Security at CERN

Transcrição

Security at CERN

CERN, LHC & the Higgs Particle:
Security in an Academic Environment
Dr. Stefan Lüders
(CERN Computer Security Officer)
15. Berner Tagung für Informationssicherheit, November 27th 2012
CERN in a Nutshell
Dr. Stefan Lüders (CERN IT/CO)
― DESY ― 20.
Februar
2007
[email protected] — 15. Berner Tagung für Informationssicherheit
— November
27th
2012
Tim Berners-Lee
The CERN Business Model
― DESY ― 20.
Februar
2007
— November
27th
2012
Higgs?
Nuclei
Proton
Atom
Virus
Cell
10 -34
10 -30
10 -26
10 -22
10 -18
10 -14
10 -10
10 -6
Particle
Accelerator
Electron
Microscope
Microscope
1m
The Solar System
Galaxies
The Observable
Universe
10 6
10 10
10 14
10 18
10 22
10 26
Spy
Glass
Telescope
Radio Telescope
Looking into the Proton…
― DESY ― 20.
Februar
2007
— November
27th
2012
Beam
Bunch
Proton
…at Very High Energies…
― DESY ― 20.
Februar
2007
— November
27th
2012
World’s largest superconducting installation
(27km @ 1.9°K)
Steer a beam of 85 kg TNT
through a 3mm hole
10.000 times per second
…with Four Digital Cameras
― DESY ― 20.
Februar
2007
— November
27th
2012
100M data channels
1M control points
300 Mio. Collisions per Second
― DESY ― 20.
Februar
2007
— November
27th
2012
Event size: ~10MB
24/7/200 Series Production
― DESY ― 20.
Februar
2007
— November
27th
2012
First data and 20yrs more to come!
― DESY ― 20.
Februar
2007
— November
27th
2012
Overview
― DESY ― 20.
Februar
2007
— November
27th
2012
CERN’s security footprint
Operational Noise
This is a “people” problem
― DESY ― 20.
Februar
2007
— November
27th
2012
Academic Freedom at CERN
― DESY ― 20.
Februar
2007
— November
27th
2012
CERN’s Users:
►…from 100s of universities worldwide
►Pupils, students, post-docs, professors,
technicians, engineers, physicists, …
►High turn-over (~10k per year)
►Merge of professional and private life:
Social Networks, Dropbox, Gmail,
LinkedIn, hostels on site, …
Academic Freedom in Research:
►No limitations and boundaries if possible
►Free communication & freedom to publish
►Difficult to change people, impossible to force them
►Trial of the new, no/very fast life-cycles, all-time prototypes
►Open campus attitude: Consider CERN being an ISP!
Academic Freedom at CERN
― DESY ― 20.
Februar
2007
— November
27th
2012
CERN’s Users:
►…from 100s of universities worldwide
►Pupils, students, post-docs, professors,
technicians, engineers, physicists, …
►High turn-over (~10k per year)
►Merge of professional and private life:
Social Networks, Dropbox, Gmail,
LinkedIn, …
Academic Freedom in Research:
►No limitations and boundaries if possible
►Free communication & freedom to publish
►Difficult to change people, impossible to force them
►Trial of the new, no/very fast life-cycles, all-time prototypes
►Open campus attitude: I consider CERN being an ISP!
CERN Sectors of Operations
― DESY ― 20.
Februar
2007
— November
27th
2012
Office Computing Security
Computing Services Security
Grid Computing Security
Control Systems Security
Office Computing Footprint
― DESY ― 20.
Februar
2007
— November
27th
2012
General network architecture for all sectors:
►3 Class-B IP networks with >20 Gbps bandwidth incl. DHCP/wireless
►Several non-routable Class-B IP networks with >20 Gbps bandwidth
