Security Service Challenge & Security Monitoring
|
|
- Jonah Casey
- 6 years ago
- Views:
Transcription
1 Security Service Challenge & Security Monitoring Jinny Chien Academia Sinica Grid Computing OSCT Security Workshop on 7 th March in Taipei
2 Motivation After today s training, we expect you to understand : Handle the Incident Response Procedure Ensure communication channels with the involved admins are in place. Deal with sudden security attacks Etc Overview Introduction Security Service Challenge Security Monitoring Conclusion
3 Security Service Challenge (SSC) Enabling Grids for E-sciencE The objective: The goal of the LCG/EGEE Security Service Challenge, is to investigate whether sufficient information is available to be able conduct an audit trace as part of an incident response, and to ensure that appropriate communications channels are available. The concept: At first CERN security team submit a testing job to the specific sites and site security contact must according to the clues and reply the answer at the limited time. In general the challenge executed once every year.
4 SSC-Objective
5 Stages / Role of SSC Stages of the SSC 1. Security Challenge targeting the principal site of each of the LCG/EGEE Regional Operation Centers(ROC) 2. Security Challenge targeting the individual sites in each ROC Roles 1. The Test Operator (TOP) : who submits the challenging job, issues the alert, escalates the alert as required and checks the response. 2. The Security Contact of the target site, who receives and acknowledges the alert, makes the necessary investigation and submits the response back to TOP
6 SSC The challenge is executed by submitting a Grid Job from a User Interface (UI). SSC level 1 : challenges the Workload Management System(WMS) of the Grid: Resource Broker(RB) and Computing Element(CE) SSC level 2 : challenges the Storage Elements(SE) on the Grid SSC level 3 : challenges the Operational Diligence of the LCG/EGEE Grid Sites SSC level 4 : coming soon Materials for SSC The materials are available for download from twiki/bin/view/lcg/lcgsecuritychallenge
7 SSC Common Setup SSCs were run in two stages: Stage 1: targeting the principal sites in the regions Stage 2: targeting the individual sites in each ROC The jobs were submitted from an User Interface(UI) to a chosen Grid Computing Element(CE) via a Resource Broker (RB) using standard Grid commands They consist of a set of small, non-intrusive programs. Not intrusive, only legal operations are executed (job submission), file transfer, ) No penetration tests, no execution of exploits etc.
8 Security Service Challenge 1
9 SSC-1 Objective and Setup SSC-1 (2005- March 2006) targeted the Workload Management System(WMS) : Resource Broker (RB) and Computing Element (CE) It tested whether sufficient information was available and whether communication channels were sufficiently open. Did not address the Security Incident Response Procedure Used Savannah as the vehicle for communication between the Test Operator (TOP) and the Target sites.
10 SSC-1 - Task Given: Time range, IP-address of the target computer, UNIX-UID of challenging job on target The Sites had to find out 1. The DN of grid-credentials/certificate used by the job submitter? 2. The IP-address of the submitting network device (UI)? 3. The name of the executable which ran on the target computer? 4. The data and the precise time when the executable ran?
11 Sample: SSC-1 Subject: Security Service Challenge Local date and time of request creation: :38:39 (CET, UTC+2) Initials of test operator: psa Dear LCG/EGEE Site Security Officer, This constitutes a security service challenge alert. You have received this because you have opened an destined to this site's security officer. In case you are not the security officer of this site, please forward this to - aproc-security@list.grid.sinica.edu.tw just stating so. This will allow us to improve our procedures, and we thank you in advance. We thank you for your collaboration, Date and time period of challenge, between: 08:23:00 -and- 08:34:00 UTC Virtual Organization (VO): LCG/EGEE sitename: Resource Broker (RB): Regional Operation Center (ROC): IP-address of the target computer: lcg00189.grid.sinica.edu.tw UNIX-UID of challenging job on target: Security_Service_Challenge_Description Within the time period indicated above, a security service challenge was launched on your site. The UNIX-UID on the target computer as noted above, was associated with the challenge.
12 SSC-1 in AP Executed time : 2006/3/5 2006/3/13 Targeted Sites : Australia-UNIMELB-LCG2 GOG-Singapore INDIACMS-TIFR LCG_KNU Taiwan-IPAS-LCG2 Taiwan-NCUCC-LCG2 TOKYO-LCG2, TW-NCUHEP Total sites are 8 The final report SSC_1_Debrief_ pdf
13 Security Service Challenge 2
14 SSC-2 Objective and Setup SSC-2 tested the traceability of storage operations (2007). From the Worker Node (WN) a sequence of seven storage operations have been executed. lcg_crx, lcg_lgx, lcg_repx, lcg_rx, lcg_cpx, lcg_delx Did not address the Security Incident Response Procedure Used the Global Grid User Support (GGUS) as the vehicle for communication between the Test Operator and the Target Sites.
