Security Activities

1
Security Activities Brent Draney Networking,
Security, Servers and Workstations BRDraney_at_nersc.
gov NERSC User Group Meeting September 17, 2007
2
Security and Compliance

• Security
• Maintaining Systems
• Detecting compromises
• Compliance
• Meeting laws, regulations and guidance
• Demonstrating that NERSC is doing a good job
• Goals
• Security should be a net enabler of science
• Security should be easy for a person to follow
• Security should make sense

3
Site Assist Visit ? Authority to Operate

• Compliance schedule
• May 06 Site Assist Visit (SAV)
• June 06 Documentation
• May 07 Site Assist ends
• June 07 Readiness Review
• July 07 Annual Disaster Recovery Test, Self
  Assessment, Risk Assessment
• July 07 Security Test and Evaluation
• August 07 Certification to DOE Berkeley Site
  Office
• October 07 Berkeley Site Office accepts residual
  risk Authority to Operate (ATO)

4
Risks

• Single biggest risk is a compromised user account
• Part of the nature of large scale scientific
  computing
• 1000s of users on a single system
• Most commercial technologies do not address this
  risk
• Firewalls
• network based Intrusion Detection Systems (IDS)
• Mitigations
• User training
• Sshd based Intrusion Detection Systems (IDS)

5
User Training

• Voluntary User Training in Nov 07
• Web based
• Specific to scientific computing
• 10 minute user effort
• Recorded in NIM
• Mandatory User Training in CY 08

6
Sshd Monitoring

• Modified Sshd in January 08
• Sshd sends keystrokes to an IDS
• Open modification to Openssh
• IDS analyses keystrokes for anomalies
• Scientific activity is very different from hacker
  activity
• Sshd performance improvements added
• Pittsburg patches
• Scp performance greatly improved