TGQR 2010Q4 Report.pdf - Teragridforum.org

More documents

Recommendations

Info

8.8 RP Operations: Security During this quarter, TG RPs provided expert staff in support of local and TG-wide collaborative security. TG RP local security operations include intrusion detection, examining log data, investigating unusual use patterns, and incident response for all hardware and networks on a 24- hour on-call basis. All TG RP partners are required to participate in the TG-wide Security Working Group which coordinates security operations and incident response across the project. During this quarter there was an incident of a user losing control of his access credentials. This is not too unusual. The security working group and incident response teams respond to handful of these each year. However, during this quarter it just happened that TGCDB access was not available when this incident surfaced. It was noted that the absence of TGCDB access made connecting this user with his/her local username on each TeraGrid resource more difficult and consequently took more time. This did not create a serious problem for TeraGrid as this was a single user compromise and exploitation to TeraGrid hosts was not aggressive, it did highlight that a TGCDB outage does have some impact on security incident handling capabilities for TeraGrid. 8.8.1 NCAR NCAR was not directly involved in the multiple-account compromise security incidents in this quarter. Accounts for the affected users either had not been requested on NCAR resources or had been closed due to inactivity well before the incidents occurred. The prompt detection and response at other RPs prevented adversaries from compromising additional accounts that were active at NCAR. The ability of other RPs to share network connection details from adversary activity was crucial to ensure that other accounts at NCAR were not also compromised. NCAR’s network monitoring system is operating at full capacity with bro and argus. 8.8.2 The NCSA security team responded to five different incidents involving TeraGrid users or resources in the fourth quarter of 2010. All five of these incidents involved remotely compromised user accounts and one of the five resulted in the intruders escalating to root privileges on a TeraGrid resource. Two of the compromised accounts were reported from remote sites and actions were taken to disable the accounts and no malicious activity was discovered for those accounts. The other three incidents were detected with the current security monitoring done within NCSA and then we notified other TeraGrid sites who were able to take proactive mitigation steps. The downtime for the compromised machine was less than a day. NCSA worked with users in each incident to get their remote systems cleaned and access to NCSA reenabled. 8.8.3 NCSA ORNL During the fourth quarter of calendar 2010, there were no root compromises on the NSTG nodes. There were no users who lost control of their credentials from activities on NSTG machines. Accounts of TeraGrid users who were the victims of stolen credentials at other TeraGrid sites did not log on to NSTG machines during suspect periods. NSTG staff took timely action to identify and insure deactivation of accounts of users whose credentials were stolen and users whose credentials may have been exposed during a known incident. During this period, the ORNL RP, along with all of the TeraGrid RP’s continued to participate in TeraGrid-wide security activities including the security working group meetings and the weekly incident reporting calls. 84
8.8.4 PSC During October, the PSC security team spent a significant amount of time responding to serious Linux vulnerabilities that had been announced. These announcements were occurring about once per week, and when announced, there were no vendor patches available. This created an awkward situation where we had to find ways to protect against these threats until patches were made available. For each of these vulnerabilities PSC’s Jim Marsteller created a wiki page so the status of all production systems could be tracked. This included identifying which of the production systems were at risk and what controls could be applied to mitigate the risks until an official patch would be released. This same process was duplicated for TeraGrid in order to coordinate responses from all resource providers. To date there have been no security incidents at PSC related to these vulnerabilities. PSC had no other security incidents during the quarter. After conducting an audit for accounts that have not seen any activity in the past six months, PSC disabled a number of inactive user accounts. We now have 1,200 fewer idle