Description
Cyber attacks we are faced with are not only sophisticated, but also in many instances highly profitable for the actors behind. It takes organizations on average more than six months to detect a cyber attack. The more sophisticated the attack, the likelier it is that it will pass undetected for longer. And by the time the breach is detected, many times it’s already too late.
The only mean to adopt an appropriate response is to build a tight international collaboration and to implement trusted information sharing mechanisms within the community. The groundwork for that has already been laid in the WLCG Security Operations Centers Working Group by setting up a
central HEP MISP instance and by investigating the sharing of threat intel data inside the community.
Workshop attendees will be given an introduction to the MISP platform, will get to deploy their own MISP instance and set up sharing with other MISP instances. Access will be provided to the central HEP MISP instance currently containing more than 160 000 Indicators of Compromise, with new ones being constantly added as new threats emerge. This is an excellent opportunity to get to learn how to best make use of the platform and of the threat intelligence already available inside the community to protect both
your organization and at the community as a whole.
After many months of work the wLCG Tier 1 centre at RAL has begun to deploy IPv6 addresses to production hosts. This talk will detail the work that has been done and explain the strategy that has been adopted for managing addresses in a dual-stack environment.
This presentation provides an update on the global security landscape since the last HEPiX meeting. It describes the main vectors of compromises in the academic community including lessons learnt, presents interesting recent attacks while providing recommendations on how to best protect ourselves. It also covers security risks management in general, as well as the security aspects of the...
WLCG relies on the network as a critical part of its infrastructure and therefore needs to guarantee effective network usage and prompt detection and resolution of any network issues, including connection failures, congestion and traffic routing. The OSG Networking Area is a partner of the WLCG effort and is focused on being the primary source of networking information for its partners and...
ESnet staff are in the early stages of planning the next generation of their network, ESnet6. ESnet is providing network services to all of the large US LHC computing centers and this community is the biggest user of the current ESnet5 network. ESnet6 is expected to be online during the LHC Run 3 and Run 4. How the LHC community uses the network has a big impact on the ESnet6 project, and...
In order to provide a more secure and manageable network in IHEP, we designed a new network architecture which will be implemented in the middle of this year, this report will give an introduction of this architecture, and under this architecture, we have done some IPv6 tests and deployed some monitoring tools, the test results will be shown. Moreover, the research of the network security...
This update from the HEPiX IPv6 Working Group will present activities during the last 6-12 months. In September 2016, the WLCG Management Board approved the group's plan for the support of IPv6-only CPU, together with the linked requirement for the deployment of production Tier 1 dual-stack storage and other services. This talk will remind HEPiX of the requirements for support of IPv6 and the...
We present an update of KEK computer security since HEPiX spring 2016. Over this past year, several security incidents occurred in KEK and Japanese academic sites. Consequently, we are forced to change our computer security strategy.
In this presentation, we also report our experiences, practices, and future plans on KEK computer security.
The HEP community is facing an ever increasing wave of computer security threats, with more and more recent attacks showing a very high level of complexity. Having a Security Operations Center (SOC) in place is paramount for the early detection and remediation of such threats. Key components and recommendations to build an appropriate monitoring and detection Security Operation Center will be...
