Security at CERN
Transcrição
Security at CERN
CERN, LHC & the Higgs Particle: Security in an Academic Environment Dr. Stefan Lüders (CERN Computer Security Officer) 15. Berner Tagung für Informationssicherheit, November 27th 2012 CERN in a Nutshell Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Tim Berners-Lee The CERN Business Model Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Higgs? Nuclei Proton Atom Virus Cell 10 -34 10 -30 10 -26 10 -22 10 -18 10 -14 10 -10 10 -6 Particle Accelerator Electron Microscope Microscope 1m The Solar System Galaxies The Observable Universe 10 6 10 10 10 14 10 18 10 22 10 26 Spy Glass Telescope Radio Telescope Looking into the Proton… Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Beam Bunch Proton …at Very High Energies… Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 World’s largest superconducting installation (27km @ 1.9°K) Steer a beam of 85 kg TNT through a 3mm hole 10.000 times per second …with Four Digital Cameras Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 100M data channels 1M control points 300 Mio. Collisions per Second Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Event size: ~10MB 24/7/200 Series Production Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 First data and 20yrs more to come! Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Overview Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN’s security footprint Operational Noise This is a “people” problem Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN’s security footprint Academic Freedom at CERN Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN’s Users: ►…from 100s of universities worldwide ►Pupils, students, post-docs, professors, technicians, engineers, physicists, … ►High turn-over (~10k per year) ►Merge of professional and private life: Social Networks, Dropbox, Gmail, LinkedIn, hostels on site, … Academic Freedom in Research: ►No limitations and boundaries if possible ►Free communication & freedom to publish ►Difficult to change people, impossible to force them ►Trial of the new, no/very fast life-cycles, all-time prototypes ►Open campus attitude: Consider CERN being an ISP! Academic Freedom at CERN Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN’s Users: ►…from 100s of universities worldwide ►Pupils, students, post-docs, professors, technicians, engineers, physicists, … ►High turn-over (~10k per year) ►Merge of professional and private life: Social Networks, Dropbox, Gmail, LinkedIn, … Academic Freedom in Research: ►No limitations and boundaries if possible ►Free communication & freedom to publish ►Difficult to change people, impossible to force them ►Trial of the new, no/very fast life-cycles, all-time prototypes ►Open campus attitude: I consider CERN being an ISP! CERN Sectors of Operations Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Office Computing Security Computing Services Security Grid Computing Security Control Systems Security Office Computing Footprint Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 General network architecture for all sectors: ►3 Class-B IP networks with >20 Gbps bandwidth incl. DHCP/wireless ►Several non-routable Class-B IP networks with >20 Gbps bandwidth ►>3000 switches, ~40k devices on Ethernet/DHCP/wireless networks ►6k firewall openings One flat office / wireless network… ►Visitor’s laptops and office PCs on same network …for a liberal (i.e. heterogeneous) user world ►Any type of personal/external laptops, PCs, PDAs, phones, devices, ... ►Any type of O/S: Mac OSX, Debian, Ubuntu, Windows 98, RedHat, … ►Any type of application, programming language, tools, Web sites, ... ►Hundreds of Web servers for dedicated purposes ►~23k user accounts Computer Services Footprint Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 7 computer centers ►each with up to ~10k nodes (~64k cores, ~64k HDDs) ►for central computing, accelerator operations, and physics experiments Serving a multitude of services & systems… ►Central O/S: Windows XP/7 (~6500 PCs), Windows Server 2008++, Scientific Linux 5/6, Mac OS X ►~2M mails per day: 95% SPAM, 1% unidentified SPAM, 4% regular ►AV, file systems (AFS, DFS), disk pools (~63PB), tape stores (~15PB/yr), DBs, versioning systems, document servers, HR/FI/engineering app’s, collaboration tools, PaaS virtualization service (~4k VMs), … ►~10k Web sites on 50 Web servers + many more for dedicated purposes ►CERN Internet Exchange Point (22 European ISPs + Telecom providers) …incl. GRID Computing ►Tier-0 (~7k nodes), 11x Tier-1s, and O(100) Tier-2s Control Systems Footprint Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Experiment: ALICE, ATLAS, CMS, LHCb, LHCf and TOTEM ALPHA (AD-5), Cast, Collaps, Compass, Dirac, Gamma Irradiation Facility, ISOLTRAP, MICE R&D, Miniball, Mistral, NA48/3, NA49, NA60, nTOF, Witch, … GCS, MCS, MSS, and Cryogenics System Safety: ACIS, AC PS1, AC PS2, AC SPS1, AC SPS2, Alarm Repeater, ARCON, ADS, CSA, SGGAZ, SFDIN, CSAM, CESAR, DSS, LACS, LASS, LASER, Radmon, RAMSES, MSAT, Radio Protection Service, Sniffer System, SUSI, TIM, and Video Surveillance Infrastructure: CV, ENS, FM, DBR, Gamma Spectroscopy, TS/CSE, and YAMS Accelerators: Accelerator Infrastructure: AB/OP, AD, CNGS, CCC, CLIC, ISOLDE, ISOLDE offline, LEIR, LHC, Linac 2, Linac 3, PS, PS Booster, REX, SM18, and SPS ADT, ACS, BQE, BPAWT, BDI, BIC, BLM, BOF, BPM, BOB, BSRT, BTV, BRA, CWAT, Cryo (Frigo, SM18 & Tunnel), BCTDC, BCTF, FGC, LEIR Low Level