An Integrated CyberSecurity Approach for HEP Grids. Workshop Report.

Size: px
Start display at page:

Download "An Integrated CyberSecurity Approach for HEP Grids. Workshop Report. http://hpcrd.lbl.gov/hepcybersecurity/"

Transcription

1 An Integrated CyberSecurity Approach for HEP Grids Workshop Report 1. Introduction The CMS and ATLAS experiments at the Large Hadron Collider (LHC) being built at CERN, in Switzerland each involve approximately 2000 physicists from around the world. DOE, as the host of the US CMS and ATLAS tier 1 centers, is providing a key element of the global support infrastructure for these experiments. The LHC Grid will combine resources from many sites, including several very large compute clusters. Reliable and sustained access to these data, compute and communication resources holds the key to the productivity of the CMS and ATLAS communities. The challenges posed in protecting and maximizing the utility of the widely distributed ensemble of resources while providing open access to the community of physicists are significant. Current experience dictates that we must be able to quickly identify, isolate and react to intentional unacceptable use of any part of the computing infrastructure. The mere size and prominence of the LHC worldwide Grid attracts attention. The potential to be able to harness the enormous compute power may encourage malicious attacks which, if successful, can then be turned around to use that power for further mischief. At a March 2005 workshop in Oakland, CA, workshop participants identified a number of critical areas to be addressed that will build on existing work and provide a coherent program to reduce the risk to the large investment in LHC computing. These fall into four general categories: risk analysis, the ability for a VO to perform monitoring and control their resources, the ability to recover quickly from an incident, and vulnerability analysis of the middleware. Each and every physicist is expected to be able to access each and every resource controlled by experiment policy and authorization. By breaking into a single vulnerable system, therefore, an intruder can potentially gain access to many other resources. The program of work, therefore, takes account of the inherently distributed nature of the problem by putting strong emphasis on coordinated response to and control of an incident, since security at one location can be compromised by events at another location. Last year the San Diego Supercomputer Center was completely offline for an entire week due to a security compromise. The LHC Grid represents an extremely valuable resource, and our goal is to develop capabilities and procedures that will minimize the impact a security incident will have on the availability and effectiveness of our production infrastructure. In an environment such as the LHC Grid, covering a very diverse set of resources down to the individual laptops, we plan to the assumption that some security compromise is inevitable. If a system is compromised, the system must be quickly isolated and recovery

2 needs to be rapid, efficient, and thorough so that cost and latent risk are minimized. Sites must be able to regain control of their resources as quickly as possible and to prevent the compromise from spreading to other sites. This includes the ability to quickly and selectively disable both users and services. If a user credential is known to be compromised, it is important to be able to quickly determine the complete list of resources that were accessed using that credential since it was compromised. The ability to quickly recover from a security incident adds the additional value of allowing fast recovery from non-malicious user errors. In fact, user or administrator errors can cause as much damage as a malicious hacker. It is also important to be able to quickly determine when problems are due to a unauthorized activities and when they are due to activities triggered by legitimate members of the CMS and ATLAS communities. To help our planning and the prioritization of the proposed program of work we define the vulnerabilities to a potential incident thus: Loss of unique data Insertion of fraudulent data Inability to reestablish control of the computing infrastructure after an incident. Subversion of system software (loss of integrity) Inability to ingest detector output Massive coherent failure of the ensemble of resources Compromise of key infrastructure Pervasive slow down due to compromise that couldn t be removed We have arrived at the program of work below in risk, likelihood, impact and our ability to mitigate and respond. Clearly responsibility for the defense and continuous operation of the LHC computing systems span all organizations involved the experiments, the facility administrators, the middleware and service providers and the end users. All these players are already closely involved in the planning and execution of tasks to protect the LHC systems, and to provide the end-to-end security and trust infrastructure to allow controlled access to and open use of the systems by the physics communities. In this document we describe a set of tasks that, delivered as a coherent and managed program of work across the facility security teams, the technology providers and the experiments, will significantly reduce the vulnerability of the LHC computing environment to security incidents. We feel it is crucial to begin this work as soon as possible. We recommend that the community beginning working on a set of best practice documents to help build consensus within the HEP community on what the risks and issues are, and what are the best solutions. 2. Goals and Requirements An experimental collaboration constitutes a Virtual Organization, or VO, and is expected to operate information resources as its infrastructure. The VO has a duty to contribute to the overall security of the shared infrastructure. For example, it is important to ensure that a compromise at a Tier 3 site or a scientist s laptop does not compromise the entire grid. Only the VO can know what jobs are running and what the current set of resource utilization should be. The VO is also responsible for detecting and terminating runaway jobs, which may be due to user error or software bugs.