15 SSC-2 - Task Given: User DN, Time range and SE The Sites had to find out: 1. For each of the identified storage operation, please indicate: The exact time (UTC). The type of operation. The URLs, filenames, catalog names and file paths involved. 2. Please indicate the IP-address of the User Interface (UI) that was used for the Job Submission
16 SSC-2 in AP Executed time : 2007/4/ /5/4 Targeted Sites : 18 sites, 8 countries The procedure is highlight=%28security%29 The final report could be found LCG/SSC2/SSC_2_Stage_2_Report_AsiaPacific.pdf
17 The result of SSC2 Site name Status Reply Feedback Australia-UNIMELB-LCG2 OK YES YES GOG-Singapore Error NO NO HK-HKU-CC-01 OK YES YES IN-DAE-VECC-01 OK NO NO INDIACMS-TIFR Error NO NO JP-KEK-CRC-01 Error NO NO JP-KEK-CRC-02 OK YES NO KR-KISTI-GCRT-01 OK YES YES LCG_KNU OK YES NO NCP-LCG2 OK YES YES PAKGRID-LCG2 OK YES NO Taiwan-IPAS-LCG2 OK YES NO Taiwan-NCUCC-LCG2 OK YES YES TOKYO-LCG2 OK YES YES TW-FTT Error NO NO TW-NTCU-HPC-01 OK YES YES TW-NIU-EECS-01 OK YES NO TW-NCUHEP OK NO NO Status : (1) Error could not submit a SSC job (2) OK success Reply : (1) Yes Reply the answer (2) No Not reply the answer Feedback : (1) Yes provide the feedback (2) No Not provide the feedback
18 Security Service Challenge 3
19 Preparing/Running Regional SSC3 Enabling Grids for E-sciencE TestOperator (TOp) is attacker and incident coordinator and... Get/Install SSC software from svn repository. Malicious binary (might need some tweaking) Job-Submission framework (scripts). Available for glite, globus (Aashish). Job-Monitoring webserver. Certificate, VO and all the rest. Get a grid certificate (short lived) for the TOp. Negotiate an identity used for TOp with a VO (this VO has to be supported by all sites). Make sure the default communication channels to the sites to be challenged work. Check sufficient queue length/wallclocktime. 72h nice, everything less needs some additional tweaking, but possible. Min. is 12h.
20 SSC-3 -a more realistic simulation of an incident, it challenges the Operational Responsiveness of LCG/ EGEE Grid Sites. The Job is launched from a User Interface (UI); It runs with valid credentials. Once running, it will exploit its environment to conceal its activities. Sign of life will be reported through an out-of-band channel. SSC-3 Objective and Setup
21 Alert Enabling Grids for E-sciencE SSC-3 Objective and Setup II The Alert is sent to the CSIRT address registered in the Grid Operations Center Data Base (GOCDB) The text clearly identifies the alert as a test. The Grid identity of the submitting user is indicated. The Site is asked to deal with the Alert following approved Incident Response Procedures. Send alert mails to : VO managers 4 weeks ago Alert-mail to sites roc-security-contact to 2 weeks ago
22 SSC-3 Incident Response The Incident Response is broken up in three activities: Communication Acknowledgment/Heads-up report to the indicated address. Alert to the VO manager. Verification that the responsible Certification Authority (CA) has been notified. Filing of the final report. Containment Identification of the Job and killing of its processes. Suspension of the offending user at the challenged Site. Forensics Discovery of emitting Site and contact to the Sites CSIRT. Analysis of network traffic. Analysis of the submitted binaries.
23 SSC-3 in AP Receive a ticket from GGUS Send a notification to ROC Initial analysis and classification Contact Certification Authority manager Contact Virtual Organization manager Post-incident analysis
24 Result of SSC3
25 Comment for SSC Material for SSC The material is available for download from More details at OSCT public web SSC4 will coming soon~
26 Security Monitoring
27 Goals Detecting operational problems or event incidents Help sites to keep their resources secure Warning sites exposing vulnerabilities Only a basic set of probes currently Main focus on higher levels (ROC, project) Provide the project and ROC (OSCT) with information about site status not concerned with site level No special privileges required from sites Only public interfaces used Security Monitoring 27
28 Current Status A few SAM tests used CRL, file permission checks, Pakiti (patching status) Results encrypted and only available to ROC security contacts Further focus on Nagios-based framework Project and ROC view SAM probes ported Tests to be launched from ROC-level Nagios Results collected in a standard way via message bus Encryption must be applied Access allowed to ROC security contacts and site admins Synchronized with GOC DB Hopefully new probes will be developed Security Monitoring 28
29 Incident statistics A number of local root exploits released in 2009 Main entry points: Compromised user accounts at other sites (very difficult to control) Vulnerable Web applications Weak passwords (!) Main escalation factors (= how the attacker got root) Failure to apply security patches (Pakiti does help here) Weak passwords (!)
