www.lrz.de/presse/ereignisse/2022-06-26-CSIRT-en

Security: Intelligently engineered for Open science

sicher

IT-Security. Foto and grafics: Fly d'Art/UNsplash

Artificial intelligence supports security: Computer systems and networks of the Leibniz Supercomputing Centre are monitored by smart programmes. They permanently and automatically search for patterns in the technical data on access to the Munich Scientific Network (MWN). They recognize whether a person only needs an IT service or whether a botnet is attacking its systems and infrastructure. Such networks consist of already infected devices and are remotely controlled to spread spam or malware, take control of computers or overload them with pointless tasks. In this case, the smart programmes sound the alarm - and the Computer Security Incident Response Team (CSIRT) switches into crisis mode: "In just a few minutes, a security incident can disrupt the operation of our computers and systems," explains Stefan Metzger, computer scientist and head of the team. "We analyse the incident, immediately protect our resources, inform the institutions involved and our users and make sure that the services work reliably again." Thanks to well-rehearsed processes, the SuperMUC-NG was ready to work again soon after a serious attack in 2020, despite necessary coordination with external bodies, such as investigative authorities

Open science vs security strategies

The CSIRT was founded about ten years ago, and the task for one person has grown into a team of ten IT specialists. "We gather experience with operating systems, networks, hardware and software so that we can cover an incident completely," says Metzger. "While universities and research institutions were rarely targets for attackers, they are now being targeted to disrupt operations or steal research results. The more sensitive the stored data, the greater the risks." CSIRT takes care to protect access to the LRZ's computer building, but above all it secures the electronic paths against intruders. Several times a month, the smart systems report attacks on the MWN in order to abuse or paralyse computers or to tap research results.

"Security measures restrict," says Metzger, describing the fundamental conflict, "but our customers want freedoms." Open science requires data exchange to be simple, and the networks to be easily accessible. For this reason, universities and institutes in the MWN operate largely autonomously; the LRZ provides them with technology and IT services, but they usually take care of the security of their computers and networks themselves. However, if the administrators use old software versions and security protocols, this makes attacks easier. Instead, the LRZ relies on secure services such as LRZ Sync + Share for the exchange of information, firewalls and Virtual Private Networks (VPN), especially protected internet connections. Other tools come from technology partnerships, for example with the pan-European network Géant, the associazion German Research Network (DFN), the Globus Alliance or with services such as URLhaus, a database for harmful internet addresses.

Sharing knowledge and strengthening each other

Educating people is another effect method for IT security, because sophisticated attack tactics are rather rare: "More often, unauthorised persons want to gain access to systems or mailboxes with the help of easy-to-guess passwords or compromised identifiers," observes the CSIRT team. According to the HaveIbeenpwned database, around 7 per cent or 25,124 of 315,183 passwords are currently compromised - their owners have been informed that they should change their login.

The two-factor authentication that the CSIRT has set up at the LRZ 2021 also offers more security. In addition to a personal password, another token is required to use a service. What provides security at the MWN can also strengthen the Bavarian academic and research landscape: The LRZ now offers two- or multi-factor authentication to its user base as a service, advises on its introduction and is also working to build a cross-university IT security community in Bavaria. Sharing knowledge and experience. That has always been the smarter strategy against attacks. (vs)


For further reading:

• Albrecht Ude (ed.): Sicherheit in vernetzten Systemen. Hamburg 2022, the proceedings of the 29th DFN Conference 2022 contain contributions by IT security specialists from the LRZ, for example on multi-factor authentication, a documentation system and security in networked systems. Ebook in German and English 

S. Metzger, W. Hommel, H. Reiser: Integriertes Management von Sicherheitsvorfällen, Munich 2011 (in German)