3 A virtual organization is composed of multiple real organizations, each of which have there own security requirements as well. Security tools and solutions must be designed and deployed in a manner that facilities exchange of information between organizations and virtual organizations. 1. The impact of a compromised user credential should be restricted to that user s work, and should ideally be short-lived such that its malicious capabilities will time-out in a manageable time-scale. This goes for compromised host credentials as well. 2. The impact of a compromise (root account etc) on a resource should be restricted as much as possible to that resource. 3. Higher risk services should be structured such that the impact and scope of any compromise is minimized. 4. Response to and control of incidents should be tested in a realistic distributed environment. 5. The latency of response to and containment of incidents should be minimized. 6. Usable and timely forensic information should be available to the incident response teams to allow tracing of the source and scope of an incident. 7. Stakeholders (site security, VO administration, etc) need to collect and review information independently, and have the ability to share and compare their analyses. 3. Program of Work At a March 2005 workshop in Oakland, CA, workshop participants identified a number of critical areas to be addressed that will build on existing work and provide a coherent program to reduce the risk to the large investment in LHC computing. These fall into four general categories: risk analysis, the ability for a VO to perform monitoring and control their resources, the ability to recover quickly from an incident, and vulnerability analysis of the middleware. Item 1: Risk Analysis and Best Practices It is essential to perform ongoing risk analysis of the LHC computing infrastructure. This includes analysis of the software stacks, the configurations or resources and services, and the trust relationships between all parties. It also includes closely monitoring new security exploits as they come out. The activity will provide periodic information to guide the program of work and prioritize the focus of the security teams. Item 2: Security Logging and Auditing Service The core component of this task is a real-time Security Logging and Auditing Service. This information service would contain as much log data as possible related to a set of Grid jobs, including host syslogs, CA logs, middleware logs, and so on. Some level of logging from firewalls and IDS s would be also very useful, but these will likely need to be sanitized before sites would release them. This data will be used to help identify problems and to quickly recover from an incident. It will also be used to help debug authentication and firewall problems (situations where there is not currently a useful error message to understand why something did not

4 connect). It would also help provide the necessary audit trail to help perform fast recovery after a security incident. Requirements: 1. Standardize the audit entry formats where ever possible to facilitate the subsequent browsing, querying and filtering. 2. Instrument the middleware runtimes to securely log relevant audit information. 3. Provide an integrating and organizing framework to collect many diverse sources of information (e.g. routers, job logs etc) to reconstruct the thread-of-work through the Grid fabric. 4. Make the audit information discoverable and accessible to diverse organizations through common interfaces. 5. Provide real time collection and analysis of the information to enable timely response. 6. Build in data filtering mechanisms so that we are not overwhelmed by too much log data. 7. Provide the trusted organizations secure access to the distributed audit information. The tasks required enable an organization or VO to monitor and control their Grid are: Security Logging and Auditing Service: Deployment of a scalable and reliable real-time service. Existing solutions such as the EDG logging and bookkeeping service will be evaluated. Tools to integrate existing log files will be developed. Auditing of all components: We will perform an analysis of what needs to be audited from each component, and work with middleware developers to ensure they are logging the necessary information. This logging will be integrated with the information service. Resource vulnerability scanning: Organizations and VO s need the ability to scan site Grid resources for vulnerabilities, since small sites may not be doing this, and large site might miss something. This will help VOs to perform security certification of the Grid resources they are responsible for, and help maximize the utility of their Grid. IDS / IPS: Intrusion Detection systems should be deployed to monitor Grid use and detect unauthorized behavior (due to user error, user breaking the rules, or due to unauthorized use). This data must be integrated into the information service. Border Control (site and VO): The boundaries of enclaves of trust are places where information is gathered and control may be applied. These border must be clearly defined, and then protected. Configuration Verification: Many security mechanisms such as firewalls, VOMS servers, and so on are configured and maintained by hand, and the chance of misconfiguring something is high. Therefore it is critical that the various layers are integrated and configuration of the system is automated to the extent possible.

5 Mechanisms to check the configuration of each of the layers and to analyze the security of the configured whole are essential. Item 3: Incident Response and Recovery The key to incident response is to be able to quickly contain their scope and to recover. Often it is very difficult to determine the extent of the damage, and what must be done to clean up after an incident. For example, if a user credential is known to be compromised, what is the complete list of resources that were accessed using that credential? Or if a single host at a site has been rootkit ed, what other hosts might be compromised as well. If a vulnerability is found in a Grid middleware component, how do we locate all locations where that version of the middleware is installed, disabled those resources until the vulnerability is fixed, and then patch / upgrade the software on all those resources? This task includes the following work items: Incident Response: Incident response typically needs to be coordinated between the local resource, local network, border, virtual organization, and wide-area network and needs to be automated to the extent possible. Effective incident response requires accurate information and analysis of the attack, which will be provided by the VO information server. Effective incident response also requires coordination between several sites by means of a confidential communication channel. The team of responders must be able to rapidly create a communication channel to respond to incidents. A suite of secure information and communication services tuned to the needs of security officers and their partners, responding to an on-going incident is needed. Forensics: Forensics data from all levels of the system are critical to long-term response (i.e. prosecution) and effective recovery. There are two primary goals: to collect evidence and minimize recovery effort. This data is often high volume and from a diverse set of sources. The responders need to be able to in real-time analyze the data and determine exactly what hosts have been compromised and the nature of the compromises to contain the attack and narrow the recovery effort. Security Testing: Tiger teams will be formed to look for vulnerabilities, and response planning will be done. We will also perform 2 major security drills. Item 4: Middleware vulnerability testing and analysis This activity will be responsible for evaluating and enhancing the quality of the middleware from a security perspective. This includes but is not limited to vulnerability to attacks, ease of patching, and installation procedures. From a security perspective, the end-to-end quality of a software stack is not determined only by its resistance to malicious attacks. The time it takes to replace a version with a known vulnerability with a new version that eliminates this vulnerability plays an important role in determining the quality of our software stack. Testing and analysis of all middleware is required. External software audits are needed, which could be done as software peer reviews, where middleware developers could review each other s architectures.

