over Unix machines Business Services Division PeopleSoft Financials & Human Resources WinNT workstations; Oracle DB on Unix
E N D
Security in the NT Environment at SLAC HEPNT at CERN December 4, 1998 Bob Cowles, SLAC
Background • Over 3000 hosts respond to ping • 1200 over NT machines • 800 over Unix machines • Business Services Division • PeopleSoft Financials & Human Resources • WinNT workstations; Oracle DB on Unix • 150 W/S in central offices • 50 W/S in departments distributed around Lab Bob Cowles - SLAC
Crisis -> Response • Serious intrusion in June 1998 • Over 20 Unix hosts compromised (root) • Over 40 user accounts used • Response • Cut off from Internet for a week • Changed all passwords • Applied deferred security patches • Increased packet filtering Bob Cowles - SLAC
Challenge - Priorities • Prevent unauthorized access to business systems and confidential data • Protect accelerator control systems • Protect physics data and programs Bob Cowles - SLAC
Challenge - Constraints • Implement security measures consistent with the research mission • Open • Collaborative • Credible response to vulnerabilities • Password compromise • Local admin & PC mode of thinking Bob Cowles - SLAC
Threat Analysis • Attack on Oracle DB • Alter data • Read personal or confidential data • Denial of Service • External Attack • Internal (authenticated user) Attack • Adapt to new threats over next 2 years Back Oriface Netbus Bob Cowles - SLAC
Countermeasures I • External • Filter out NT networking protocols • Strengthen passwords (passfilt) • Internal • Emphasize SP3 + Hotfixes • Promote SMS and central mgmt tools • Proposed significant tightening of all NT W/S Bob Cowles - SLAC
Problems I • General revolt at proposal • “Personal Computer” • Inadequate support • Non-standard configurations • Inventive requirements • One size does not fit all Bob Cowles - SLAC
Countermeasures II • Use Business Services Division as a pilot • Significantly increase restrictions on NT • Use latest technology to provide: • safety • functionality • Examined many alternatives • Filtering routers, firewalls, VPNs, IDS, etc. Bob Cowles - SLAC
Problems II • Latest technology is very immature (!) and vendors don’t understand it • Required features in the next release (RSN) • Solutions require • Lots of inter-group cooperation & coordination • Very easy to have 3-4 inadequate solutions for the same problem • BSD users are all over the Lab Bob Cowles - SLAC
Strawman I • Use VLANs to put all users “together” • Very heavy filtering on internal router • Many users have two workstations • Communicate externally & with rest of Lab • No tight controls on configuration • Communicate with PeopleSoft applications • Centrally maintained • Standard configuration Bob Cowles - SLAC
Data Warehouse BSD Domain Cntlr Strawman I Prod PeopleSoft Test PeopleSoft BSDnet BIS Web Server User01 UserYY UserXX Rest of SLAC FDDI Bob Cowles - SLAC
Strawman I :-( • Cost of additional W/S and network equip. • Fear of “yellow cables” • Loss of desktop space - user reaction • Confusing relationship between domains • Concerns about “piped” cross authentication (e.g. new web browsers) Bob Cowles - SLAC
Data Warehouse BSD Domain Cntlr Strawman II Prod PeopleSoft Test PeopleSoft BSDnet BIS Web Server User01 UserYY UserXX Rest of SLAC FDDI Bob Cowles - SLAC
Strawman II :-( • Very difficult to packet filter properly (SQL*Net uses ephemeral ports) • Possible performance issues with Two-tier PeopleSoft client • Questionable protection in time of intrusion Bob Cowles - SLAC
Data Warehouse BSD Domain Cntlr Strawman III Prod PeopleSoft Test PeopleSoft WTS Server BSDnet BIS Web Server User01 UserYY UserXX Rest of SLAC FDDI Bob Cowles - SLAC
Strawman III :-( • Still problems during/immediately after intrusion • Mission critical functions • Access to BIS web server required • WTS is new technology • What if it fails? • What if it can’t handle the load? Bob Cowles - SLAC
Data Warehouse BSD Domain Cntlr Plan A Prod PeopleSoft Test PeopleSoft WTS +Citrix Farm UserMC Secure BSDnet BIS Web Server User01 UserYY UserXX BSDnet Rest of SLAC FDDI Bob Cowles - SLAC
BSD Domain Cntlr Data Warehouse Plan A - Intrusion Prod PeopleSoft Test PeopleSoft WTS +Citrix Farm UserMC Secure BSDnet “Air Gap” BIS Web Server User01 UserYY UserXX “Air Gap” BSDnet Rest of SLAC FDDI Bob Cowles - SLAC
Plan A :-) • Mission critical work can be done using what works now • WTS+Citrix provides add’l flexibility and security options • Token cards will provide two-factor authentication • IDS will watch for what gets past filters Patrick Bob Cowles - SLAC
Current Status • Testing WTS farm with live users • Developing specifications for configration on user machines (apps, registry, etc.) • Network hardware being installed • Estimated completion - April 1 Bob Cowles - SLAC
Comments? • What have we overlooked? • What are YOU doing in this area? • How do you handle user administrated W/S? • Feedback is appreciated! rdc@slac.stanford.edu Bob Cowles - SLAC