Presentation is loading. Please wait.

Presentation is loading. Please wait.

CyberSecurity for NEEShub: Best-Practices and Lessons Learned Gaspar Modelo-Howard CyberSecurity Engineer George E. Brown, Jr. Network for Earthquake Engineering.

Published byElizabeth Turner Modified over 8 years ago

Similar presentations

Presentation on theme: "CyberSecurity for NEEShub: Best-Practices and Lessons Learned Gaspar Modelo-Howard CyberSecurity Engineer George E. Brown, Jr. Network for Earthquake Engineering."— Presentation transcript:

1 CyberSecurity for NEEShub: Best-Practices and Lessons Learned Gaspar Modelo-Howard CyberSecurity Engineer George E. Brown, Jr. Network for Earthquake Engineering Simulation

2 Need for Cyber-Security Colaboratories Trusted Repository Earthquake / Tsunami What should I pay attention to, regarding security, when using HUBzero software?

3 Agenda NEES Project: What is it? NEES Security Plan Compliance Hubzero Security “Out of the Box” Additional Security Concerns Security Assessments Incidents NEES Security in a Nutshell

4 NEES Project: What is it? Network of civil engineering experimental facilities aimed at facilitating research on mitigating the impact of earthquakes 14 research labs +5,000 users from around the world

5 Security Plan Describes a structured process to plan adequate, cost-effective security protection for NEES cyber infrastructure Audience: NEES community Sections –Roles and Responsibilities –Authentication and Authorization –Privacy –Incident Response –Auditing Updated annually

6 Compliance Moving from NIST SP-800s to Trusted Digital Repositories and Audit Checklist (TRAC / ISO16363) –Security section based on ISO/IEC 27001 Security requirements –Security plan and implemented controls –System roles and responsibilities –Risk assessment procedures –Disaster recovery and continuity plan

7 NEEShub Components Diagram HubZero Joomla!MySQL Open LDAP Apache HTTP PHP Exim SMTP Debian LinuxNEEShub

8 Hubzero Security (Out of the Box) 1.Group-based Access Control (Joomla/Hubzero) 2.Firewall (IPtables) 3.Single sign-on (LDAP) 4.Network Port restrictions 5.Input Validation for wiki entries 6.Captcha-based Ticketing system Easy to include other security mechanisms to protect against attacks (malware, password guessing, web-based vulnerabilities)

9 (Additional) Security Concerns 1.Malware Protection 2.Account cracking 3.Joomla/PHP-related vulnerabilities 4.Host and Network Monitoring

10 Malware Protection ClamAV: free, cross-platform antivirus software tool-kit –command-line scanner, scalable multi-threaded daemon, and automatic database update tool Malware is ‘seasonal’, consider participating in the ClamAV Community Threat Tracking System –www.clamav.net/lang/en/download/cvd/malware-stats/www.clamav.net/lang/en/download/cvd/malware-stats/ Double check possible infected files –www.virustotal.comwww.virustotal.com Beware of false positives and false negatives Need protection for both servers and user computers

11 Malware Virustotal.com ClamAV Community Threat Tracking System

12 Account Cracking Any Internet-facing service is constantly being probed Fail2ban (www.fail2ban.org) scans log files and bans IP addresses that show too many password failures by updating firewall rules to reject the addresses for a specified amount of timewww.fail2ban.org

13 Joomla/PHP-related Vulnerabilities OWASP PHP Top 5 Attack Vectors –Remote Code Execution –Cross-site scripting –SQL injection –PHP Configuration –File system OWASP Joomla Security Scanner –Good introduction to Joomla! world of core and extensions (modules, components and plugins) –Detects file inclusion, SQL injection, command execution vulnerabilities of a target Joomla! web site –Searches for known vulnerabilities of Joomla! and its components: 611 vulnerability checks (Feb. 2, 2012)

14 Joomla/PHP-related Vulnerabilities OWASP Zed Attack Proxy –Penetration testing tool for finding vulnerabilities in web applications –http://code.google.com/p/zaproxyhttp://code.google.com/p/zaproxy SQLmap –Automates process to detect and exploit SQL injection flaws in web applications/databases –Good detection accuracy (nice suite of heuristics) hubZAPbrowser Testing System

15 Host and Network Monitoring Monitoring network traffic and file systems

16 Two phases: Internet and Campus –Testing for filtering implementations Review of security policy compliance (Questionnaire) Reviews of users and groups Ports and vulnerabilities scanning Attention to web applications and databases Deployment of permanent scanner server Usage of public resources –Example: Google Safe Browsing Security Assessment

17 Incident: CVE-2010-4344 Vulnerability in Exim4 mailing software –With specially crafted message, an attacker can corrupt the heap and execute arbitrary code with the privileges of the Exim daemon –Window to patch: 24 hours Testing machines were taken offline, after attackers tried to install new binaries Corrupted machines were scrapped and then rebuilt No production machines were affected, thus no external users were affected –As a precaution, NEEShub users were asked to reset their password Additional measures were implemented to protect environments Lesson Learned: protect the “Post Office”

18 Probing the mailing list server Intrusion Detection System (IDS)

19 Epilogue: NEES Security in a Nutshell Access Control Firewalls, access permissions (web servers, file servers and databases), VPN, separation of resources by environment (production, testing, development), file integrity checker Authentication user and group directory (LDAP) Auditing System logs, fail2ban Others security assessments, software patching, intrusion detection systems (IDS) NEES CyberSecurity Plan / University’s Security Policies U.S. Federal Regulations (NIST)

20 Acknowledgements Pascal Meunier, HUBzero Brian Rohler, NEEShub

21

Download ppt "CyberSecurity for NEEShub: Best-Practices and Lessons Learned Gaspar Modelo-Howard CyberSecurity Engineer George E. Brown, Jr. Network for Earthquake Engineering."

Similar presentations

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.

Overview of local security issues in Campus Grid environments Bruce Beckles University of Cambridge Computing Service.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.

Network Security and Audits LITN Fall Conference 2006 Presented by Katie Givens Mosaic.
I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.

I NDULGENC E There is no need for oversight or management direction. All staff members are superstars and act in the best interest of the company.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Network Security Testing Techniques Presented By:- Sachin Vador.

Network Security Testing Techniques Presented By:- Sachin Vador.
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN121051 Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.

BUILDING A SECURE STANDARD LIBRARY Information Assurance Project I MN Tajuddin hj. Tappe Supervisor Mdm. Rasimah Che Mohd Yusoff ASP.NET TECHNOLOGY.
Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.

Network Security. Trust Relationships (Trust Zones) High trust (internal) = f c (once you gain access); g p Low trust ( ) = more controls; fewer privileges.
Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.

Presented by Manager, MIS.  GRIDCo’s intentions for publishing an Acceptable Use Policy are not to impose restrictions that are contrary to GRIDCo’s.
Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.
LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.

LINUX Security, Firewalls & Proxies. Course Title Introduction to LINUX Security Models Objectives To understand the concept of system security To understand.
PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.

PBA. Observations  Growth, projects, busy-ness –Doing an incredible amount of work  Great Quality of work  Concern about being perfect  Attitudes.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.
Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.

Module 9 Configuring Server Security Compliance. Module Overview Securing a Windows Infrastructure Overview of EFS Configuring an Audit Policy Overview.
Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.

Copyright © 2002 ProsoftTraining. All rights reserved. Operating System Security.
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.

Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
AIS, 20141 Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)

AIS, Passwords Should not be shared Should be changed by user Should be changed frequently and upon compromise (suspected unauthorized disclosure)
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),

Similar presentations

Ads by Google