6 Other Work This workshop also identified several other areas that we feel are important, but we feel these issues are much broader than just LHC computing. We hope other projects will be addressing these issues. These include: Wide-Area Network Monitoring: The wide-area network provides an excellent place to track attack trends and to detect worms, viruses, and to recognize attack patterns. Connection logs and netflow data from the routers or from a network IDS can be used for this. By monitoring key Internet exchange points, one can provide an early warning system for viruses, worms, and attacks, and potentially block the attack before it reaches the end sites. Also, through cooperation with the end-sites, an attack manifesting at one site can be blocked from attacking other sites. Data Integrity: user error, hardware error, TCP checksum issue, intentional corruption, and so on. Authentication / Authorization Issues: protection again stealing short term credentials or session keys, and projection against high-jacking sessions. As the revocation of credentials is very expensive from an operational and management perspective, short-lived assertions should be used wherever possible. This would require further development and deployment of credential issuing services, like MyProxy and GridLogon. Authorized Audit Log Write/Read Access: The audit data is both sensitive and vital for investigations and recovery. The writing to those logs should therefore be integrity protected and authenticated. Furthermore, the access to the logs should be subject to access control policy and should allow trusted audit officers to access the logs in other administrative domains to reconstruct the forensic trail through the Grid fabric. This would require a fine-grained access control policy framework integrated with the audit log and collection services. Disposable Execution Environments: Virtual Machine techniques such as Xen and VMWare allow the creation of a restricted execution environment that can be destroyed or reloaded. The insulation properties of VM technologies may be able to help confine compromises to a single image and disallow rootkits to take over complete physical machines. Furthermore, paused/frozen images of an OS with a selective set of installed and configured applications could be used to facilitate security related updates and patches, and substantially speedup the recovery process after detected compromise. These technologies are maturing, and should be evaluated for use in the LHC Grid. Rootkit detection: Better tools for detection of rootkits are needed. Best Practices / Community Consensus It is important to start to build community consensus on what is the best was to secure sites that are part of the LHC Grid. We recommend that a set of best practices documents on several aspects of Grid Security be written. These include the following:

7 Risk Analysis of the LHC Grid: What are the main risks in terms of likelihood and recovery cost? Key management: What are the issues involving user and host key management (e.g.: caching, revocation, etc. ) Logging and auditing: What components should be included for standard logging and auditing? This would include a detailed report on what we log today and some ideas on how this information can be collected and used. What information should be logged locally, what should logged centrally, and what data filtering can be done? Scanning and VO certification: what vulnerabilities can be monitoring via scanning, and checklist of items a VO could use to certify that a given Grid resource meets its security standards? Integrated IDS: what should the IDS s be looking for, what information should be exchanged between the sites? Incident Response: what steps should be taken to contain and recover from an incident?

Network Access Control in Virtual Environments. Technical Note

Network Access Control in Virtual Environments. Technical Note Contents Security Considerations in.... 3 Addressing Virtualization Security Challenges using NAC and Endpoint Compliance... 3 Visibility and Profiling of VMs.... 4 Identification of Rogue or Unapproved

More information

SANS Top 20 Critical Controls for Effective Cyber Defense

SANS Top 20 Critical Controls for Effective Cyber Defense WHITEPAPER SANS Top 20 Critical Controls for Cyber Defense SANS Top 20 Critical Controls for Effective Cyber Defense JANUARY 2014 SANS Top 20 Critical Controls for Effective Cyber Defense Summary In a

More information

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013

CS 356 Lecture 25 and 26 Operating System Security. Spring 2013 CS 356 Lecture 25 and 26 Operating System Security Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control

More information

Cisco Advanced Services for Network Security

Cisco Advanced Services for Network Security Data Sheet Cisco Advanced Services for Network Security IP Communications networking the convergence of data, voice, and video onto a single network offers opportunities for reducing communication costs

More information

Goals. Understanding security testing

Goals. Understanding security testing Getting The Most Value From Your Next Network Penetration Test Jerald Dawkins, Ph.D. True Digital Security p. o. b o x 3 5 6 2 3 t u l s a, O K 7 4 1 5 3 p. 8 6 6. 4 3 0. 2 5 9 5 f. 8 7 7. 7 2 0. 4 0 3

More information

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006

Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 Enterprise Cybersecurity Best Practices Part Number MAN-00363 Revision 006 April 2013 Hologic and the Hologic Logo are trademarks or registered trademarks of Hologic, Inc. Microsoft, Active Directory,

