Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer.

Similar presentations


Presentation on theme: "Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer."— Presentation transcript:

1 Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer

2 Computer Security Team  Multi-disciplinary part-time team Members: Lionel Cons, Mike Gerard, Denise Heagerty, Jan Iven, Paolo Moroni, Jarek Polok Close collaboration with PDP-IS (Vlado Bahyl) Ad-hoc collaboration within IT Division for emergencies and advice Security team is currently 2.8 FTEs Windows security expertise is needed

3 Incident Summary, 1 Nov 2001 20012000 Incident Type 468 Security holes exploited (includes worms) 36 web servers, 7 linux kernels, 3 ftp servers, 3286 Compromised CERN accounts sniffed or guessed passwords (26)8 DoS (Denial of Service) attacks 25 caused by Code Red Worm (counted above) 1318 Unauthorised use of file servers insufficient access controls 129 Serious SPAM incidents CERN email addresses are regularly forged 119 Serious Viruses several new viruses are released each day 1117 Miscellaneous security alerts 125155 Total Incidents

4 Security Activities 2001  Security Operations, including CERT collaboration with IT Division Services  Firewall strengthening project  Network security scanning project  Host based intrusion detection project  Security consultancy  Improve security awareness

5 Security Operations Tasks  respond to Incidents (CERT) follow up with users, sys admins, experts International follow up via SWITCH CERT recommend or require changes request emergency action, escalate to management  check logs for intrusion signatures  monitor and follow up security advisories with help from experts: anti-virus, mail, web, …  Provide advice: Computer.security@cern.ch Computer.security@cern.ch Responsibility for Security Operations is rotated weekly between 4 people Responsibility for Security Operations is rotated weekly between 4 people

6 Firewall Strengthening Project  Firewall strengthening project included Ability to protect high numbered ports Improved resilience against DoS attacks Fail-over capability Higher bandwidth for external Internet access Gigabit path for designated applications  Firewall strengthening Schedule: First introduced in June 2001 Reverted to fail-over path due to instabilities Will be re-introduced with new hardware in Nov 2001  Planned protection of high numbered ports Port numbers may be blocked to react to an emergency Pre-announced ports will be blocked to protect critical applications, following discussion with affected parties

7 Network Security Scanning Project  Initially targeted at web servers First scan started in Jan 2001 Web servers are detected and vulnerability tested Results are emailed to administrators Significantly reduced impact of Code Red & Nimda  Now regular scanning of all servers Started in May 2001 Detects all servers responding on the network Open SMTP relays and insecure anonymous ftp servers followed up in June  An essential tool for security risk analysis Identifies potentially vulnerable systems Provides information on port number usage

8 Host Based Intrusion Detection  goal is to rapidly detect host break-ins e.g. attempts to exploit security holes  architecture is platform-independent initial prototype on LXPLUS  combines data from several sources system log files, network data, accounting  can profit from existing tools e.g. SNORT break-in signatures  early practical experience is needed need to distinguish break-ins from false alarms  project has just started architecture document and a first prototype available

9 Other Activities  Security Awareness http://cern.ch/security web pages, CNL articles: http://cern.ch/security recommendations, scanning, passwords, ssh Front Page Weekly Bulletin article DTF, FOCUS, CSPB kept informed Major incidents have had the most impact!  Security collaboration and advice e.g. GRID project, PVSS, EDMS, LHC Controls, wireless LAN, remote access for ST Division external contractors, ad-hoc HEP security meeting (proposed at CHEP01)  Computer Security Policy Board formed http://cern.ch/mgt-cspb http:/cern.ch/ComputingRules : file services added

10 Network Certification: action from Eloise 2000  Goal is to better control application servers running on the network  Requires agreed rules and good collaboration Tasks of the system/application administrator System configuration requirements Vulnerability checking and correction Clear rules for insecure servers  Difficult to implement Administrators are not always aware of servers running Conflict between latest patches and stability Interpretation of the rules for different systems/services

11 Security plans for 2002  Assure security operations improve Windows security expertise (fellow)  Consolidate existing projects firewall, scanning, intrusion detection, awareness  Progress network certification draft proposal for new Computing Rules resource estimate for associated tools  Participate in LHC/GRID security 2 posts proposed


Download ppt "Computer Security Status C5 Meeting, 2 Nov 2001 Denise Heagerty, CERN Computer Security Officer."

Similar presentations


Ads by Google