48-hour grid security challenge
Security is a major issue for all IT, not just grid infrastructures. Image courtesy StockXchng.
Is the grid secure?
It’s a question of critical importance, and of course it doesn't have a simple answer. Just like all IT systems, the grid is under constant attack and requires vigilant security teams.
“It’s a question of being prepared,” said Sven Gabriel, a security officer at NIKHEF, the national institute for subatomic physics in the Netherlands. His team of security experts simulated an attack on the grid using a virus-like security test payload in May 2011 as part of an annual security challenge. “We mimicked a global attack on the grid infrastructure, and the ‘infection’ was spread around 40 different sites in 20 countries,” Oscar Koeroo, a grid middleware security developer at NIKHEF, said.
The team showed an introductory video and a five-minute video of the challenge at the EGI Technical Forum in Lyon, France, last week.
Be prepared, be very prepared
Preparing for any kind of attack on the Worldwide Large Hadron Collider Computing Grid (WLCG) is a big task, as it services more than 8,000 users and consists of more than 300 ‘sites’ – data centers, research institutes or computer farms – across more than 50 countries.
Each site is responsible for their own security – smaller sites are run with just a few people for handling the operations, while larger ones have a dedicated security team.
“While some sites have deep security and forensic knowledge, other sites are lacking this expertise,” said Gabriel. “It is important to identify those individuals [with specific expertise] and get them involved helping other teams.”
Each site was responsible for figuring out what the virus was doing on the site and what problems were being introduced to the site. They then had to locate the virus and shut it down. One of the key parts of security being examined, however, was the level of collaboration between sites. This is the fifth time such a challenge has been operated, but it was the first time the collaboration of globally distributed sites had come under scrutiny - previous challenges have only looked at the response of individual sites.
On May 26, the challenge started: the researchers infected the 40 sites with the virus, and then they sent the first alarm to a site in the Asia Pacific region. The Asia Pacific were targeted first, Koeroo said, because they were the furthest east, and thus could pass the information west as the rest of the sites started their day.
From Russia, a surprise
A screenshot from the video when a Russian security expert was able to put a stop to the security challenge.
A Russian security expert, Eygene Ryabinkin, who is based at the Kurchatov Institute, the national nuclear energy research institute in Moscow, discovered the virus before he even received his alert. Ryabinkin traced the virus to the server in the Netherlands that the NIKHEF team were using, and was able to stop the attack.
Luckily, however, the NIKHEF team were able to communicate to Ryabinkin that it was just a test payload, not a real attack, and so they were able to continue after a few minutes, Koeroo said.
“Each site has a different level of expertise, one of the nice things about this challenge was that it identified who each of the security experts are within the grid team,” said Gabriel. “And Ryabinkin is one of them.”
Another example, Gabriel reported, was Daniel Kouril from Czechoslovakia, who retrieved data and analysis from their national network service provider to reveal potentially affected sites.
A ‘stolen’ laptop gave away a user’s ID
Of course, though, the challenge would not be complete if it didn't involve a large consumer of grid resources: the ATLAS experiment. The ATLAS experiment provided a copy of their computing infrastructure for the challenge so that the security teams could do a fully-fledged incident response without affecting the production system.
“We used the job submission framework at ATLAS to launch our ‘attack’,” said Koeroo.
The NIKHEF team made up a story where a user, Hegoi – who is, in fact, a real ATLAS user based at NIKHEF – had his laptop stolen at a conference. (Hegoi himself went along with it, going so far as to request a new laptop from NIKHEF, but that's another story.) According to this manufactured scenario, Hegoi's laptop contained his certificate - a password protected electronic user ID - which allows him to submit jobs to the grid through ATLAS.
Lessons learned
After the NIKHEF team submitted the virus by using Hegoi's user ID, the ATLAS security team decided to stop their dummy infrastructure while they found which user who had introduced it. This exercise helped in understanding and addressing potential issues with the production services, said Gabriel.