30 Recent patching campaigns Lots of efforts to eliminate critical vulnerabilities in 2009 Most common reasons for not patching were: In the majority of the cases, this was due to a communication problem (the recipients of our alerts, in the ROCs, at the sites, etc. thought somebody else would take care of this) Only a part of the farm was upgraded for some reason Some tried an exploit that did not work and concluded they were safe Some did not understand/agree with the implications of the risk and ignored our alerts Some thought they closed the job queues and were surprised (malicious) jobs could still be submitted Some upgraded, but did not rebooted the hosts A very small number of sites reported they could not upgrade due to missing third party drivers
31 Improve
32 Pakiti Security Patching status monitoring Simple design: A lightweight, unprivileged, shell client sends data to a server: List of installed packages ( rpm -qa ) Running kernel and operating system version The Pakiti client DOES NOT modify/patch the system The Pakiti server: Collects security + repository data from vendors Compares the input from the client and the repo information Concludes on the missing packages and applicable CVEs Displays the results on a Web interface and offers many views/search options Pakiti can help with many common issues: Is my cluster fully patched? Is there any node where auto-update is broken? Do I have any node vulnerable to CVE ?
33 Pakiti (cont.) Open source tool to check patching status Any site can run its own Pakiti server to monitor internal machines Server evaluates packages installed on clients Detects security patches not applied Allows for searching for particular vulnerabilities (CVE) Proved very useful recently (CVE , CVE ) Currently maintained by OSCT A lot of improvements applied recently New version designed and prototyped during summer OSCT operates Pakiti server for EGEE Information collected with SAM/Nagios probes (WNs) Attention: Only OSCT members allowed to access Security Monitoring 33
34 Pakiti (cont.) Pakiti server Data collected by production SAM probes (4500 hosts) Any OSCT member can ask for access Check the results and talk to sites avoid miscommunications (PMB) Maintanence, development New version prototyped Sites installation possible New release is now available to all from SourceForge Metrics for proper evaluations missing Many vulnerable packages don t harm often EGEE09: Security Monitoring 34
35 Pakiti Results 4500 machines (all ROCs represented) Only 135 sites fully patched Note, that not all unpatched sites are vulnerable! Security Monitoring 35
36 New Release Pakiti has been used internally by the OSCT to track CVE , CVE , CVE , etc. Pakiti 2.1 is now available to all from SourceForge
37 Conclusion SSC The challenge is from EGEE Operational Security Coordination Team (OSCT) The goal of the LCG/EGEE Security challenge is to conduct an audit trace as part of an incident response to ensure that appropriate communication channels with available sufficient information SSC4 will come soon!! Pakiti Open source could be found from Security Patching status monitoring Any site can run its own Pakiti server to monitor internal machines Do not forget to restart your hosts after a kernel update
38 Reference OSCT public webpage Security Service Challenge Incident Response Procedure Incident_Response_Guide.pdf The SSC toolkit Pakiti Source
39 Question
Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan
Grids and Security Ian Neilson Grid Deployment Group CERN TF-CSIRT London 27 Jan 2004-1 TOC Background Grids Grid Projects Some Technical Aspects The three or four A s Some Operational Aspects Security
More informationEGI-InSPIRE. Security Drill Group: Security Service Challenges. Oscar Koeroo. Together with: 09/23/11 1 EGI-InSPIRE RI
EGI-InSPIRE Security Drill Group: Security Service Challenges Oscar Koeroo Together with: 09/23/11 1 index Intro Why an SSC? SSC{1,2,3,4} SSC5 Future 2 acknowledgements NON INTRUSIVE DO NOT affect actual
More informationMonitoring tools in EGEE
Monitoring tools in EGEE Piotr Nyczyk CERN IT/GD Joint OSG and EGEE Operations Workshop - 3 Abingdon, 27-29 September 2005 www.eu-egee.org Kaleidoscope of monitoring tools Monitoring for operations Covered
More informationGrid Interoperation and Regional Collaboration
Grid Interoperation and Regional Collaboration Eric Yen ASGC Academia Sinica Taiwan 23 Jan. 2006 Dreams of Grid Computing Global collaboration across administrative domains by sharing of people, resources,
More informationDetecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC
Detecting Lateral Movement in APTs ~Analysis Approach on Windows Event Logs~ June 17, 2016 Shingo ABE ICS security Response Group JPCERT/CC Agenda Introduction to JPCERT/CC About system-wide intrusions
More informationVMs at a Tier-1 site. EGEE 09, Sander Klous, Nikhef
