Thursday, January 31, 2019
Congratulations to Dana and Internet2
Congratulations to Dana Brunson, who recently joined the Trusted CI team, on her new role as Executive Director for Research Engagement at Internet2!
We’re happy that Dana intends to stay part of the Trusted CI team and continue to lead our soon-to-be announced Trusted CI Open Science Cybersecurity Fellows Program. We thank Internet2 for giving her the flexibility to continue working on this as we work with NSF to formally approve this.
Please continue to watch the Trusted CI blog and the Trusted CI announce email list for news of the Fellows Program.
Monday, January 14, 2019
CCoE Webinar January 28th at 11am ET: Securing Scientific Cyberinfrastructure: The ResearchSOC
Von Welch and colleagues are presenting the talk "Securing Scientific Cyberinfrastructure: The Research Security Operations Center (ResearchSOC)" on Monday January 28th at
11am (Eastern). The ResearchSOC is a new project that was announced last fall.
Please register here. Be sure to check spam/junk folder for registration confirmation email.
Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."
The research and education (R&E) community faces particular challenges regarding cybersecurity: diversity of size and autonomy, the use of diverse infrastructure (scientific instruments, sensor networks, sequencers, etc.), the highly collaborative and dynamic nature of scientific communities, and the specialized expertise needed to support cybersecurity in the research context. This webinar provides an overview of the ResearchSOC, which provides the R&E community with cybersecurity services, training, and information sharing needed to make scientific cyberinfrastructure resilient to cyberattacks and capable of supporting trustworthy, productive research.
The ResearchSOC leverages existing cybersecurity services from Indiana University, Duke University, and the Pittsburgh Supercomputing Center. It combines these operational services with the establishment of a community of practice for sharing best practices, lessons learned, and operational intelligence. The ResearchSOC couples these services with outreach and training, targeted at research projects and the higher education information security community, to educate them on information security for research.
This webinar is ideal for technology managers supporting scientific research projects.Speakers:
- Von Welch: Director, Indiana University Center for Applied Cybersecurity Research and Director, Research Security Operations Center.
- Richard Biever: Chief Information Security Officer, Duke University.
- Michael Corn: Chief Information Security Officer at the University of California, San Diego.
- Inna Kouper: Assistant Director, Data to Insight Center at Indiana University.
- James Marsteller: Chief Information Security Officer of the Pittsburgh Supercomputing Center. Susan Sons: Chief Security Analyst at Indiana University Center for Applied Cybersecurity Research.
Join Trusted CI's announcements mailing list for information about upcoming events. To submit topics or requests to present, see our call for presentations. Archived presentations are available on our site under "Past Events."
Tuesday, January 8, 2019
Trusted CI Completes Engagement with the Environmental Data Initiative
The Environmental Data Initiative (EDI) (NSF DBI-1565103, NSF DEB-1629233) is an NSF-funded project accelerating curation and archival of environmental data with emphasis on data from projects funded by the NSF Division of Environmental Biology. Trusted CI's engagement with EDI began August 2018 and concluded December 2018. The engagement report is available at https://hdl.handle.net/2142/101921.
The engagement focused on Identity and Access Management (IAM) issues associated with the data repository API software PASTA+ (Provenance Aware Synthesis Tracking Architecture - Plus). Authenticated access to the data repository is currently performed by binding username and password to an LDAP server. While the current LDAP authentication implementation is functional, authorization is tightly coupled to the user identifier rather than LDAP groups. EDI staff are interested in moving away from the current LDAP authn/authnz implementation toward a more modern solution, with an emphasis on maintaining the current access control rule schema.
With this goal in mind, Trusted CI staff spent considerable effort in examining the current authn/authz implementation and how it could be updated to use current standards such as OAuth 2.0 / OpenID Connect (OIDC). Trusted CI staff concluded the engagement by presenting four available OAuth2/OIDC providers, as well as two potential group management solutions which could be used for authorization. Step-by-step tutorials were written detailing how to configure each solution as well as sample implementation code in several programming languages.
The need for modern, standards-compliant authentication and authorization systems is common across cyberinfrastructure projects, so the tutorials developed during this engagement have been made available at https://trustedci.org/iam for broader community use.
The engagement focused on Identity and Access Management (IAM) issues associated with the data repository API software PASTA+ (Provenance Aware Synthesis Tracking Architecture - Plus). Authenticated access to the data repository is currently performed by binding username and password to an LDAP server. While the current LDAP authentication implementation is functional, authorization is tightly coupled to the user identifier rather than LDAP groups. EDI staff are interested in moving away from the current LDAP authn/authnz implementation toward a more modern solution, with an emphasis on maintaining the current access control rule schema.
With this goal in mind, Trusted CI staff spent considerable effort in examining the current authn/authz implementation and how it could be updated to use current standards such as OAuth 2.0 / OpenID Connect (OIDC). Trusted CI staff concluded the engagement by presenting four available OAuth2/OIDC providers, as well as two potential group management solutions which could be used for authorization. Step-by-step tutorials were written detailing how to configure each solution as well as sample implementation code in several programming languages.
The need for modern, standards-compliant authentication and authorization systems is common across cyberinfrastructure projects, so the tutorials developed during this engagement have been made available at https://trustedci.org/iam for broader community use.
Thursday, January 3, 2019
Cyberinfrastructure Vulnerabilities 2018 Q4 Report
The Cyberinfrastructure Vulnerabilities team provides concise announcements on critical vulnerabilities that affect science cyberinfrastructure (CI) of research and education centers, including those threats which may impact scientific instruments. This service is available to all CI community members by subscribing to Trusted CI’s mailing lists (see below).
We monitor a number of sources for software vulnerabilities of interest. For those issues which warrant alerts to the Trusted CI mailing lists, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with XSEDE and the NSF supercomputing centers on drafting and distributing alerts to minimize duplication of effort and benefit from community expertise.Some of the sources we monitor for possible threats to CI include:
If you believe you have information on a cyberinfrastructure vulnerability, let us know by sending us an email at alerts@trustedci.org.
We monitor a number of sources for software vulnerabilities of interest. For those issues which warrant alerts to the Trusted CI mailing lists, we also provide guidance on how operators and developers can reduce risks and mitigate threats. We coordinate with XSEDE and the NSF supercomputing centers on drafting and distributing alerts to minimize duplication of effort and benefit from community expertise.Some of the sources we monitor for possible threats to CI include:
- OpenSSL, OpenSSH, and Globus project and security announcements
- US-CERT advisories
- XSEDE announcements
- RHEL/EPEL advisories
- REN-ISAC Alerts and Advisories
- Social media, such as Twitter, and Reddit (/r/netsec and /r/security)
- News sources, such as The Hacker News, Threatpost, The Register, Naked Security, Slashdot, Krebs, SANS Internet Storm Center and Schneier
- VMware Vulnerability (CVE-2018-6983)
- Apache Struts 2.3.x RCE Vulnerability When File Uploads Are Enabled
- VMware Vulnerability (CVE-2018-6974)
- Drupal - Multiple Vulnerabilities (SA-CORE-2018-006)
If you believe you have information on a cyberinfrastructure vulnerability, let us know by sending us an email at alerts@trustedci.org.
Subscribe to:
Posts (Atom)