►>3000 switches, ~40k devices on Ethernet/DHCP/wireless networks
►6k firewall openings
One flat office / wireless network…
►Visitor’s laptops and office PCs on same network
…for a liberal (i.e. heterogeneous) user world
►Any type of personal/external laptops, PCs, PDAs, phones, devices, ...
►Any type of O/S: Mac OSX, Debian, Ubuntu, Windows 98, RedHat, …
►Any type of application, programming language, tools, Web sites, ...
►Hundreds of Web servers for dedicated purposes
►~23k user accounts
Computer Services Footprint
― DESY ― 20.
Februar
2007
— November
27th
2012
7 computer centers
►each with up to ~10k nodes (~64k cores, ~64k HDDs)
►for central computing, accelerator operations, and physics experiments
Serving a multitude of services & systems…
►Central O/S: Windows XP/7 (~6500 PCs), Windows Server 2008++,
Scientific Linux 5/6, Mac OS X
►~2M mails per day: 95% SPAM, 1% unidentified SPAM, 4% regular
►AV, file systems (AFS, DFS), disk pools (~63PB), tape stores (~15PB/yr),
DBs, versioning systems, document servers, HR/FI/engineering app’s,
collaboration tools, PaaS virtualization service (~4k VMs), …
►~10k Web sites on 50 Web servers + many more for dedicated purposes
►CERN Internet Exchange Point (22 European ISPs + Telecom providers)
…incl. GRID Computing
►Tier-0 (~7k nodes), 11x Tier-1s, and O(100) Tier-2s
Control Systems Footprint
― DESY ― 20.
Februar
2007
— November
27th
2012
Experiment:
ALICE, ATLAS,
CMS, LHCb,
LHCf and TOTEM
ALPHA (AD-5),
Cast, Collaps,
Compass, Dirac,
Gamma
Irradiation
Facility,
ISOLTRAP, MICE
R&D, Miniball,
Mistral, NA48/3,
NA49, NA60,
nTOF, Witch, …
GCS, MCS, MSS,
and Cryogenics
System
Safety:
ACIS, AC PS1, AC PS2, AC SPS1, AC SPS2, Alarm Repeater, ARCON,
ADS, CSA, SGGAZ, SFDIN, CSAM, CESAR, DSS, LACS, LASS, LASER,
Radmon, RAMSES, MSAT, Radio Protection Service, Sniffer System,
SUSI, TIM, and Video Surveillance
Infrastructure:
CV, ENS, FM, DBR, Gamma Spectroscopy, TS/CSE, and YAMS
Accelerators:
Accelerator Infrastructure:
AB/OP, AD, CNGS,
CCC, CLIC,
ISOLDE, ISOLDE
offline, LEIR, LHC,
Linac 2, Linac 3,
PS, PS Booster,
REX, SM18, and
SPS
ADT, ACS, BQE, BPAWT, BDI, BIC,
BLM, BOF, BPM, BOB, BSRT, BTV,
BRA, CWAT, Cryo (Frigo, SM18 &
Tunnel), BCTDC, BCTF, FGC, LEIR Low
Level RF, LHC Beam Control System,
LBDS, HC, LHC Logging Service, LTI,
MKQA, APWL, BPL, OASIS, PIC,
QDS/QPS, BQS, SPS BT, BQK,
Vacuum System, WIC, and BWS
― DESY ― 20.
Februar
2007
— November
27th
2012
Operational Noise
Phishing
― DESY ― 20.
Februar
2007
— November
27th
2012
Targeted and untargeted
“Phishing” attacks in
English & French…
Spoofed login pages…
…on “trusted” hoster!
Data Leakage
― DESY ― 20.
Februar
2007
— November
27th
2012
Sensitivity levels are
user dependent!
Break-Ins
― DESY ― 20.
Februar
2007
— November
27th
2012
Unpatched oscilloscope
(running Win XP SP2)
Lack of input
validation & sanitization
Unpatched web server
(running Linux)
Suboptimal configuration (1)
― DESY ― 20.
Februar
2007
— November
27th
2012
CERN 2007
Crashed
17%
Lack of robustness 
Failed
15%
Passed
68%
― DESY ― 20.
Februar
2007
— November
27th
2012
Operational Noise
This is a “people” problem
A small quiz.
― DESY ― 20.
Februar
2007
— November
27th
2012
Quiz: Which URL leads you to www.ebay.com ?
► http://www.ebay.com\cgi-bin\login?ds=1%204324@%31%33%37