VMs at a Tier-1 site EGEE 09, 21-09-2009 Sander Klous, Nikhef Contents Introduction Who are we? Motivation Why are we interested in VMs? What are we going to do with VMs? Status How do we approach this
More informationGrid services. Enabling Grids for E-sciencE. Dusan Vudragovic Scientific Computing Laboratory Institute of Physics Belgrade, Serbia
Grid services Dusan Vudragovic dusan@phy.bg.ac.yu Scientific Computing Laboratory Institute of Physics Belgrade, Serbia Sep. 19, 2008 www.eu-egee.org Set of basic Grid services Job submission/management
More informationGeographical failover for the EGEE-WLCG Grid collaboration tools. CHEP 2007 Victoria, Canada, 2-7 September. Enabling Grids for E-sciencE
Geographical failover for the EGEE-WLCG Grid collaboration tools CHEP 2007 Victoria, Canada, 2-7 September Alessandro Cavalli, Alfredo Pagano (INFN/CNAF, Bologna, Italy) Cyril L'Orphelin, Gilles Mathieu,
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationIntegration of an Asian NGI with European counterparts
Integration of an Asian NGI with European counterparts Eric Yen Academia Sinica Grid Computing Center (ASGC) Sep. 2008 OGF24, Singapore 1 Outline ASGC : from NGI toward regional and global collaboration
More informationEGI-InSPIRE RI NGI_IBERGRID ROD. G. Borges et al. Ibergrid Operations Centre LIP IFCA CESGA
EGI-InSPIRE RI-261323 NGI_IBERGRID ROD G. Borges et al. Ibergrid Operations Centre LIP IFCA CESGA : Introduction IBERGRID: Political agreement between the Portuguese and Spanish governments. It foresees
More informationglite Grid Services Overview
The EPIKH Project (Exchange Programme to advance e-infrastructure Know-How) glite Grid Services Overview Antonio Calanducci INFN Catania Joint GISELA/EPIKH School for Grid Site Administrators Valparaiso,
More informationGrid Services Security Vulnerability and Risk Analysis
Grid Services Security Vulnerability and Risk Analysis Dr Linda Cornwall RAL www.eu-egee.org EGEE and glite are registered trademarks Contents Why we setup the Grid Security Vulnerability Group Starting
More informationNETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS
NETWORK AND CERTIFICATE SYSTEM SECURITY REQUIREMENTS Scope and Applicability: These Network and Certificate System Security Requirements (Requirements) apply to all publicly trusted Certification Authorities
More informationOn the employment of LCG GRID middleware
On the employment of LCG GRID middleware Luben Boyanov, Plamena Nenkova Abstract: This paper describes the functionalities and operation of the LCG GRID middleware. An overview of the development of GRID
More informationMQ Jumping... Or, move to the front of the queue, pass go and collect 200
MQ Jumping.... Or, move to the front of the queue, pass go and collect 200 Martyn Ruks DEFCON 15 2007-08-03 One Year Ago Last year I talked about IBM Networking attacks and said I was going to continue
More informationEUROPEAN MIDDLEWARE INITIATIVE
EUROPEAN MIDDLEWARE INITIATIVE VOMS CORE AND WMS SECURITY ASSESSMENT EMI DOCUMENT Document identifier: EMI-DOC-SA2- VOMS_WMS_Security_Assessment_v1.0.doc Activity: Lead Partner: Document status: Document
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationProtecting Against Modern Attacks. Protection Against Modern Attack Vectors
Protecting Against Modern Attacks Protection Against Modern Attack Vectors CYBER SECURITY IS A CEO ISSUE. - M C K I N S E Y $4.0M 81% >300K 87% is the average cost of a data breach per incident. of breaches
More informationJoe Stocker, CISSP, MCITP, VTSP Patriot Consulting
Joe Stocker, CISSP, MCITP, VTSP Patriot Consulting Microsoft Cloud Evangelist at Patriot Consulting Principal Systems Architect with 17 Years of experience Technical certifications: MCSE, MCITP Office
More informationCIRT: Requirements and implementation
CIRT: Requirements and implementation By : Muataz Elsadig Sudan CERT Joint ITU-ATU Workshop on Cyber-security Strategy in African Countries Khartoum, Republic of Sudan, 24 26 July 2016 There is no globally
More informationLCG Installation LCFGng
GridKa School, 20-23 September 2004 www.eu-egee.org LCG Installation LCFGng Peer Hasselmeyer GridKa, FZK EGEE is a project funded by the European Union under contract IST-2003-508833 What is LCFGng? LCFGng
More informationHow do you track devices that have been approved for use? Are you automatically alerted if an unapproved device connects to the network?
Cybersecurity Due Diligence Checklist Control # Control Name Risks Questions for IT 1 Make an Benign Case: Employees Inventory of using unapproved Authorized devices without Devices appropriate security
More informationMonitoring System for the GRID Monte Carlo Mass Production in the H1 Experiment at DESY
Journal of Physics: Conference Series OPEN ACCESS Monitoring System for the GRID Monte Carlo Mass Production in the H1 Experiment at DESY To cite this article: Elena Bystritskaya et al 2014 J. Phys.: Conf.
