iSGTW - International Science Grid This Week
iSGTW - International Science Grid This Week
Null

Home > iSGTW - 15 December 2010 > Feature - Putting the "u" in security

Feature - Putting the "u" (you) in "security"


Image courtesy Fotolia.com

Last year, there was more malware distributed that in all previous years combined; 2009 had a sixfold increase over 2008.

One of the main reasons for this is that the technical level required to become a cyber criminal is no longer out of reach for the common user; cybercrime has therefore become more accessible, and to a larger number of people.

And the people doing it are not often more than just hackers, out for the computing equivalent of a joyride. Far from being hobbyists, attackers have developed into a highly specialized group — including coders/ programmers, distributors/vendors, techies maintaining the criminal infrastructure, and fraudsters – together forming a separate breed that is part of a larger underground business generally seeking to make money.

Because of its high visibility, CERN is often a target.

To combat this, CERN has focused on better prevention. Following up on the organization’s  “Security is not complete without you” campaign launched in June, the key message is that security is everyone’s concern, not just the security team’s. Attacks occur both technically, through phishing for example, and via manipulating people into divulging confidential information (aka “social engineering”). Therefore, maintaining vigilance when using IT facilities is an essential part of everyone’s responsibility.

Romain Wartel of CERN’s computing security team, says their mission is threefold: protection, prevention and response. They do this by looking for vulnerabilities that could be exploited by others —  in a non-intrusive way.  They then report any issue to the owner whose task is to fix it. The idea is not only to try to stop an attack, but more importantly, to limit the impact or damage once the attack has occurred. “The key is not so much to prevent, as to make sure it doesn’t happen again” said Wartel.

 Image courtesy cylonka Bsg, stock.exchng

It’s a constantly moving target, because the development of technology constantly renders obsolete measures taken today. Therefore, a big part of the security team’s job is learning about the newest developments, as well as from past events.

“Every day, we register thousands of computer attacks against CERN: there are attempts to tamper with web pages, hack into user accounts, take over servers, and much more. A successful attack could mean confidential user information being divulged, services being interrupted or data being lost." It could even affect operations at CERN.

“Another factor is the damage that a successful attack could inflict on the organization’s reputation,” said Stefan Lueders of the CERN computing security team.

CERN’s director-general, Rolf Heuer, explained that academic freedom also means responsibility: The idea is to “protect IT infrastructure whilst striking the right balance between security, academic freedom, and the unfettered operation of our facilities.” CERN prides itself in making information as open and available as possible and as such it is essential that facility users are aware of the risks surrounding information sharing and in turn, make all efforts possible to protect sensitive information.

If there is a silver lining to security awareness, however, it is that it has forced organizations to work together, thereby fostering better communication. Sharing has enabled greater incident detection.

—Emilie Tanke for iSGTW. Want to know what you can do? See “Seven good practices for your computer's security.”
Tags:



Null
 iSGTW 22 December 2010

Feature – Army of Women allies with CaBIG for online longitudinal studies

Special Announcement - iSGTW on Holiday

Video of the Week - Learn about LiDAR

 Announcements

NeHC launches social media

PRACE announces third Tier-0 machine

iRODS 2011 User Group Meeting

Jobs in distributed computing

 Subscribe

Enter your email address to subscribe to iSGTW.

Unsubscribe

 iSGTW Blog Watch

Keep up with the grid’s blogosphere

 Mark your calendar

December 2010

13-18, AGU Fall Meeting

14-16, UCC 2010

17, ICETI 2011 and ICSIT 2011

24, Abstract Submission deadline, EGI User Forum

 

January 2011

11, HPCS 2011 Submission Deadline

11, SPCloud 2011

22, ALENEX11

30 Jan – 3 Feb, ESCC/Internet2

 

February 2011

1 - 4, GlobusWorld '11

2, Lift 11

15 - 16, Cloudscape III


More calendar items . . .

 

FooterINFSOMEuropean CommissionDepartment of EnergyNational¬†Science¬†Foundation RSSHeadlines | Site Map