"We already had an idea of the operational security situation [from previous challenges] at each site therefore we expected that a challenge at a global scale should also be possible and reveal more interesting facts,” said Gabriel. "Considering it was a challenge on that scale it went quite smoothly."
“It is obvious that a close collaboration of all security teams is needed otherwise a proper incident response will be difficult." Gabriel and his team now plan to run a similar test for many of the national grid infrastructures.
About the Author
Jacqui Hayes is a former European Editor of iSGTW. She has an undergraduate degree in physics and a graduate diploma in science communication.
Digital Stream
Comments
thanks
limpeza de carpetes
lavagem de tapete
limpeza de sofa
limpeza de estofados
lavagem de carpete
http://lavagemdetapetes.org/
ajaxme
http://lavagemdesofa.org/
lavagem de tapetes
http://lavagem.carpetes.org/
Live blog
This comprehensive suite offers the most robust and progressive platform available for content creation and production. Great Product of Amazon.
Videoscribe
This is the introduction to the video tutorials at Videoscribe check out the site to see more.
You have done a great job.
You have done a great job. I've truly enjoyed reading your blog post because this blog extremely uses useful information. I'm very much greatful for your insight. What is SEO
amk Belgravia Villas is a new
amk Belgravia Villas is a new and upcoming cluster housing located in the Ang Mo Kio area, nested right in the Ang Mo Kio landed area. It is within a short drive to Little India, Orchard and city area. With expected completion in mid 2016, it comprises of 118 units in total with 100 units of terrace and 18 units of Semi-D.
But for occasional grillers,
But for occasional grillers, or those who prefer to keep their grills portable, propane remains the fuel of choice. However, some people prefer to use cast enamel grill grates which are less robust than its stainless steel counterpart. dyna glo smart space grill reviews Other Conveniences: Side burners are an option on some grills, and allow you to cook side dishes and sauces there, keeping every part of the cooking process in one spot.
This long-term traceability
This long-term traceability can only be trusted if there are proper audit logs, which is why the IGTF for the Kosmetik Online Herbalife current assurance levels requires traceability and proper audit logs.
Great job, I just ran across
Great job, I just ran across your weblog and wanted to say that I’ve truly enjoyed browsing your blog posts. I have subscribed to your feed and I hope you write again very soon.
ads dating.
melodicas
The site provides the most up to date list of melodicas and melodions to be found in the market ... For more details, visit melodicas
Nice post. I used to be
Nice post. I used to be checking continuously this weblog and I'm inspired! Extremely useful information specifically the final phase :) I maintain such info a lot. I used to be looking for this particular info for a very long time. Thanks and best of luck.
thuong mai dien tu
Backlinks
The name Text your wife into bed is a bit misleading. Why? Because you don't have to be married to have more sex with women using Michael Fiore's texting techniques. If you're a guy who wants to have more sex with the women in your life, then this program is intended to help you do just that...all at the push of a few buttons on your cell phone....
Backlinks
Phen375 or Phen375 Review is a pill that is created after years of research on Phentermine diet pills which is one of the largest selling diet pills in the world. Since many years this diet pill has been recognized as the most powerful appetite suppressant and fat burner in existence. Numerous people all over the world have got excellent results with this weight loss pill.
If you want to download
If you want to download iPhone games, avoid scam sites. The kind of sites that you can find that easily make all their money from advertising, which is why when you go to them you will just see lots of popups and all sorts of other kinds of sparkly stuff dying for you to click on it. this site As we said, these guys really have no interest in helping you get free Iphone games, they are just there to make money from the advertisers. One can easily outsource iPhone development to these centers and be assured of quality of these applications being delivered.
reply
Very helpful, this post give truly quality information. You made some exceptional points and i am grateful for your insight!
donna cerca uomo milano.