More informationRegional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009
SEE-GRID-SCI SEE-GRID-SCI Operations Procedures and Tools www.see-grid-sci.eu Regional SEE-GRID-SCI Training for Site Administrators Institute of Physics Belgrade March 5-6, 2009 Antun Balaz Institute
More informationOutline. Infrastructure and operations architecture. Operations. Services Monitoring and management tools
EGI-InSPIRE EGI Operations Tiziana Ferrari/EGI.eu EGI Chief Operations Officer 1 Outline Infrastructure and operations architecture Services Monitoring and management tools Operations 2 Installed Capacity
More informationCredential Management in the Grid Security Infrastructure. GlobusWorld Security Workshop January 16, 2003
Credential Management in the Grid Security Infrastructure GlobusWorld Security Workshop January 16, 2003 Jim Basney jbasney@ncsa.uiuc.edu http://www.ncsa.uiuc.edu/~jbasney/ Credential Management Enrollment:
More informationCSIRT in general CSIRT Service Categories Reactive Services Proactive services Security Quality Management Services CSIRT. Brmlab, hackerspace Prague
Brmlab, hackerspace Prague Lightning talks, November 2016 in general in general WTF is an? in general WTF is an? Computer Security in general WTF is an? Computer Security Incident Response in general WTF
More informationFederated Security Incident Response. Tom Barton, University of Chicago Jim Basney, NCSA Vincente Brillault, CERN Scott Koranda, LIGO
Federated Security Incident Response Tom Barton, University of Chicago Jim Basney, NCSA Vincente Brillault, CERN Scott Koranda, LIGO Prologue An Example Criminals target University Employee Self Service
More informationThanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at
Thanks! Thanks for attending this session on April 6 th, 2016 If you have any question, please contact Jim at jim@stickleyonsecurity.com Don t forget to checkout Stickley on Security and learn about our
More informationEGEE and Interoperation
EGEE and Interoperation Laurence Field CERN-IT-GD ISGC 2008 www.eu-egee.org EGEE and glite are registered trademarks Overview The grid problem definition GLite and EGEE The interoperability problem The
More informationLHC COMPUTING GRID INSTALLING THE RELEASE. Document identifier: Date: April 6, Document status:
LHC COMPUTING GRID INSTALLING THE RELEASE Document identifier: EDMS id: Version: n/a v2.4.0 Date: April 6, 2005 Section: Document status: gis final Author(s): GRID Deployment Group ()
More informationLCG User Registration & VO management
LCG User Registration & VO management Spring HEPiX Edinburgh 1Maria Dimou- cern-it-gd Presentation Outline Why is LCG Registration worth talking about. How do we register users today. What needs to be
More informationTestBraindump. Latest test braindump, braindump actual test
TestBraindump http://www.testbraindump.com Latest test braindump, braindump actual test Exam : CS0-001 Title : CompTIA Cybersecurity Analyst (CySA+) Exam Vendor : CompTIA Version : DEMO Get Latest & Valid
More informationQuestion No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output:
Volume: 75 Questions Question No: 1 After running a packet analyzer on the network, a security analyst has noticed the following output: Which of the following is occurring? A. A ping sweep B. A port scan
More informationService Availability Monitor tests for ATLAS
Service Availability Monitor tests for ATLAS Current Status Work in progress Alessandro Di Girolamo CERN IT/GS Critical Tests: Current Status Now running ATLAS specific tests together with standard OPS
More informationCIS Controls Measures and Metrics for Version 7
Level One Level Two Level Three Level Four Level Five Level Six 1.1 Utilize an Active Discovery Tool Utilize an active discovery tool to identify devices connected to the organization's network and update
More informationIvane Javakhishvili Tbilisi State University High Energy Physics Institute HEPI TSU
Ivane Javakhishvili Tbilisi State University High Energy Physics Institute HEPI TSU Grid cluster at the Institute of High Energy Physics of TSU Authors: Arnold Shakhbatyan Prof. Zurab Modebadze Co-authors:
More informationImproving Grid User's Privacy with glite Pseudonymity Service
Improving Grid User's Privacy with glite Pseudonymity Service Henri Mikkonen, Joni Hahkala and John White 5 th EGEE User Forum 12-16 April 2010 Uppsala, Sweden www.eu-egee.org EGEE and glite are registered
More informationCIS Controls Measures and Metrics for Version 7
Level 1.1 Utilize an Active Discovery Tool 1.2 Use a Passive Asset Discovery Tool 1.3 Use DHCP Logging to Update Asset Inventory 1.4 Maintain Detailed Asset Inventory 1.5 Maintain Asset Inventory Information
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationISO COMPLIANCE GUIDE. How Rapid7 Can Help You Achieve Compliance with ISO 27002
ISO 27002 COMPLIANCE GUIDE How Rapid7 Can Help You Achieve Compliance with ISO 27002 A CONTENTS Introduction 2 Detailed Controls Mapping 3 About Rapid7 8 rapid7.com ISO 27002 Compliance Guide 1 INTRODUCTION
More informationIT Services IT LOGGING POLICY
IT LOGGING POLICY UoW IT Logging Policy -Restricted- 1 Contents 1. Overview... 3 2. Purpose... 3 3. Scope... 3 4. General Requirements... 3 5. Activities to be logged... 4 6. Formatting, Transmission and
More informationg-eclipse A Framework for Accessing Grid Infrastructures Nicholas Loulloudes Trainer, University of Cyprus (loulloudes.n_at_cs.ucy.ac.
g-eclipse A Framework for Accessing Grid Infrastructures Trainer, University of Cyprus (loulloudes.n_at_cs.ucy.ac.cy) EGEE Training the Trainers May 6 th, 2009 Outline Grid Reality The Problem g-eclipse
More informationAttackers Process. Compromise the Root of the Domain Network: Active Directory
Attackers Process Compromise the Root of the Domain Network: Active Directory BACKDOORS STEAL CREDENTIALS MOVE LATERALLY MAINTAIN PRESENCE PREVENTION SOLUTIONS INITIAL RECON INITIAL COMPROMISE ESTABLISH
More informationSophos Central Admin. help
help Contents About Sophos Central...1 Activate Your License... 2 Overview...3 Dashboard... 3 Alerts...4 Logs & Reports... 15 People...31 Devices... 41 Global Settings... 57 Protect Devices... 90 Endpoint
More information10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS
10 KEY WAYS THE FINANCIAL SERVICES INDUSTRY CAN COMBAT CYBER THREATS WHITE PAPER INTRODUCTION BANKS ARE A COMMON TARGET FOR CYBER CRIMINALS AND OVER THE LAST YEAR, FIREEYE HAS BEEN HELPING CUSTOMERS RESPOND
More informationBookkeeping and submission tools prototype. L. Tomassetti on behalf of distributed computing group
Bookkeeping and submission tools prototype L. Tomassetti on behalf of distributed computing group Outline General Overview Bookkeeping database Submission tools (for simulation productions) Framework Design
More informationWHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX
WHITEPAPER ATTIVO NETWORKS THREATDEFEND PLATFORM AND THE MITRE ATT&CK MATRIX 1 INTRODUCTION The MITRE Corporation Adversarial Tactics, Techniques, and Common Knowledge (ATT&CK ) Matrix provides a model
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationThe EU DataGrid Testbed
The EU DataGrid Testbed The European DataGrid Project Team http://www.eudatagrid.org DataGrid is a project funded by the European Union Grid Tutorial 4/3/2004 n 1 Contents User s Perspective of the Grid
More informationChapter 5: Vulnerability Analysis
Chapter 5: Vulnerability Analysis Technology Brief Vulnerability analysis is a part of the scanning phase. In the Hacking cycle, vulnerability analysis is a major and important part. In this chapter, we
More informationEMERGING THREATS & STRATEGIES FOR DEFENSE. Paul Fletcher Cyber Security
EMERGING THREATS & STRATEGIES FOR DEFENSE Paul Fletcher Cyber Security Evangelist @_PaulFletcher Threats by Customer Environment Cloud Environment On Premise Environment 1.96% 0.13% 0.02% application-attack
More informationLet s Talk About Threat Intelligence
Let s Talk About Threat Intelligence IBM SECURITY SUPPORT OPEN MIC #20 Slides and additional dial in numbers: http://ibm.biz/openmic20 January 26, 2017 NOTICE: BY PARTICIPATING IN THIS CALL, YOU GIVE YOUR
More informationConfiguring SSL. SSL Overview CHAPTER
CHAPTER 8 Date: 4/23/09 This topic describes the steps required to configure your ACE (both the ACE module and the ACE appliance) as a virtual Secure Sockets Layer (SSL) server for SSL initiation or termination.
More information90% 191 Security Best Practices. Blades. 52 Regulatory Requirements. Compliance Report PCI DSS 2.0. related to this regulation
Compliance Report PCI DSS 2.0 Generated by Check Point Compliance Blade, on April 16, 2018 15:41 PM O verview 1 90% Compliance About PCI DSS 2.0 PCI-DSS is a legal obligation mandated not by government
More informationFoundstone 7.0 Patch 6 Release Notes
Foundstone 7.0 Patch 6 Release Notes These release notes describe the changes and updates for Foundstone 7.0, patch 6. This application installs only the patch needed to update the Foundstone system. Foundstone
More informationn Explain penetration testing concepts n Explain vulnerability scanning concepts n Reconnaissance is the first step of performing a pen test
Chapter Objectives n Explain penetration testing concepts n Explain vulnerability scanning concepts Chapter #4: Threats, Attacks, and Vulnerabilities Vulnerability Scanning and Penetration Testing 2 Penetration
More informationCyber security tips and self-assessment for business
Cyber security tips and self-assessment for business Last year one in five New Zealand SMEs experienced a cyber-attack, so it s essential to be prepared. Our friends at Deloitte have put together this
More informationSentinelOne Technical Brief
SentinelOne Technical Brief SentinelOne unifies prevention, detection and response in a fundamentally new approach to endpoint protection, driven by machine learning and intelligent automation. By rethinking
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationA GUIDE TO CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING
A GUIDE TO 12 CYBERSECURITY METRICS YOUR VENDORS (AND YOU) SHOULD BE WATCHING There is a major difference between perceived and actual security. Perceived security is what you believe to be in place at
More informationCrossGrid testbed status
Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft CrossGrid testbed status Ariel García The EU CrossGrid Project 1 March 2002 30 April 2005 Main focus on interactive and parallel applications People
More informationAndrea Sciabà CERN, Switzerland
Frascati Physics Series Vol. VVVVVV (xxxx), pp. 000-000 XX Conference Location, Date-start - Date-end, Year THE LHC COMPUTING GRID Andrea Sciabà CERN, Switzerland Abstract The LHC experiments will start
More informationZumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents
Zumobi Brand Integration(Zbi) Platform Architecture Whitepaper Table of Contents Introduction... 2 High-Level Platform Architecture Diagram... 3 Zbi Production Environment... 4 Zbi Publishing Engine...
More informationIMEC Cybersecurity for Manufacturers Penetration Testing and Top 10
IMEC Cybersecurity for Manufacturers Penetration Testing and Top 10 Christian Espinosa, Alpine Security www.alpinesecurity.com 1 Objectives Learn about penetration testing Learn what to consider when selecting
More informationIntroduction to Grid Infrastructures
Introduction to Grid Infrastructures Stefano Cozzini 1 and Alessandro Costantini 2 1 CNR-INFM DEMOCRITOS National Simulation Center, Trieste, Italy 2 Department of Chemistry, Università di Perugia, Perugia,
More informationInstalling the Cisco Unified CallManager Customer Directory Plugin Release 4.3(1)
Installing the Cisco Unified CallManager Customer Directory Plugin Release 4.3(1) Cisco Unified CallManager uses a Lightweight Directory Access Protocol (LDAP) directory to store data as well as authentication
More informationManaging Microsoft 365 Identity and Access
Course MS-500T01-A: Managing Microsoft 365 Identity and Access Page 1 of 3 Managing Microsoft 365 Identity and Access Course MS-500T01-A: 1 day; Instructor-Led Introduction Help protect against credential
More informationDetector Service Delivery System (SDS) Version 3.0
Detector Service Delivery System (SDS) Version 3.0 Detecting and Responding to IT Security Policy Violations Quick Start Guide 2018 RapidFire Tools, Inc. All rights reserved. V20180112 Contents Overview
More informationALHAD G. APTE, BARC 2nd GARUDA PARTNERS MEET ON 15th & 16th SEPT. 2006
GRID COMPUTING ACTIVITIES AT BARC ALHAD G. APTE, BARC 2nd GARUDA PARTNERS MEET ON 15th & 16th SEPT. 2006 Computing Grid at BARC Computing Grid system has been set up as a Test-Bed using existing Grid Technology
More informationFREE SCIENTIFIC COMPUTING
Institute of Physics, Belgrade Scientific Computing Laboratory FREE SCIENTIFIC COMPUTING GRID COMPUTING Branimir Acković March 4, 2007 Petnica Science Center Overview 1/2 escience Brief History of UNIX
More informationMonitoring ARC services with GangliARC
Journal of Physics: Conference Series Monitoring ARC services with GangliARC To cite this article: D Cameron and D Karpenko 2012 J. Phys.: Conf. Ser. 396 032018 View the article online for updates and
More informationSLCS and VASH Service Interoperability of Shibboleth and glite
SLCS and VASH Service Interoperability of Shibboleth and glite Christoph Witzig, SWITCH (witzig@switch.ch) www.eu-egee.org NREN Grid Workshop Nov 30th, 2007 - Malaga EGEE and glite are registered trademarks
More informationUser Guide. Version R95. English
Software Management User Guide Version R95 English September 22, 2017 Copyright Agreement The purchase and use of all Software and Services is subject to the Agreement as defined in Kaseya s Click-Accept
More informationMcAfee Cloud Workload Security Product Guide
Revision B McAfee Cloud Workload Security 5.1.0 Product Guide (McAfee epolicy Orchestrator) COPYRIGHT Copyright 2018 McAfee, LLC TRADEMARK ATTRIBUTIONS McAfee and the McAfee logo, McAfee Active Protection,
More informationSnowAlert Documentation. Snowflake Security
Snowflake Security Nov 02, 2018 Contents 1 About SnowAlert 3 1.1 Overview................................................. 3 1.2 How It Works............................................... 3 2 Getting
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More informationCOD DECH giving feedback on their initial shifts
COD DECH giving feedback on their initial shifts Clemens Koerdt, Victor Penso, Sven Hermann www.eu-egee.org Centres in DECH contributing to the infrastructure Enabling Grids for E-sciencE U Dortmund DESY
More informationIntegrated Smart Update Tools for Windows and Linux User Guide
Integrated Smart Update Tools for Windows and Linux User Guide Version 2.2.0 Abstract This document describes how to use Integrated Smart Update Tools to update firmware and operating system drivers on
More informationCybersecurity Auditing in an Unsecure World
About This Course Cybersecurity Auditing in an Unsecure World Course Description $5.4 million that s the average cost of a data breach to a U.S.-based company. It s no surprise, then, that cybersecurity
More informationHPE Security Fortify WebInspect Enterprise Software Version: Windows operating systems. Installation and Implementation Guide
HPE Security Fortify WebInspect Enterprise Software Version: 17.10 Windows operating systems Installation and Implementation Guide Document Release Date: May 2017 Software Release Date: April 2017 Legal
More informationSIMATIC. Process Control System PCS 7 Symantec Endpoint Protection 11.0 Configuration. Using virus scanners 1. Configuration 2. Commissioning Manual