More information

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS

NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities

More information

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports

BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports BUILDING A SECURITY OPERATION CENTER (SOC) ACI-BIT Vancouver, BC. Los Angeles World Airports Building a Security Operation Center Agenda: Auditing Your Network Environment Selecting Effective Security

More information

Securing the Database Stack

Securing the Database Stack Technical Brief Securing the Database Stack How ScaleArc Benefits the Security Team Introduction Relational databases store some of the world s most valuable information, including financial transactions,

More information

Computer Security: Principles and Practice

Computer Security: Principles and Practice Computer Security: Principles and Practice Chapter 17 IT Security Controls, Plans and Procedures First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Implementing IT Security

More information

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper

Vulnerability Audit: Why a Vulnerability Scan Isn t Enough. White Paper Vulnerability Audit: Why a Vulnerability Scan Isn t Enough White Paper May 10, 2005 TABLE OF CONTENTS Introduction: How Secure Are My Systems?... 3 Vulnerability: The Modern Meaning Of A Muddled Word...

More information

Guideline on Auditing and Log Management

Guideline on Auditing and Log Management CMSGu2012-05 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Auditing and Log Management National Computer Board Mauritius

More information

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems

Course: Information Security Management in e-governance. Day 1. Session 5: Securing Data and Operating systems Course: Information Security Management in e-governance Day 1 Session 5: Securing Data and Operating systems Agenda Introduction to information, data and database systems Information security risks surrounding

More information

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014

Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Cyber Security In High-Performance Computing Environment Prakashan Korambath Institute for Digital Research and Education, UCLA July 17, 2014 Introduction: Cyber attack is an unauthorized access to a computer

More information

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT

ADDING NETWORK INTELLIGENCE TO VULNERABILITY MANAGEMENT ADDING NETWORK INTELLIGENCE INTRODUCTION Vulnerability management is crucial to network security. Not only are known vulnerabilities propagating dramatically, but so is their severity and complexity. Organizations

More information

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004

A Database Security Management White Paper: Securing the Information Business Relies On. November 2004 A Database Security Management White Paper: Securing the Information Business Relies On November 2004 IPLocks, Inc. 441-A W. Trimble Road, San Jose, CA 95131 USA A Database Security Management White Paper:

More information

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform

Managing Privileged Identities in the Cloud. How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud How Privileged Identity Management Evolved to a Service Platform Managing Privileged Identities in the Cloud Contents Overview...3 Management Issues...3 Real-World

More information

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4.

nwstor Storage Security Solution 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. CONTENTS 1. Executive Summary 2. Need for Data Security 3. Solution: nwstor isav Storage Security Appliances 4. Conclusion 1. EXECUTIVE SUMMARY The advantages of networked data storage technologies such

More information

Payment Card Industry Data Security Standard

Payment Card Industry Data Security Standard Symantec Managed Security Services support for IT compliance Solution Overview: Symantec Managed Services Overviewview The (PCI DSS) was developed to facilitate the broad adoption of consistent data security

More information

Critical Security Controls

Critical Security Controls Critical Security Controls Session 2: The Critical Controls v1.0 Chris Beal Chief Security Architect MCNC chris.beal@mcnc.org @mcncsecurity on Twitter The Critical Security Controls The Critical Security

More information

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template

University of California, Riverside Computing and Communications. IS3 Local Campus Overview Departmental Planning Template University of California, Riverside Computing and Communications IS3 Local Campus Overview Departmental Planning Template Last Updated April 21 st, 2011 Table of Contents: Introduction Security Plan Administrative

More information

Passing PCI Compliance How to Address the Application Security Mandates

Passing PCI Compliance How to Address the Application Security Mandates Passing PCI Compliance How to Address the Application Security Mandates The Payment Card Industry Data Security Standards includes several requirements that mandate security at the application layer. These

More information

Architecture Overview

Architecture Overview Architecture Overview Design Fundamentals The networks discussed in this paper have some common design fundamentals, including segmentation into modules, which enables network traffic to be isolated and

More information

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc.

Company Co. Inc. LLC. LAN Domain Network Security Best Practices. An integrated approach to securing Company Co. Inc. Company Co. Inc. LLC Multiple Minds, Singular Results LAN Domain Network Security Best Practices An integrated approach to securing Company Co. Inc. LLC s network Written and Approved By: Geoff Lacy, Tim

More information

Keyword: Cloud computing, service model, deployment model, network layer security.

Keyword: Cloud computing, service model, deployment model, network layer security. Volume 4, Issue 2, February 2014 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com An Emerging

More information

Incident Handling. Applied Risk Management. September 2002

Incident Handling. Applied Risk Management. September 2002 Incident Handling Applied Risk Management September 2002 What is Incident Handling? Incident Handling is the management of Information Security Events What is an Information Security Event? An Information

More information

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL

CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL CONTINUOUS DIAGNOSTICS BEGINS WITH REDSEAL WHAT IS CDM? The continuous stream of high profile cybersecurity breaches demonstrates the need to move beyond purely periodic, compliance-based approaches to

More information

NETWORK TO NETWORK INTERFACE PLAN

NETWORK TO NETWORK INTERFACE PLAN AT&T will provide interconnect points at both the Network Security Operations Center (NSOC) and the Sam Houston Building (SHB), the prescribed DIR locations via AT&T s VPN (AVPN) service. The standards-based