Several buses are available
Several buses are available near Bartley Road and Upper Paya Lebar Road along with shopping centers and restaurants. Bartley Ridge is also near to Nex Shopping Centre as well as the buzzling Toa Payoh area. Entertainment for your loved ones and friends is therefore at your fingertips with the full condo facilities as well as the amenities in Bartley.
Bartley Launch
Another example, Gabriel
Another example, Gabriel reported, was Daniel Kouril from Czechoslovakia, who retrieved data and analysis from their national network service provider to reveal potentially affected sites. travertine tiles
sms lån
The Asia Pacific were targeted first, Koeroo said, because they were the furthest east, and thus could pass the information west as the rest of the sites started their day.
hi
You know, a lot of individuals are hunting around for this information, you could aid them greatly. AIHL
John
Nice post. I used to be checking continuously this weblog and I'm inspired! Extremely useful information specifically the final phase :) I maintain such info a lot. I used to be looking for this particular info for a very long time. Thanks and best of luck.
Kiem tien tren mang
locksmith
Locksmithing is described because the art of making and beating locks. Locksmith services embrace changing locks, re-keying door knobs repairing broken locks and even cracking safes open (legally of course). Being a locksmith needs plenty of ability and coaching as a result of it's crucial to know numerous advanced mechanisms of recent day locking systems.
How to Handle Emergency Locksmith Situations
A locksmith wants plenty of creativity to style security systems. Locksmithing sounds pretty straightforward however to try to to this job needs someone with plenty of patience and a good deal of interpersonal skills. changing into an apprentice with a neighborhood locksmith could be a good way to determine whether or not this is often the correct career path for you. Get all the mandatory data on a way to enroll for specific courses and on the steps to changing into an accredited locksmith. categories may well be done at a neighborhood school of or by enrolling in an internet course. no matter mode of study you decide on make certain to ascertain that it's accredited by the Associated Locksmiths of America. this is often the most effective method of obtaining accredited.
How to become a locksmith
Becoming a locksmith isn't that tough as there are numerous vocational colleges that provide certificates during this field. counting on how briskly you're the course will be completed in 2 semesters. A certificate in Locksmithing includes of 4 to 5 courses and highschool students trying to pursue this as a career ought to take courses in math, physics, electronics and mechanical drawing. The U.S average salary for a locksmith is approximately $44,000 per year.
To become a locksmith solely needs a really tiny investment which suggests its sensible for those with very little access to capital however still would like to be self used. Being a locksmith is a wonderful career chance for a personal wishing to figure versatile hours or searching for half time work to substitute their traditional supply of income. There are many totally different areas of specialty in locksmithing as well as automotive locksmithing and Maintenance Locksmithing. modern-day locksmiths do not solely touch upon lock and keys however they additionally do security evaluations on properties, analyze any weaknesses then install measures to combat any potential issues.
Some terminology utilized by lock professionals embrace blade of key, bow of key, combination locks, tumblers and skeleton keys. These are terms that you {just} ought to research earlier before the professionals planning to your home just so you have got a clue regarding what they're making an attempt to inform you.
Locksmith Margate
Nice blog here! Also your site loads up very fast! What web host are you using? Can I get your affiliate link to your host? I wish my site loaded up as fast as yours loll
Scotch Plains NJ Locksmith
48-hour grid security challenge
In the world of internet each and every site has a fear of virus attack on the site but each site has a different level of expertise , each site is responsible to figure that what the virus id doing on the site and what kid of problems are encountered , but now the team of NIKHEF using Ryabinkin to trace the virus and stop the virus attack
Neworleans Locksmith
Meriden Locksmith
Write more, thats all I have to say. Literally, it seems as though you relied on the video to make your point. You obviously know what youre talking about, why waste your intelligence on just posting videos to your site when you could be giving us something enlightening to read?
Meriden Locksmith
work in a graveyard shift. I
work in a graveyard shift. I was getting bored at work as no work here at office. So was searching through some blogs and came across your blog, great work man I liked what you wrote Inspirational and very meaningful.
anniversary quotes for husband
Post new comment