Upgrade to Pro — share decks privately, control downloads, hide ads and more …

SC21: Addressing Cybersecurity Standards / Poli...

Ian Lee
November 17, 2021
Technology
0
130

SC21: Addressing Cybersecurity Standards / Policies in HPC Environments

Applying security standards, configurations and policies originally designed for servers or workstations to something as functionally different as a supercomputing cluster can be a frustrating task. With rigorous interpretation, such efforts often present obstacles to approving a “functional” system, typically paint an inaccurate picture of the actual security posture of a given cluster, and always seem to involve large-scale exceptions to address misapplication. This meeting will consist of short presentations from three Department of Energy HPC centers; each one representing a unique perspective on methods used to meet a set of cybersecurity requirements in order to deliver mission critical systems.

Ian Lee

November 17, 2021
Tweet

More Decks by Ian Lee

See All by Ian Lee
HPC STX Overview
ianlee1521
0
16
DevOps in HPC
ianlee1521
0
100
Monitoring HPC Security at LLNL
ianlee1521
0
170
Pass On What You Have Learned: Deploying to Production
ianlee1521
0
530
Building DevOps into HPC System Administration
ianlee1521
0
120
Keeping It All Safe: LLNL HPC Security Architecture
ianlee1521
0
190
Development of the TOSS 4 STIG
ianlee1521
0
240
You Must Unlearn What You Have Learned
ianlee1521
0
100
Intro to Git for Security Professionals - WWHF WW 2021
ianlee1521
0
140

Other Decks in Technology

See All in Technology
Spring Bootで実装とインフラをこれでもかと分離するための試み
shintanimoto
7
820
品質文化を支える小さいクロスファンクショナルなチーム / Cross-functional teams fostering quality culture
toma_sm
0
110
CloudWatch 大好きなSAが語る CloudWatch キホンのキ
o11yfes2023
0
180
AWS Control Towerを 数年運用してきての気づきとこれから/aws-controltower-ops-tips
tadayukinakamura
0
150
Writing Ruby Scripts with TypeProf
mame
0
140
AWSLambdaMCPServerを使ってツールとMCPサーバを分離する
tkikuchi
1
3k
AWSで作るセキュアな認証基盤with OAuth mTLS / Secure Authentication Infrastructure with OAuth mTLS on AWS
kaminashi
0
160
MCPを活用した検索システムの作り方/How to implement search systems with MCP #catalks
quiver
12
6.5k
JPOUG Tech Talk #12 UNDO Tablespace Reintroduction
nori_shinoda
2
140
Cross Data Platforms Meetup LT 20250422
tarotaro0129
1
580
Ops-JAWS_Organizations小ネタ3選.pdf
chunkof
2
170
Linuxのパッケージ管理とアップデート基礎知識
go_nishimoto
0
240

Featured

See All Featured
10 Git Anti Patterns You Should be Aware of
lemiorhan
PRO
656
60k
The Psychology of Web Performance [Beyond Tellerrand 2023]
tammyeverts
47
2.5k
RailsConf & Balkan Ruby 2019: The Past, Present, and Future of Rails at GitHub
eileencodes
135
33k
Designing Dashboards & Data Visualisations in Web Apps
destraynor
231
53k
Helping Users Find Their Own Way: Creating Modern Search Experiences
danielanewman
29
2.5k
Embracing the Ebb and Flow
colly
85
4.6k
The Illustrated Children's Guide to Kubernetes
chrisshort
48
49k
Side Projects
sachag
452
42k
The Pragmatic Product Professional
lauravandoore
33
6.5k
Building Better People: How to give real-time feedback that sticks.
wjessup
367
19k
A Tale of Four Properties
chriscoyier
158
23k
The Cost Of JavaScript in 2023
addyosmani
49
7.7k

Transcript

  1. LLNL-PRES-829250 This work was performed under the auspices of the

    U.S. Department of Energy by Lawrence Livermore National Laboratory under contract DE- AC52-07NA27344. Lawrence Livermore National Security, LLC Addressing Cybersecurity Standards / Policies in HPC Environments SC21: Birds of a Feather Ian Lee 2021-11-17

  2. 2 LLNL-PRES-829250 § A common operating system and computing environment

    for HPC clusters — Based on RHEL operating system — Modified RHEL Kernel § Methodology for building, quality assurance, integration, and configuration management § Add in customization for HPC specific needs — Consistent source and software across architectures: Intel, PowerPC, and ARM — High speed interconnect — Very large filesystems Tri-Lab Operating System Stack (TOSS)

  3. 3 LLNL-PRES-829250 § Security requirements often quite prescriptive — STIG

    > CIS Benchmark > Vendor Guideline > generic NIST 800-53 controls § Developing a STIG for the TOSS operation system with DISA (Work in Progress!) — Largely based on the RHEL 8 STIG, which TOSS 4 is derived from — Small tweaks: adjust some DoD specific language to make compatible for other Gov agencies — Larger requests: no explicit allow-listing of software on TOSS, being a software development OS — HPC specific: RHEL STIG says 10 concurrent sessions for DOS reasons, TOSS STIG proposed 256 Security Baseline

  4. 4 LLNL-PRES-829250 Security Dashboards – Operational and Compliance

  5. Disclaimer This document was prepared as an account of work

    sponsored by an agency of the United States government. Neither the United States government nor Lawrence Livermore National Security, LLC, nor any of their employees makes any warranty, expressed or implied, or assumes any legal liability or responsibility for the accuracy, completeness, or usefulness of any information, apparatus, product, or process disclosed, or represents that its use would not infringe privately owned rights. Reference herein to any specific commercial product, process, or service by trade name, trademark, manufacturer, or otherwise does not necessarily constitute or imply its endorsement, recommendation, or favoring by the United States government or Lawrence Livermore National Security, LLC. The views and opinions of authors expressed herein do not necessarily state or reflect those of the United States government or Lawrence Livermore National Security, LLC, and shall not be used for advertising or product endorsement purposes. Thank you! Looking forward to the discussion coming up. See you at: [email protected]