Challenges of Securing a Petascale Cluster

Similar documents
Why Firewalls? Firewall Characteristics

Unit 11 Computer Network Introduction to Network Operating Systems

Wireless Honeypots. Created by: Sponsored by: Final Documentation. Volume 2 Product and Process Documentation

Means for Intrusion Detection. Intrusion Detection. INFO404 - Lecture 13. Content

Nexpose. Hardening Guide. Product version: 6.0

VMware Mirage Getting Started Guide

Intruders. significant issue for networked systems is hostile or unwanted access either via network or local can identify classes of intruders:

Cryptzone AppGate. AX-V Virtual Appliance Getting Started Guide. Context Aware. Content Secure.

County of El Paso Purchasing Department 800 E. Overland Room 300 El Paso, Texas (915) / Fax: (915)

10 Defense Mechanisms

Table of Contents. Page 1 of 6 (Last updated 27 April 2017)

VMware Mirage Getting Started Guide

Your Data and Artificial Intelligence: Wise Athena Security, Privacy and Trust. Wise Athena Security Team

Security Correlation Server System Deployment and Planning Guide

Distributed Systems. 27. Firewalls and Virtual Private Networks Paul Krzyzanowski. Rutgers University. Fall 2013

Using DNS Service for Amplification Attack

CompTIA Security+ CompTIA SY0-401 Dumps Available Here at:

SAULT COLLEGE OF APPLIED ARTS AND TECHNOLOGY SAULT STE. MARIE, ONTARIO COURSE OUTLINE

IE156: ICS410: ICS/SCADA Security Essentials

Ethical Hacking and Prevention

IEEE 802 Plenary Kauai Nov Criteria 10GBASE-CX4 10GBASE-CX4 1

Measure S Technology Subcommittee

Virtual Private Networks (VPN)

Understanding Cisco Unified Communications Security

Network Security: Firewall, VPN, IDS/IPS, SIEM

Distributed Systems. 29. Firewalls. Paul Krzyzanowski. Rutgers University. Fall 2015

BYOD Success Kit. Table of Contents. Current state of BYOD in enterprise Checklist for BYOD Success Helpful Pilot Tips

VMware vsphere with ESX 4.1 and vcenter 4.1

CoreMax Consulting s Cyber Security Roadmap

VREDPro HPC Raytracing Cluster

Securing the FOSS VistA Stack

SD-WAN Recommended Test Plan

HikCentral V1.3 for Windows Hardening Guide

Introduction to UNIX/LINUX Security. Hu Weiwei

CIS Controls Measures and Metrics for Version 7

The Cray Rainier System: Integrated Scalar/Vector Computing

Cyber Criminal Methods & Prevention Techniques. By

Security+ SY0-501 Study Guide Table of Contents

An evaluation of the Performance and Scalability of a Yellowstone Test-System in 5 Benchmarks

GLOBALPROTECT. Key Usage Scenarios and Benefits. Remote Access VPN Provides secure access to internal and cloud-based business applications

CIS Controls Measures and Metrics for Version 7

The Ranger Virtual Workshop

Graphene-SGX. A Practical Library OS for Unmodified Applications on SGX. Chia-Che Tsai Donald E. Porter Mona Vij

Distributed telecommunications network access using the TMOS IntraWeb Gateway

Configuring a Secure Survivable Remote Site Telephony (SRST) Reference

Firewall Identification: Banner Grabbing

Secure Access & SWIFT Customer Security Controls Framework

T Yritysturvallisuuden seminaari

PrepAwayExam. High-efficient Exam Materials are the best high pass-rate Exam Dumps

Delivers cost savings, high definition display, and supercharged sharing

PCI DSS Compliance. White Paper Parallels Remote Application Server

Last time. Security Policies and Models. Trusted Operating System Design. Bell La-Padula and Biba Security Models Information Flow Control

SQL Server AlwaysOn setup on ObserveIT environment

USER MANUAL SNMP-RC210 SNMP WEB MANAGEMENT CARD. bxterra.com

Introduction and Statement of the Problem

SNMP Manager User s Manual

OpenSees on Teragrid

QualiWare 6.5 System Requirements

Load Balancing Overview

Enterprise Information System Services Enterprise System Disaster Recovery Scheme. System Requirement Overview

WIRELESS AS A BUSINESS ENABLER. May 11, 2005 Presented by: Jim Soenksen and Ed Sale, Pivot Group

A new Distributed Security Model for Linux Clusters

Web Security. Outline

Remote Support Security Provider Integration: RADIUS Server

CENTRAL AUTHENTICATION USING RADIUS AND 802.1X

MFP: The Mobile Forensic Platform

Computer Network Vulnerabilities

Active Status Guidelines for Leaders and Certification Guidelines for Master Trainers and T-Trainers Effective January 1, 2019.

KASPERSKY ANTI-MALWARE PROTECTION SYSTEM BE READY FOR WHAT S NEXT. Kaspersky Open Space Security

1) Write the characteristics of a problem with suitable example. 2) Explain Hill climbing and its variant Steepest-ascent hill climbing step by step.

Linux Clusters for High- Performance Computing: An Introduction

n Learn about the Security+ exam n Learn basic terminology and the basic approaches n Implement security configuration parameters on network

Pasiruoškite ateičiai: modernus duomenų centras. Laurynas Dovydaitis Microsoft Azure MVP

Overview Intrusion Detection Systems and Practices

NetSupport Manager v11

Audit Network Security. University System of New Hampshire

High Performance Computing Course Notes Course Administration

Implementing and Administering Security in a Microsoft Windows 2000 Network Course 2820 Five days Instructor-led Published: February 17, 2004

How to Respond to Solicitations on The University of Texas at El Paso Sourcing Manager

Cisco Next Generation Firewall Services

50+ Incident Response Preparedness Checklist Items.