%2e%31%33%38%2e%31%33%37%2e%31%37%37/p?uh3f223d
► http://www.ebaỵ.com/ws/eBayISAPI.dll?SignIn

► http://scgi.ebay.com/ws/eBayISAPI.dll?RegisterEnterInfo&siteid=0&

co_partnerid=2&usage=0&ru=http%3A%2F%2Fwww.ebay.com&rafId=0
&encRafId=default
► http://secure-ebay.com

Intelligent clientele
― DESY ― 20.
Februar
2007
— November
27th
2012
► “May I point out that I do not have a tail and do not feel like being
treated like a circus dog.”
► “Why there are idiotic policies in place to forbid use of certain
technologies?”
► “I failed to pass the security courses, the questions were so stupid,
that sometimes it's difficult to answer. If you want to meet with me
personally, I can teach you computer security.”
► “I fully recognise the importance of computer security at CERN.
However, I am not sure that you have yet appreciated that
computer security is not the raison d' être of CERN. Computer
security must always be balanced with the need for CERN to carry
out its experiments. I do not believe that [...] poses a strong
security risk and you have not explained to us why it does.”
CERN Security Paradigm
― DESY ― 20.
Februar
2007
— November
27th
2012
Find balance between
“Academic Freedom”,
“Operations” and “Computer Security”
“Academic Freedom” means “Responsibility”
►(I, as Security Officer, decline to accept that responsibility)
►Instead, computer security at CERN is delegated
to all users of computing resources
(sys admins, controls experts, secretaries, …)
►If they don’t feel ready,
they can pass that responsibility to the
CERN IT department using central services.
The CERN Security Team acts as facilitator and enabler:
►No big sticks, no heavy rules.
CERN Security Paradigm
― DESY ― 20.
Februar
2007
— November
27th
2012
Find balance between
“Academic Freedom”,
“Operations” and “Computer Security”
“Academic Freedom” means “Responsibility”
►(I, as Security Officer, decline to accept that responsibility)
►Instead, computer security at CERN is delegated
to all users of computing resources
(sys admins, controls experts, secretaries, …)
►If they dn’t feel ready,
they can pass that responsibility to the
CERN IT department using central services.
The CERN Security Team acts as facilitator and enabler:
►No big sticks, no heavy rules.
Change of Culture (at CERN)
― DESY ― 20.
Februar
2007
— November
27th
2012
“Security” is dealt with as with “Safety”.
CERN aims for a
“change of culture” & a “new mind set”
►Basic awareness training to everyone,
esp. newcomers
►Every owner of a computer account must follow
online security courses every 3 years.
►Provisioning of static code analyzers
►Dedicated training on secure development
(Java, C/C++, Perl, Python, PHP, web, ...)
►Baselines & consulting
Once people understand, the rest is easy:
care, SLDC, use of standards, …
Change of Culture (at CERN)
― DESY ― 20.
Februar
2007
— November
27th
2012
“Security” is dealt with as with “Safety”.
CERN aims for a
“change of culture” & a “new mind set”
►Basic awareness training to everyone,
esp. newcomers
►Every owner of a computer account must follow
online security courses every 3 years.
►Provisioning of static code analyzers
►Dedicated training on secure development
(Java, C/C++, Perl, Python, PHP, web, ...)
►Baselines & consulting
Once people understand, the rest is easy:
care, SLDC, use of standards, …
Change of Culture (Outside)
― DESY ― 20.
Februar
2007
— November
27th
2012
We have to start sensibilization early!
► Being aware of risks is the first step towards mitigation
► Today‘s kids are the programmers of tomorrow
Why are IT graduates still weak in security?
► They learn programming, O/S, DBs, … for their BSc,
but “security” just comes later in the MSc curriculum 
Why can software vendors still ship out insecure
applications / devices?
► Why can I sue [car vendor] for a non-working brake
but not [software vendor] for a vulnerability?
► Who has to do due diligence?
Summary
― DESY ― 20.
Februar
2007
— November
27th
2012
CERN’s Security Footprint
is heterogeneous and vast
However, security events happen
and will continue to happen
Enable users assuming responsibility.
Provoke a Change-of-Mind!!!
Literature
― DESY ― 20.
Februar
2007
— November
27th
2012

Security at CERN

Transcrição

Documentos relacionados

LISTA:

Untitled - Buonissimo

pregnancy belly

Folie 1

2014-02-20-Green Fashion Switzerland.pptx

Irish Blessing JC.mus

OSTASIATISCHE ZEITSCHRIFT - Website der Deutschen

KG17 Cable lug

das institut für südasien-, tibet- und

Review of Interpretation of Multi-Messenger Data