accounts for hackers to target. There has only been one call from a user whose account was incorrectly disabled (account was only used to access a Wiki maintained by PSC). We have modified our procedures so that access to a wiki will be considered as active use of an account. Jim Marsteller held the annual “Security 4 Lunch” on 08-Nov-2010 for all PSC staff and students. The one hour presentation covered general information on security best practices including material for PSC staff traveling to SC10. This year the staff was very interactive, asking a number of security related questions. In fact, the VPN demo ran over the one hour allotted time. 8.8.5 Purdue disabled 11 TG accounts due to compromises reported at other RP sites. Purdue also deleted SSH keys for one account due to compromise at another RP site. Purdue patched several Linux kernel and libc 0-day vulnerabilities. 8.8.6 Purdue SDSC SDSC had five minor incidents this quarter. These incidents resulted in the compromise of multiple user accounts elsewhere. Six user accounts were proactively suspended at SDSC as a result. No evidence of abuse of these accounts was found prior to their deactivation. SDSC performed and completed a security audit of Trestles. Minor configuration changes were made to the system configuration to enhance security posture and improve the quality of information available for incident detection and response. 8.8.7 TACC A security compromise on the previous Lonestar system occurred on the two login nodes on October 27, 2010. A then recent Linux kernel vulnerability was used by an intruder to gain root privileges and replace ssh to collect user passwords. This tripped automatic change detection scripts on Lonestar and notified admins of the compromise. TACC admins immediately cut off access to Lonestar, notified TG security working group of compromised user account and began forensic analysis of the compromise. During the investigation, the file used by the intruder to start collecting passwords was found and had three user accounts in it, however, the intruder may not have had time to retrieve those passwords once remote access was disabled. Those users were immediately notified to change their passwords just in case of possible collection. A patch was applied to the Lonestar kernel to remove the vulnerability. In addition, three user accounts with compromises at other locations had their accounts disabled on TACC systems. 85
Page 1 and 2:
NSF Extensible Terascale Facility T
Page 3 and 4:
Working Group Leaders Accounting Ad
Page 5 and 6:
6.5 RP Operations: Accounting/Core
Page 7 and 8:
1 Overview The TeraGrid is an open
Page 9 and 10:
accounting system; an additional 94
Page 11 and 12:
2 Science and Engineering Highlight
Page 13 and 14:
and that they will be able to deter
Page 15 and 16:
Enhancements in photocurrent have b
Page 17 and 18:
2.2.8 Chemistry: Molecular Simulati
Page 19 and 20:
to the seafloor. Vortex shedding ca
Page 21 and 22:
In 2010, Aidun and colleagues made
Page 23 and 24:
in treating diabetes and obesity. T
Page 25 and 26:
2.2.18 Physics: The Geophysical Hig
Page 27 and 28:
service. In addition to GRAM5, we a
Page 29 and 30:
Figure 4-2 Q4 usage by gateway. The
Page 31 and 32:
hearing about the experiments, many
Page 33 and 34: John Cobb presented the capstone ta
Page 35 and 36: Work initiated by a helpdesk ticket
Page 37 and 38: machine) runs limit use of the syst
Page 39 and 40: PI Name Joseph Hargitai, Albert Ein
Page 41 and 42: helped Robert Coridan (UIUC) to exp
Page 43 and 44: Approach to Physics-based Seismic H
Page 45 and 46: Helly, SIO/UCSD Lattice Gauge Calcu
Page 47 and 48: College Simulation and Data Analysi
Page 49 and 50: During this quarter Cui prepared an
Page 51 and 52: 7. Minor performance improvements,
Page 53 and 54: OpenMP. Plan is to continue the eff
Page 55 and 56: • Joel Ledford of the California
Page 57 and 58: The team also mentioned that they h
Page 59 and 60: the makefile for compiling the sour
Page 61 and 62: Implement test cases for MPI based
Page 63 and 64: User news was posted to inform the
Page 65 and 66: authentication infrastructures. Wit
Page 67 and 68: 6.5 RP Operations: Accounting/Core
Page 69 and 70: Note that the total repository of T
Page 71 and 72: From an analysis of the hits for wh
Page 73 and 74: 7.2 Data 7.2.1 Data Movement contin
Page 75 and 76: historical time series of average p
Page 77 and 78: on a demonstration that took place
Page 79 and 80: NCSA's SGI Altix UV system, Ember,
Page 81 and 82: 8.5.2 Job Submission (GRAM) Statist
Page 83: 8.7 Security 8.7.1 Security Working
Page 87 and 88: Figure 8-8. TeraGrid Usage Summary
Page 89 and 90: Arun Yethiraj, U Wisconsin-Madison
