9-13 July 2018
Sofia, Bulgaria
Europe/Sofia timezone

Cyber security detection and monitoring at IHEP private cloud for web services

10 Jul 2018, 12:15
15m
Hall 10 (National Palace of Culture)

Hall 10

National Palace of Culture

presentation Track 7 – Clouds, virtualization and containers T7 - Clouds, virtualization and containers

Speaker

Tian Yan (Institution of High Energy Physics, Chinese Academy of Science)

Description

To improve hardware utilization and save man power in system management, we have migrated most of the web services in our institute (Institute of High Energy Physics, IHEP) to a private cloud build upon OpenStack since last few years. However, cyber security attacks becomes a serious threats to the cloud progressively. Therefore, a detection and monitoring system for cyber security threats is necessary for such an important platform.

This system collects network traffic data through OpenStack Neutron API and processes the traffic with Bro IDS, it's logs and the web/system log data of Virtual Machines (VM) are collected by Logstach and Filebeat. All the log data are stored in a storage server as well as Elasticsearch.The latter is used for quick search purpose during forensics. A group of analysis jobs are running to check the logs according to security policies, these policies are stored in databases and can be updated by security operators. The real time analysis results are illustrated in Web UI. Email alerts will be sent to security operators when an incident is detected.

A prototype of this system has been developed and deployed at IHEP to enhance the security of the private cloud for web services.

Primary authors

Tian Yan (Institution of High Energy Physics, Chinese Academy of Science) Shan Zeng (Chinese Academy of Sciences (CN)) Mr Mengyao Qi (IHEP) Qingbao Hu (IHEP) Qi Fazhi (IHEP)

Presentation Materials