More information

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols

THE TOP 4 CONTROLS. www.tripwire.com/20criticalcontrols THE TOP 4 CONTROLS www.tripwire.com/20criticalcontrols THE TOP 20 CRITICAL SECURITY CONTROLS ARE RATED IN SEVERITY BY THE NSA FROM VERY HIGH DOWN TO LOW. IN THIS MINI-GUIDE, WE RE GOING TO LOOK AT THE

More information

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S

Network Segmentation in Virtualized Environments B E S T P R A C T I C E S Network Segmentation in Virtualized Environments B E S T P R A C T I C E S ware BEST PRAC TICES Table of Contents Introduction... 3 Three Typical Virtualized Trust Zone Configurations... 4 Partially Collapsed

More information

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure

BEST PRACTICES. DMZ Virtualization with VMware Infrastructure BEST PRACTICES DMZ Virtualization with ware Infrastructure ware BEST PRACTICES Table of Contents Virtualized DMZ Networks... 3 Three Typical Virtualized DMZ Configurations... 4 Partially Collapsed DMZ

More information

CyberNEXS Global Services

CyberNEXS Global Services CyberNEXS Global Services CYBERSECURITY A cyber training, exercising, competition and certification product for maximizing the cyber skills of your workforce The Cyber Network EXercise System CyberNEXS

More information

Injazat s Managed Services Portfolio

Injazat s Managed Services Portfolio Injazat s Managed Services Portfolio Overview Premium Managed Services to Transform Your IT Environment Injazat s Premier Tier IV Data Center is built to offer the highest level of security and reliability.

More information

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Host Hardening Presented by Douglas Couch & Nathan Heck Security Analysts for ITaP 1 Background National Institute of Standards and Technology Draft Guide to General Server Security SP800-123 Server A

More information

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Driving Company Security is Challenging. Centralized Management Makes it Simple. Driving Company Security is Challenging. Centralized Management Makes it Simple. Overview - P3 Security Threats, Downtime and High Costs - P3 Threats to Company Security and Profitability - P4 A Revolutionary

More information

2. From a control perspective, the PRIMARY objective of classifying information assets is to:

2. From a control perspective, the PRIMARY objective of classifying information assets is to: MIS5206 Week 13 Your Name Date 1. When conducting a penetration test of an organization's internal network, which of the following approaches would BEST enable the conductor of the test to remain undetected

More information

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc.

Securely Architecting the Internal Cloud. Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Architecting the Internal Cloud Rob Randell, CISSP Senior Security and Compliance Specialist VMware, Inc. Securely Building the Internal Cloud Virtualization is the Key How Virtualization Affects

More information

A Look at the New Converged Data Center

A Look at the New Converged Data Center Organizations around the world are choosing to move from traditional physical data centers to virtual infrastructure, affecting every layer in the data center stack. This change will not only yield a scalable

More information

Mitigating Information Security Risks of Virtualization Technologies

Mitigating Information Security Risks of Virtualization Technologies Mitigating Information Security Risks of Virtualization Technologies Toon-Chwee, Wee VMWare (Hong Kong) 2009 VMware Inc. All rights reserved Agenda Virtualization Overview Key Components of Secure Virtualization

More information

Network/Cyber Security

Network/Cyber Security Network/Cyber Security SCAMPS Annual Meeting 2015 Joe Howland,VC3 Source: http://www.information-age.com/technology/security/123458891/how-7-year-old-girl-hacked-public-wi-fi-network-10-minutes Security

More information

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services

Lifecycle Solutions & Services. Managed Industrial Cyber Security Services Lifecycle Solutions & Services Managed Industrial Cyber Security Services Around the world, industrial firms and critical infrastructure operators partner with Honeywell to address the unique requirements

More information

Secure networks are crucial for IT systems and their

Secure networks are crucial for IT systems and their ISSA The Global Voice of Information Security Network Security Architecture By Mariusz Stawowski ISSA member, Poland Chapter Secure networks are crucial for IT systems and their proper operation. Essential

More information

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines

Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines Secure and Safe Computing Primer Examples of Desktop and Laptop standards and guidelines 1. Implement anti-virus software An anti-virus program is necessary to protect your computer from malicious programs,

More information

Beyond PCI Checklists:

Beyond PCI Checklists: Beyond PCI Checklists: Securing Cardholder Data with Tripwire s enhanced File Integrity Monitoring white paper Configuration Control for Virtual and Physical Infrastructures Contents 4 The PCI DSS Configuration

More information

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector

IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector IT ASSET MANAGEMENT Securing Assets for the Financial Services Sector V.2 Final Draft May 1, 2014 financial_nccoe@nist.gov This revision incorporates comments from the public. Page Use case 1 Comments

More information

GFI White Paper PCI-DSS compliance and GFI Software products

GFI White Paper PCI-DSS compliance and GFI Software products White Paper PCI-DSS compliance and Software products The Payment Card Industry Data Standard () compliance is a set of specific security standards developed by the payment brands* to help promote the adoption

More information

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured!

Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured! Fear Not What Security Can Do to Your Firm; Instead, Imagine What Your Firm Can Do When Secured! Presented by: Kristen Zarcadoolas, Jim Soenksen, and Ed Sale PART 2: plan, act, repeat (from the look, plan,

More information

Firewalls Overview and Best Practices. White Paper

Firewalls Overview and Best Practices. White Paper Firewalls Overview and Best Practices White Paper Copyright Decipher Information Systems, 2005. All rights reserved. The information in this publication is furnished for information use only, does not

More information

WHITE PAPER WHAT HAPPENED?

WHITE PAPER WHAT HAPPENED? WHITE PAPER WHAT HAPPENED? ENSURING YOU HAVE THE DATA YOU NEED FOR EFFECTIVE FORENSICS AFTER A DATA BREACH Over the past ten years there have been more than 75 data breaches in which a million or more

More information

Vulnerability management lifecycle: defining vulnerability management

Vulnerability management lifecycle: defining vulnerability management Framework for building a vulnerability management lifecycle program http://searchsecurity.techtarget.com/magazinecontent/framework-for-building-avulnerability-management-lifecycle-program August 2011 By

More information

The Protection Mission a constant endeavor

The Protection Mission a constant endeavor a constant endeavor The IT Protection Mission a constant endeavor As businesses become more and more dependent on IT, IT must face a higher bar for preparedness Cyber preparedness is the process of ensuring

More information

The Business Case for Security Information Management

The Business Case for Security Information Management The Essentials Series: Security Information Management The Business Case for Security Information Management sponsored by by Dan Sullivan Th e Business Case for Security Information Management... 1 Un

More information

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y Automate Response Congratulations on selecting IncidentResponse.com to retrieve your custom incident response workflow guide. This guide has been created especially for you for use in within your security

More information

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN

Threat Modeling. Frank Piessens (Frank.Piessens@cs.kuleuven.be ) KATHOLIEKE UNIVERSITEIT LEUVEN Threat Modeling Frank Piessens (Frank.Piessens@cs.kuleuven.be ) Secappdev 2007 1 Overview Introduction Key Concepts Threats, Vulnerabilities, Countermeasures Example Microsoft s Threat Modeling Process

More information

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures

Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures Leveraging Network Vulnerability Assessment with Incident Response Processes and Procedures DAVID COLE, DIRECTOR IS AUDITS, U.S. HOUSE OF REPRESENTATIVES Assessment Planning Assessment Execution Assessment

More information

Enterprise Cybersecurity: Building an Effective Defense

Enterprise Cybersecurity: Building an Effective Defense : Building an Effective Defense Chris Williams Scott Donaldson Abdul Aslam 1 About the Presenters Co Authors of Enterprise Cybersecurity: How to Implement a Successful Cyberdefense Program Against Advanced

More information

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA

INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA INTRUSION DETECTION SYSTEM (IDS) D souza Adam Jerry Joseph 0925910 I MCA OVERVIEW Introduction Overview The IDS Puzzle Current State of IDS Threats I have a good firewall, why do I need an IDS? Expectations

More information

CMS Software Deployment on OSG

CMS Software Deployment on OSG CMS Software Deployment on OSG Bockjoo Kim 1, Michael Thomas 2, Paul Avery 1, Frank Wuerthwein 3 1. University of Florida, Gainesville, FL 32611, USA 2. California Institute of Technology, Pasadena, CA

More information

DeltaV System Cyber-Security

DeltaV System Cyber-Security January 2013 Page 1 This paper describes the system philosophy and guidelines for keeping your DeltaV System secure from Cyber attacks. www.deltav.com January 2013 Page 2 Table of Contents Introduction...

More information

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB

REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB REPORT ON AUDIT OF LOCAL AREA NETWORK OF C-STAR LAB Conducted: 29 th March 5 th April 2007 Prepared By: Pankaj Kohli (200607011) Chandan Kumar (200607003) Aamil Farooq (200505001) Network Audit Table of

More information

Data Management Policies. Sage ERP Online

Data Management Policies. Sage ERP Online Sage ERP Online Sage ERP Online Table of Contents 1.0 Server Backup and Restore Policy... 3 1.1 Objectives... 3 1.2 Scope... 3 1.3 Responsibilities... 3 1.4 Policy... 4 1.5 Policy Violation... 5 1.6 Communication...