Page 91 and 92: Institution Users NUs BRI City of H
Page 93 and 94: 4. Review Suggested Keywords - TIS
Page 95 and 96: YNT publications are intended for u
Page 97 and 98: In response to feedback from the Sc
Page 99 and 100: Figure 2. XDMoD Portal The 9 Naviga
Page 101 and 102: Figure 5. Total number of TG jobs r
Page 103 and 104: Figure 8. Total CPU Consumption per
Page 105 and 106: Figure 10: XDMoD data warehouse sch
Page 107 and 108: Figure 12. AMBER-based application
Page 109 and 110: Dr. Ann Zimmerman of the University
Page 111 and 112: • Personal utilization informatio
Page 113 and 114: 2) Given the emergence of Green tec
Page 115 and 116: supercomputers were a huge draw for
Page 117 and 118: sciences by enabling and stimulatin
Page 119 and 120: The TeraGrid booth showcased group
Page 121 and 122: 10.2 EOT Impact Stories Indiana IU
Page 123 and 124: The Ranger system at the Texas Adva
Page 125 and 126: conference to assess their level of
Page 127 and 128: Also at SC10 Rebecca Day, a teacher
Page 129 and 130: NCAR For the first time, SIParCS ou
Page 131 and 132: communicates TeraGrid’s impact. L
Page 133 and 134: 10/18/2010: TeraGrid Partner SDSC M
Page 135 and 136:
10.11 Broader Impacts LONI As part
Page 137 and 138:
14 TeraGrid/Open Science Grid (OSG)
Page 139 and 140:
• Task I2.1 (Run RAPTOR-OOPS work
Page 141 and 142:
22. Chourasia, A. 2010. GlyphSea. I
Page 143 and 144:
A.2. Publications from TeraGrid Use
Page 145 and 146:
30. Tchekhovskoy, A., Narayan, R.,
Page 147 and 148:
70. P. M. Motl, J. E. Tohline & J.
Page 149 and 150:
114. Krolik:Invited talk “Connect
Page 151 and 152:
142. Houston, A. L. and R. B. Wilhe
Page 153 and 154:
175. VAN POPPEL, B., DESJARDINS, O.
Page 155 and 156:
208. J B. Clemens, E. A. Chagarov,
Page 157 and 158:
238. M.H. Alkordi, A.C. Stern, J.L.
Page 159 and 160:
DMR050002 272. Unusual dielectric r
Page 161 and 162:
306. J. Lind, R.M. Suter, “3DXRD
Page 163 and 164:
348. T.-L. Chan, J.R. Chelikowsky,
Page 165 and 166:
383. A. Szyperska, J. Rak, J. Leszc
Page 167 and 168:
416. Armstrong, B. D.; Soto, P.; Sh
Page 169 and 170:
446. S. A. Shaikh and E. Tajkhorshi
Page 171 and 172:
483. Jérôme Hénin, Grace Bran
Page 173 and 174:
MCB070009 521. J. Lee, S. Ham, and
Page 175 and 176:
555. Lintao Bu, G.T. Beckham, M.R.
Page 177 and 178:
Physics MCA06N025 587. “Nuclear P
Page 179 and 180:
614. Scaling studies of QCD with th
Page 181 and 182:
PHY060028 645. M. Campanelli, C. O.
Page 183 and 184:
Astronomical Sciences AST060031 7.
Page 185 and 186:
47. Reynolds, D. R., Hayes, J. C.,
Page 187 and 188:
February 17. 91. Liang, X.-Z., 2010
Page 189 and 190:
123. J.C. Fox, A. Gupta, H.H. Bayra
Page 191 and 192:
166. Bernard,P.S.,Collins,J.P.andPo
Page 193 and 194:
Noncolloidal Suspensions,” 7 th I
Page 195 and 196:
249. V.A. Shubert, C.W. Muller and
Page 197 and 198:
Motion Simulations in the Central U
Page 199 and 200:
331. L.K. Wagner and J.C. Grossman.
Page 201 and 202:
377. Lawrenz, M., Wereszczynski, J.
Page 203 and 204:
423. C. Maffeo, R. Schopflin, H. Br
Page 205 and 206:
463. Zhong, L., Walker, R.C., Brady
Page 207 and 208:
513. McWilliams, J. C., and M. J. M
Page 209 and 210:
557. Strong-Field Ionization of Lit
Page 211 and 212:
613. F. Foucart, M. D. Duez, L. E.
Page 213 and 214:
Seminar What is Cyberinfrastructure
Page 215 and 216:
P Tour Tech 104 IUPUI, Indianap oli
Page 217 and 218:
Online Tutorial Parallel Numerical
Page 219 and 220:
Type Title Location Date(s) Hours N
Page 221 and 222:
the Classroom Conf. Present‟n Fro
Page 223 and 224:
m; San Diego, CA Workshop (Teachers
Page 225 and 226:
Tour Ranger Tour and Cluster Manage
Page 227 and 228:
Presentation Presentation Extreme-S
Page 229 and 230:
Work Package Dependencies Planned Q
Page 231 and 232:
SI.MTS 2.5.10.2 P Metascheduling ca
Page 233 and 234:
Page 235 and 236:
Page 237 and 238:
Project-ID WBS OPMD TeraGrid AUS PY
Page 239 and 240:
Project-ID WBS OPMD Description Ter
Page 241 and 242:
Work Package Dependencies Planned R
Page 243 and 244:
Work Package Dependencies Planned R
Page 245 and 246:
DV.DC.RP.TACC 3.0.1.22 O TACC RP Da
Page 247 and 248:
Bennett[30%], ongoing NOS.Sec.RP.PS
Page 249 and 250:
NOS.INCA 4.4.3.3 P knowledgbase lin
Page 251 and 252:
QSR 2010Q4 Report Values QSR 2010Q3
Page 253 and 254:
QSR 2010Q4 Report Values QSR 2010Q3
Page 255 and 256:
Among the participants were sixty g
Page 257 and 258:
the talks should address less on th
Page 259 and 260:
Appendix A - Summer School Agenda M
Page 261 and 262:
Appendix B - Attendees, Staff and P
Page 263 and 264:
Staff and Presenters Ferrer Annika
show all

TGQR 2010Q4 Report.pdf - Teragridforum.org

Create successful ePaper yourself

Delete template?

Save as template?