Security and Reliability of the SoundBite Platform Andy Gilbert, VP of Operations Ed Gardner, Information Security Officer

Unified Communications Manager FAQ

Elivepatch Flexible distributed Linux Kernel live patching. Alice Ferrazzi

Introduction to IA Class Notes. 2 Copyright 2018 M. E. Kabay. All rights reserved. 4 Copyright 2018 M. E. Kabay. All rights reserved.

Performance Monitor. Version: 7.3

Information Technology (IT) Skill Standards Checklist

EC-Council Certified Network Defender (CND) Duration: 5 Days Method: Instructor-Led

The Blue Water s File/Archive System. Data Management Challenges Michelle Butler

IBM Systems: Helping the world use less servers

WB-Analysis of the Nakula & Antareja Incident

HikCentral V.1.1.x for Windows Hardening Guide

McAfee Network Security Platform 9.1

1. Broad Market Potential o Broad set(s) of applications o Multiple vendors, multiple users o Balance cost, LAN vs. attached stations 802.

Business Strategy Theatre

Cascade Vulnerability Problem Simulator Tool

A Security Model for Space Based Communication. Thom Stone Computer Sciences Corporation

Cisco TelePresence Video Sales Engineer.

TPM v.s. Embedded Board. James Y

Network+ Guide to Networks 5 th Edition. Chapter 1 An Introduction to Networking

Transcription:

Challenges of Securing a Petascale Cluster Christian Servin The University of Texas at El Paso Computational Sciences Program christians@miners.utep.edu Mentor: Irfan Elahi 1

Project Overview Security Challenges in Clusters Security Baseline/Requirements Case Study: TeraGrid Proposed Security Model Implementation, Analysis, and Testing 2

Challenges in Large Clusters vs Other Environments Clusters: Diverse User Community Data Sharing High Performance Computing Different File Systems 3

Computer Security 4

Computer Security Confidentiality 4

Computer Security Confidentiality Integrity 4

Computer Security Confidentiality Integrity Usability 4

Computer Security Confidentiality Integrity Usability 4

Objective Identify security challenges of securing open science large HPC supercomputers as compared with stand-alone servers. Also, to provide a security design that provides the perfect balance between security and usability An Ancient Fortress on an Island www.englishrussia.com 5

Stand-alone vs Cluster High Bandwidth Connections Extensive Computational Power Massive Storage Capacity Firewall Between Nodes Storage Trust (Implicit Trust) Limited Encryption 6

Security Layers to Consider External Network Supercomputer (cluster) Other Attack External Network Login Login IO Login Attacker Gateway Nodes Internal Network Host (node) Master Service Service... Compute Nodes... Hosts Internal Network Dragon Image: www.historicfibers.com 7

Security Layers to Consider External Network Supercomputer (cluster) Other Attack External Network Login Login IO Login Attacker Gateway Nodes Internal Network Host (node) Master Service Service... Compute Nodes... Hosts Internal Network Dragon Image: www.historicfibers.com 7

Security Layers to Consider External Network Supercomputer (cluster) Other Attack External Network Login Login IO Login Attacker Gateway Nodes Internal Network Host (node) Master Service Service... Compute Nodes... Hosts Internal Network Dragon Image: www.historicfibers.com 7

Security Layers to Consider External Network Supercomputer (cluster) Other Attack External Network Login Login IO Login Attacker Gateway Nodes Internal Network Host (node) Master Service Service... Compute Nodes... Hosts Internal Network Dragon Image: www.historicfibers.com 7

Host Case Study: TeraGrid Cluster Configuration Management Unnecessary Services Protect Shared File System Network Prevent IP Address spoofing Prevent source routing Block services that cannot be access controlled at host level 8

Case Study: TeraGrid (2) Auditing Have Monitoring and Events Detection Have Centralized logs Have Process Accounting 9

Installation and Configuration Experiments Configured a Cluster of Five Nodes Configured the network on a Local Area Network (LAN) Installed Ubuntu Server Security Model was Implemented, Analyzed and Tested 10

Experiment Configuration Intruder Master/ Login Service Compute Compute 11

Security Model Configuration Network Configuration Operating System Setup Scheduler File System 12

Security Model Configuration Network Configuration Operating System Setup Scheduler File System 12

Security Model Configuration Network Configuration Operating System Setup Scheduler File System Monitoring Tools 12

Security Model Configuration Network Configuration Operating System Setup Scheduler File System Monitoring Tools 12

Security Model Configuration Network Configuration Operating System Setup Scheduler File System Decision Maker Monitoring Tools 12

Security Model Configuration Network Configuration Operating System Setup Scheduler File System Monitoring Tools Monitoring System logs Intrusion Detection Sys Decision Maker 12

Security Model Configuration Network Configuration Operating System Setup Scheduler File System Monitoring Tools Monitoring System logs Intrusion Detection Sys Decision Maker Fuzzy Logic Decision Engine Interval Computation Multi Criteria Decision Making 12

Personal Challenges OS Server Installation Linux novice Networking Network File System Services configuration 13

Summary Identify unique challenges of securing large HPC clusters Study the TeraGrid security baseline Provide a secure architecture Built a cluster with 5 nodes Implemented, analyzed, and tested on cluster 14

Future Work Establish benchmarks for a security and usability setup environment. Incorporate uncertainty models based on monitored records 15

Other SIParCS Achievements Participated in the CSG Summer Workshop Participated & observed the Bluefire upgrade Attended various vendor conference conference calls meetings Observed & Learned in day by day SSG activities 16

Special Thanks 17

Questions Thank you for your attention Christian Servin cservin@ucar.edu http://www.cs.utep.edu/christians/ 18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback