Presentation is loading. Please wait.

Presentation is loading. Please wait.

CERN’s Computer Security Challenge

Published byDinah Austin Modified over 8 years ago

Similar presentations

Presentation on theme: "CERN’s Computer Security Challenge"— Presentation transcript:

1 CERN’s Computer Security Challenge
Denise Heagerty, CERN Computer Security Officer Denise Heagerty, CERN, HEPiX Meeting Oct 2003

2 Denise Heagerty, CERN, HEPiX Meeting Oct 2003
Overview Incident Summary, (Sep) Examples of recent incidents CERN Site Security Access restrictions into CERN Vulnerability Scanning Intrusion detection Actions in progress Worrying trends What more can be done? Other suggestions Denise Heagerty, CERN, HEPiX Meeting Oct 2003

3 Denise Heagerty, CERN, HEPiX Meeting Oct 2003
Incident Summary, 2001 2002 2003 -Sep Incident Type 59 31 26 System compromised (intruder has control) security holes in software (e.g. ssh, kernel, ICQ, IE) 42 25 27 Compromised CERN accounts sniffed or guessed passwords 11 21 305 Serious Viruses and worms Blaster/Welchia (290), Sobig (12) , Slammer(3) 13 119 Unauthorised use of file servers insufficient access controls, P2P file-sharing 15 16 1 Serious SPAM incidents CERN addresses are regularly forged 9 6 Miscellaneous security alerts 151 123 484 Total Incidents Denise Heagerty, CERN, HEPiX Meeting Oct 2003

4 Examples of recent incidents
Windows systems used as SPAM relays Security hole in IE – no fix available (now MS03-40) Welchia and Blaster worms ~300 PCs infected so far - new infections every day IRC bots and Remote Shell Trojans found on compromised accounts SucKIT root kits installed Used security hole in Linux Kernel and captured passwords Unauthorised file-sharing P2P file-sharing is NOT permitted at CERN for personal use can spread viruses and install spyware Denise Heagerty, CERN, HEPiX Meeting Oct 2003

5 Site Security: Access into CERN
Internet access into CERN is restricted Low numbered TCP & UDP ports are protected by default Stateful firewall combined with packet filtering High throughput path for a few special application servers Stronger restrictions for DHCP addresses Off-site sessions must be initiated by the clients Protects unintended/vulnerable servers & backdoors VPN access into CERN for registered users Requires agreement to CERN’s VPN Security Requirements: updated anti-virus, latest patches, incoming connections firewalled, essential applications only, password secured Modem access into CERN for registered users Serious source of security problems - needs to be addressed Denise Heagerty, CERN, HEPiX Meeting Oct 2003

6 Site Security: Vulnerability Scanning
Site-wide vulnerability scans All networked systems must agree to be scanned Scans are regular & scheduled following security alerts Tools used depend on vulnerabilities being tested Scans are made as non–intrusive as possible sent to registered admins of vulnerable systems Insecure systems may be blocked from the network System specific vulnerability scans Servers are scanned before firewall access is opened Based on Nessus vulnerability scanning tool (all ports) Requires a security expert to assess results Requests are mainly for SSH and Web servers Scan results are stored in a database Provides status and evolution of site security Denise Heagerty, CERN, HEPiX Meeting Oct 2003

7 Site Security: Intrusion Detection
Network based Intrusion Detection Based on available software with local customisation Off-site “scanning” (excessive destinations) alerts Suspicious sites access alerts Non-standard SSH server access alerts (based on SNORT) IRC bots and backdoors detected by site-wide scanning Host based Intrusion detection Implemented on central linux based servers TCP activity recorded and stored in a database Database is analysed daily for suspicious activity Integrated Security Database IDS data is structured and stored in a database to aid incident detection and follow up Denise Heagerty, CERN, HEPiX Meeting Oct 2003

8 Site Security: actions in progress
Hardware address registration enforced for computers using DHCP (wireless, portables) Allows the user to be informed of problems Started for some buildings, rest of site before Xmas Off-site FTP closure Firewall block planned for 20 Jan 2004 AFS password expiry enforcement Forced annual password changes + warnings Already enforced for Windows/Mail passwords Network connection Rules Defines acceptable network and security practice System admins must agree before connecting systems Denise Heagerty, CERN, HEPiX Meeting Oct 2003

9 Denise Heagerty, CERN, HEPiX Meeting Oct 2003
Worrying Trends Break-ins are devious and difficult to detect E.g. SucKIT rootkit Worms are spreading within seconds Welchia infected new PCs during installation sequence Poorly secured systems are being targeted Home and privately managed computers are a huge risk Break-ins occur before the fix is out SPAM relays used a new hole before a patch and anti-virus available People are often the weakest link Infected laptops are physically carried on site Users continue to download malware and open tricked attachments Intruders and worms can do more damage When? Denise Heagerty, CERN, HEPiX Meeting Oct 2003

10 Denise Heagerty, CERN, HEPiX Meeting Oct 2003
What more can be done? Restrict/eliminate direct modem access Firewall protection has proved to be necessary Modem access is provided by ISPs Reduce the need for VPN to access CERN services Offer popular services to the general Internet: mail, authenticated web sites, file access, … Further enhance firewall protections database driven and based on requirements Enhance system and application security Some patches need deadlines and forced reboots Security & anti-virus updates should not rely on home site access Personal firewalls can reduce risk and buy time Improve security awareness Common messages across the HEP community would help Denise Heagerty, CERN, HEPiX Meeting Oct 2003

11 Denise Heagerty, CERN, HEPiX Meeting Oct 2003
Other Suggestions Your suggestions are welcome… Denise Heagerty, CERN, HEPiX Meeting Oct 2003

Download ppt "CERN’s Computer Security Challenge"

Similar presentations

The Approach to Security in CLRC Gareth Smith With acknowledgements to all the members of the CLRC Computer Network and Security Group, especially Trevor.

The Approach to Security in CLRC Gareth Smith With acknowledgements to all the members of the CLRC Computer Network and Security Group, especially Trevor.
Computer Security set of slides 10 Dr Alexei Vernitski.

Computer Security set of slides 10 Dr Alexei Vernitski.
Thank you to IT Training at Indiana University Computer Malware.

Thank you to IT Training at Indiana University Computer Malware.
1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.

1 Defining System Security Policies. 2 Module - Defining System Security Policies ♦ Overview An important aspect of Network management is to protect your.
Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.

Presented by: Luke Speed Computer Security. Why is computer security important! Intruders hack into computers to steal personal information that the user.
Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.

Building Your Own Firewall Chapter 10. Learning Objectives List and define the two categories of firewalls Explain why desktop firewalls are used Explain.
1 Protecting Your Computer Internet Annoyances (Already done in Chapter 3) Spam Pop-ups Identity theft phishing hoaxes Spyware.

1 Protecting Your Computer Internet Annoyances (Already done in Chapter 3) Spam Pop-ups Identity theft phishing hoaxes Spyware.
Denise Heagerty, CERN, HEPiX Meeting Oct 20031 HEPiX Security Workshop Overview of talks Some extracts of general interest LCG Security Group FNAL, KEK,

Denise Heagerty, CERN, HEPiX Meeting Oct HEPiX Security Workshop Overview of talks Some extracts of general interest LCG Security Group FNAL, KEK,
Software Security Threats Threats have been an issue since computers began to be used widely by the general public.

Software Security Threats Threats have been an issue since computers began to be used widely by the general public.
Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia

Defense-in-Depth Against Malicious Software Jeff Alexander IT Pro Evangelist Microsoft Australia
Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.

Jonas Lippuner. Overview IPCop  Introduction  Network Structure  Services  Addons Installing IPCop on a SD card  Hardware  Installation.
Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.

Lesson 14-Desktop Protection. Overview Protect against malicious code. Use the Internet. Protect against physical tampering.
Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………

Group Presentation Design and Implementation of a company- wide networking & communication technologies strategy 9 th December 2003 Prepared By: …………
NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.

NetPass and Northwestern By Julian Y. Koh As told by Robert Vance NUIT-Telecom & Network Services.
Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services

Cyber Security - Threats James Clement Network Specialist ETS: Communications & Network Services
Cyber Security – Our Approach James Clement Network Specialist ETS: Communications & Network Services

Cyber Security – Our Approach James Clement Network Specialist ETS: Communications & Network Services
Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.

Lesson 9-Securing a Network. Overview Identifying threats to the network security. Planning a secure network.
COEN 252: Computer Forensics Router Investigation.

COEN 252: Computer Forensics Router Investigation.
Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.

Computer Security Update Bob Cowles, SLAC stanford.edu Presented at HEPiX - TRIUMF 23 Oct 2003 Work supported by U. S. Department of Energy.
Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Automating Endpoint Security Policy Enforcement Computing and Networking Services University of Toronto.

Similar presentations

Ads by Google