More information

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs

Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Overview of Network Security The need for network security Desirable security properties Common vulnerabilities Security policy designs Why Network Security? Keep the bad guys out. (1) Closed networks

More information

Exhibit to Data Center Services Service Component Provider Master Services Agreement

Exhibit to Data Center Services Service Component Provider Master Services Agreement Exhibit to Data Center Services Service Component Provider Master Services Agreement DIR Contract No. DIR-DCS-SCP-MSA-002 Between The State of Texas, acting by and through the Texas Department of Information

More information

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com

Syslog Analyzer ABOUT US. Member of the TeleManagement Forum. info@ossera.com +1-916-290-9300 http://www.ossera.com Syslog Analyzer ABOUT US OSSera, Inc. is a global provider of Operational Support System (OSS) solutions for IT organizations, service planning, service operations, and network operations. OSSera's multithreaded

More information

Protect the data that drives our customers business. Data Security. Imperva s mission is simple:

Protect the data that drives our customers business. Data Security. Imperva s mission is simple: The Imperva Story Who We Are Imperva is the global leader in data security. Thousands of the world s leading businesses, government organizations, and service providers rely on Imperva solutions to prevent

More information

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS

HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS Department of Health and Human Services OFFICE OF INSPECTOR GENERAL HIGH-RISK SECURITY VULNERABILITIES IDENTIFIED DURING REVIEWS OF INFORMATION TECHNOLOGY GENERAL CONTROLS AT STATE MEDICAID AGENCIES Inquiries

More information

Remote Services. Managing Open Systems with Remote Services

Remote Services. Managing Open Systems with Remote Services Remote Services Managing Open Systems with Remote Services Reduce costs and mitigate risk with secure remote services As control systems move from proprietary technology to open systems, there is greater

More information

Securing External Name Servers

Securing External Name Servers WHITEPAPER Securing External s Cricket Liu, Vice President of Architecture This white paper discusses the critical nature of external name servers and examines the practice of using common makes of name

More information

WIND RIVER SECURE ANDROID CAPABILITY

WIND RIVER SECURE ANDROID CAPABILITY WIND RIVER SECURE ANDROID CAPABILITY Cyber warfare has swiftly migrated from hacking into enterprise networks and the Internet to targeting, and being triggered from, mobile devices. With the recent explosion

More information

The PCI Dilemma. COPYRIGHT 2009. TecForte

The PCI Dilemma. COPYRIGHT 2009. TecForte The PCI Dilemma Today, all service providers and retailers that process, store or transmit cardholder data have a legislated responsibility to protect that data. As such, they must comply with a diverse

More information

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know

Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Whitepaper Advanced File Integrity Monitoring for IT Security, Integrity and Compliance: What you need to know Phone (0) 161 914 7798 www.distology.com info@distology.com detecting the unknown Integrity

More information

ABB s approach concerning IS Security for Automation Systems

ABB s approach concerning IS Security for Automation Systems ABB s approach concerning IS Security for Automation Systems Copyright 2006 ABB. All rights reserved. Stefan Kubik stefan.kubik@de.abb.com The problem Most manufacturing facilities are more connected (and

More information

Taxonomy of Intrusion Detection System

Taxonomy of Intrusion Detection System Taxonomy of Intrusion Detection System Monika Sharma, Sumit Sharma Abstract During the past years, security of computer networks has become main stream in most of everyone's lives. Nowadays as the use

More information

Basics of Internet Security

Basics of Internet Security Basics of Internet Security Premraj Jeyaprakash About Technowave, Inc. Technowave is a strategic and technical consulting group focused on bringing processes and technology into line with organizational

More information

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act

White Paper A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK. A balancing act A SECURITY GUIDE TO PROTECTING IP PHONE SYSTEMS AGAINST ATTACK With organizations rushing to adopt Voice over IP (VoIP) technology to cut costs and integrate applications designed to serve customers better,

More information

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta.

Why Leaks Matter. Leak Detection and Mitigation as a Critical Element of Network Assurance. A publication of Lumeta Corporation www.lumeta. Why Leaks Matter Leak Detection and Mitigation as a Critical Element of Network Assurance A publication of Lumeta Corporation www.lumeta.com Table of Contents Executive Summary Defining a Leak How Leaks

More information

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG

Database Security Guideline. Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Database Security Guideline Version 2.0 February 1, 2009 Database Security Consortium Security Guideline WG Table of Contents Chapter 1 Introduction... 4 1.1 Objective... 4 1.2 Prerequisites of this Guideline...

More information

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense A Trend Micro Whitepaper I February 2016 Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense How Trend Micro Deep Security Can Help: A Mapping to the SANS Top 20 Critical

More information

Database Monitoring Requirements. Salvatore Di Guida (CERN) On behalf of the CMS DB group

Database Monitoring Requirements. Salvatore Di Guida (CERN) On behalf of the CMS DB group Database Monitoring Requirements Salvatore Di Guida (CERN) On behalf of the CMS DB group Outline CMS Database infrastructure and data flow. Data access patterns. Requirements coming from the hardware and

More information

Extreme Networks Security Analytics G2 Vulnerability Manager

Extreme Networks Security Analytics G2 Vulnerability Manager DATA SHEET Extreme Networks Security Analytics G2 Vulnerability Manager Improve security and compliance by prioritizing security gaps for resolution HIGHLIGHTS Help prevent security breaches by discovering

More information

Check Point and Security Best Practices. December 2013 Presented by David Rawle

Check Point and Security Best Practices. December 2013 Presented by David Rawle Check Point and Security Best Practices December 2013 Presented by David Rawle Housekeeping o Mobiles on Silent o No File Alarms planned o Fire exits are in front and behind and down the stairs o Downstairs

More information

COSC 472 Network Security

COSC 472 Network Security COSC 472 Network Security Instructor: Dr. Enyue (Annie) Lu Office hours: http://faculty.salisbury.edu/~ealu/schedule.htm Office room: HS114 Email: ealu@salisbury.edu Course information: http://faculty.salisbury.edu/~ealu/cosc472/cosc472.html

More information

Principles of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance

Principles of Information Security, Fourth Edition. Chapter 12 Information Security Maintenance Principles of Information Security, Fourth Edition Chapter 12 Information Security Maintenance Learning Objectives Upon completion of this material, you should be able to: Discuss the need for ongoing

More information

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved.