SIMATIC Process Control System PCS 7 Using virus scanners 1 Configuration 2 SIMATIC Process Control System PCS 7 Symantec Endpoint Protection 11.0 Configuration Commissioning Manual 08/2009 A5E02634984-01
More informationUnderstanding Perimeter Security
Understanding Perimeter Security In Amazon Web Services Aaron C. Newman Founder, CloudCheckr Aaron.Newman@CloudCheckr.com Changing Your Perspective How do I securing my business applications in AWS? Moving
More informationIT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,
IT Security Training MS-500: Microsoft 365 Security Administration $2,595.00 4 Days Upcoming Dates Course Description Day 1: Managing Microsoft 365 Identity and Access (MS-500T01-A) Help protect against
More informationInstall Certificate on the Cisco Secure ACS Appliance for PEAP Clients
Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients Document ID: 64067 Contents Introduction Prerequisites Requirements Components Used Conventions Microsoft Certificate Service Installation
More informationSingularity in CMS. Over a million containers served
Singularity in CMS Over a million containers served Introduction The topic of containers is broad - and this is a 15 minute talk! I m filtering out a lot of relevant details, particularly why we are using
More informationWEB HOSTING SERVICE OPERATING PROCEDURES AND PROCESSES UNIVERSITY COMPUTER CENTER UNIVERSITY OF THE PHILIPPINES DILIMAN
WEB HOSTING SERVICE OPERATING PROCEDURES AND PROCESSES UNIVERSITY COMPUTER CENTER UNIVERSITY OF THE PHILIPPINES DILIMAN Document Control Document Properties Title Author Document Type Filename File location
More informationSDR Guide to Complete the SDR
I. General Information You must list the Yale Servers & if Virtual their host Business Associate Agreement (BAA ) in place. Required for the new HIPAA rules Contract questions are critical if using 3 Lock
More informationSpiraTeam Help Desk Integration Guide Inflectra Corporation
/ SpiraTeam Help Desk Integration Guide Inflectra Corporation Date: June 12, 2017 Contents Introduction... 1 1. Zendesk... 2 Introduction SpiraTeam is an integrated Application Lifecycle Management (ALM)
More informationTo Be or Not To Be An Incident Recovery Case Study. Sherman, Xie Chunyan CCE, CISSP, GCIH
To Be or Not To Be An Incident Recovery Case Study Sherman, Xie Chunyan CCE, CISSP, GCIH Agenda Incidents in NUS Incident Handling Decisions The Recovery Principles Case Studies Q&A 2 Systems Classification
More informationOPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications
OPEN SOURCE SECURITY ANALYSIS The State of Open Source Security in Commercial Applications By Mike Pittenger, Vice President, Security Strategy Black Duck s On-Demand business conducts audits of customers
More informationEFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1
EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD 1 EFFECTIVE VULNERABILITY MANAGEMENT USING QUALYSGUARD ICTN 6823 BOYD AARON SIGMON EAST CAROLINA UNIVERSITY EFFECTIVE VULNERABILITY MANAGEMENT USING
More informationThe PanDA System in the ATLAS Experiment
1a, Jose Caballero b, Kaushik De a, Tadashi Maeno b, Maxim Potekhin b, Torre Wenaus b on behalf of the ATLAS collaboration a University of Texas at Arlington, Science Hall, PO Box 19059, Arlington, TX
More informationQIT Quality Management System
QIT Quality Management System CAPA & SCAR Modules Operating Manual Web Edition Version 2017 2017 QIT Consulting, Inc. All Rights Reserved 1 Content: Introduction Add a New CAR Modify A CAR Enter Root Cause
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationStatus of KISTI Tier2 Center for ALICE
APCTP 2009 LHC Physics Workshop at Korea Status of KISTI Tier2 Center for ALICE August 27, 2009 Soonwook Hwang KISTI e-science Division 1 Outline ALICE Computing Model KISTI ALICE Tier2 Center Future Plan
More information2. INTRUDER DETECTION SYSTEMS
1. INTRODUCTION It is apparent that information technology is the backbone of many organizations, small or big. Since they depend on information technology to drive their business forward, issues regarding
More information2. Firewall Management Tools used to monitor and control the Firewall Environment.
Firewall Review Section 1 FIREWALL MANAGEMENT & ADMINISTRATION Common management practices with regard to administering the (company) network should be in accordance with company policies and standards.
More informationComprehensive Database Security
Comprehensive Database Security Safeguard against internal and external threats In today s enterprises, databases house some of the most highly sensitive, tightly regulated data the very data that is sought
More information