RF, LHC Beam Control System, LBDS, HC, LHC Logging Service, LTI, MKQA, APWL, BPL, OASIS, PIC, QDS/QPS, BQS, SPS BT, BQK, Vacuum System, WIC, and BWS Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN’s security footprint Operational Noise Phishing Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Targeted and untargeted “Phishing” attacks in English & French… Spoofed login pages… …on “trusted” hoster! Data Leakage Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Sensitivity levels are user dependent! Break-Ins Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Unpatched oscilloscope (running Win XP SP2) Lack of input validation & sanitization Unpatched web server (running Linux) Suboptimal configuration (1) Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN 2007 Crashed 17% Lack of robustness Failed 15% Passed 68% Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN’s security footprint Operational Noise This is a “people” problem A small quiz. Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Quiz: Which URL leads you to www.ebay.com ? ► http://www.ebay.com\cgi-bin\login?ds=1%204324@%31%33%37 %2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d ► http://www.ebaỵ.com/ws/eBayISAPI.dll?SignIn ► http://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo&siteid=0& co_partnerid=2&usage=0&ru=http%3A%2F%2Fwww.ebay.com&rafId=0 &encRafId=default ► http://secure-ebay.com Intelligent clientele Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 ► “May I point out that I do not have a tail and do not feel like being treated like a circus dog.” ► “Why there are idiotic policies in place to forbid use of certain technologies?” ► “I failed to pass the security courses, the questions were so stupid, that sometimes it's difficult to answer. If you want to meet with me personally, I can teach you computer security.” ► “I fully recognise the importance of computer security at CERN. However, I am not sure that you have yet appreciated that computer security is not the raison d' être of CERN. Computer security must always be balanced with the need for CERN to carry out its experiments. I do not believe that [...] poses a strong security risk and you have not explained to us why it does.” CERN Security Paradigm Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Find balance between “Academic Freedom”, “Operations” and “Computer Security” “Academic Freedom” means “Responsibility” ►(I, as Security Officer, decline to accept that responsibility) ►Instead, computer security at CERN is delegated to all users of computing resources (sys admins, controls experts, secretaries, …) ►If they don’t feel ready, they can pass that responsibility to the CERN IT department using central services. The CERN Security Team acts as facilitator and enabler: ►No big sticks, no heavy rules. CERN Security Paradigm Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 Find balance between “Academic Freedom”, “Operations” and “Computer Security” “Academic Freedom” means “Responsibility” ►(I, as Security Officer, decline to accept that responsibility) ►Instead, computer security at CERN is delegated to all users of computing resources (sys admins, controls experts, secretaries, …) ►If they dn’t feel ready, they can pass that responsibility to the CERN IT department using central services. The CERN Security Team acts as facilitator and enabler: ►No big sticks, no heavy rules. Change of Culture (at CERN) Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 “Security” is dealt with as with “Safety”. CERN aims for a “change of culture” & a “new mind set” ►Basic awareness training to everyone, esp. newcomers ►Every owner of a computer account must follow online security courses every 3 years. ►Provisioning of static code analyzers ►Dedicated training on secure development (Java, C/C++, Perl, Python, PHP, web, ...) ►Baselines & consulting Once people understand, the rest is easy: care, SLDC, use of standards, … Change of Culture (at CERN) Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 “Security” is dealt with as with “Safety”. CERN aims for a “change of culture” & a “new mind set” ►Basic awareness training to everyone, esp. newcomers ►Every owner of a computer account must follow online security courses every 3 years. ►Provisioning of static code analyzers ►Dedicated training on secure development (Java, C/C++, Perl, Python, PHP, web, ...) ►Baselines & consulting Once people understand, the rest is easy: care, SLDC, use of standards, … Change of Culture (Outside) Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 We have to start sensibilization early! ► Being aware of risks is the first step towards mitigation ► Today‘s kids are the programmers of tomorrow Why are IT graduates still weak in security? ► They learn programming, O/S, DBs, … for their BSc, but “security” just comes later in the MSc curriculum Why can software vendors still ship out insecure applications / devices? ► Why can I sue [car vendor] for a non-working brake but not [software vendor] for a vulnerability? ► Who has to do due diligence? Summary Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012 CERN’s Security Footprint is heterogeneous and vast However, security events happen and will continue to happen Enable users assuming responsibility. Provoke a Change-of-Mind!!! Literature Dr. Stefan Lüders (CERN IT/CO) ― DESY ― 20. Februar 2007 [email protected] — 15. Berner Tagung für Informationssicherheit — November 27th 2012