Cyber Security. BDS PhantomWorks. Boeing Energy. Copyright 2011 Boeing. All rights reserved. Cyber Security Automation of energy systems provides attack surfaces that previously did not exist Cyber attacks have matured from teenage hackers to organized crime to nation states Centralized control

More information

Defending Against Data Beaches: Internal Controls for Cybersecurity

Defending Against Data Beaches: Internal Controls for Cybersecurity Defending Against Data Beaches: Internal Controls for Cybersecurity Presented by: Michael Walter, Managing Director and Chris Manning, Associate Director Protiviti Atlanta Office Agenda Defining Cybersecurity

More information

Breaking down silos of protection: An integrated approach to managing application security

Breaking down silos of protection: An integrated approach to managing application security IBM Software Thought Leadership White Paper October 2013 Breaking down silos of protection: An integrated approach to managing application security Protect your enterprise from the growing volume and velocity

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Reducing Application Vulnerabilities by Security Engineering

Reducing Application Vulnerabilities by Security Engineering Reducing Application Vulnerabilities by Security Engineering - Subash Newton Manager Projects (Non Functional Testing, PT CoE Group) 2008, Cognizant Technology Solutions. All Rights Reserved. The information

More information

USM IT Security Council Guide for Security Event Logging. Version 1.1

USM IT Security Council Guide for Security Event Logging. Version 1.1 USM IT Security Council Guide for Security Event Logging Version 1.1 23 November 2010 1. General As outlined in the USM Security Guidelines, sections IV.3 and IV.4: IV.3. Institutions must maintain appropriate

More information

Vulnerability Management

Vulnerability Management Vulnerability Management Buyer s Guide Buyer s Guide 01 Introduction 02 Key Components 03 Other Considerations About Rapid7 01 INTRODUCTION Exploiting weaknesses in browsers, operating systems and other

More information

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services

Managing Vulnerabilities for PCI Compliance White Paper. Christopher S. Harper Managing Director, Agio Security Services Managing Vulnerabilities for PCI Compliance White Paper Christopher S. Harper Managing Director, Agio Security Services PCI STRATEGY Settling on a PCI vulnerability management strategy is sometimes a difficult

More information

Retention & Destruction

Retention & Destruction Last Updated: March 28, 2014 This document sets forth the security policies and procedures for WealthEngine, Inc. ( WealthEngine or the Company ). A. Retention & Destruction Retention & Destruction of

More information

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013

CS 356 Lecture 17 and 18 Intrusion Detection. Spring 2013 CS 356 Lecture 17 and 18 Intrusion Detection Spring 2013 Review Chapter 1: Basic Concepts and Terminology Chapter 2: Basic Cryptographic Tools Chapter 3 User Authentication Chapter 4 Access Control Lists

More information

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping

Larry Wilson Version 1.0 November, 2013. University Cyber-security Program Critical Asset Mapping Larry Wilson Version 1.0 November, 2013 University Cyber-security Program Critical Asset Mapping Part 3 - Cyber-Security Controls Mapping Cyber-security Controls mapped to Critical Asset Groups CSC Control

More information

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity

Product Overview. Product Family. Product Features. Powerful intrusion detection and monitoring capacity NIP IDS Product Overview The Network Intelligent Police (NIP) Intrusion Detection System (IDS) is a new generation of session-based intelligent network IDS developed by Huaweisymantec. Deployed in key

More information

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved.

Intro to NSX. Network Virtualization. 2014 VMware Inc. All rights reserved. Intro to NSX Network Virtualization 2014 VMware Inc. All rights reserved. Agenda Introduction NSX Overview Details: Microsegmentation NSX Operations More Information SDDC/Network Virtualization Security

More information

Second-generation (GenII) honeypots

Second-generation (GenII) honeypots Second-generation (GenII) honeypots Bojan Zdrnja CompSci 725, University of Auckland, Oct 2004. b.zdrnja@auckland.ac.nz Abstract Honeypots are security resources which trap malicious activities, so they

More information

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS INCONVENIENT STATISTICS 70% of ALL threats are at the Web application layer. Gartner 73% of organizations have been hacked in the past two

More information

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background:

CNA NetProtect Essential SM. 1. Do you implement virus controls and filtering on all systems? Background: 1. Do you implement virus controls and filtering on all systems? Anti-Virus anti-virus software packages look for patterns in files or memory that indicate the possible presence of a known virus. Anti-virus

More information

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process Complete Web Application Security Phase1-Building Web Application Security into Your Development Process Table of Contents Introduction 3 Thinking of security as a process 4 The Development Life Cycle

More information