RECLAMOS PRESENTADOS

The process of hardening and defending a new type of system is often challenging, so it is wise to consider current protective measures for similar systems. Computer network defense of IP-based networks has been evolving for nearly three decades, so it is an established discipline. Before attempting to come up with innovative solutions, this thesis seeks to evaluate whether traditional Information Technology (IT) security tenets and devices can be applied to InfiniBand networks.

The most fundamental of IT security principles is the Confidentiality, Integrity, and Availability (CIA) triad. Confidentiality revolves around the concept of ‘least privilege,’ which asserts that access to information and assets should only be granted on a need to know basis so that information that is only available to some should not be accessible by everyone. This is seemingly at odds with availability, but it is not. Availability calls for systems and services to be running and operating properly when needed. This implies that disasters should degrade system performance and main- tenance actions should interfere with uptime to the least extent possible. Networks

should be designed to be fault tolerant and resilient. This can be achieved through redundant systems such as software backups, power generators, hot/warm/cold sites, etc. Lastly, integrity ensures that information in transit or at rest (i.e. in memory) is not altered without permission of an owner or authorized user. An example of integrity checking is a one way cryptographic hash of a file or data block that can be calculated and then compared against at a later time [28].

Extending the notion of access control are the related principles of Authentication, Authorization, and Accounting (AAA) plus non-repudiation. Authentication is the act of confirming one’s identity, ascertaining whether or not someone is a legitimate user. Authorization determines if an authenticated user has the necessary permissions or privileges to perform a certain action. Accounting (also known as Accountability) is associated with auditing and logging. It gives administrators the ability to track the activities that users performed. Completing the circle is non-repudiation, which proves that an event or action has taken place so that it can’t be repudiated (that is, denied) later [29]. Digital signatures and timestamps are two pieces of information that can be used as evidence, should the need arise.

These security principles are put into effect by cyber defense software and devices. At the host level, the most common entity is anti-virus software. Anti-virus software checks the local file system for malware signatures obtained by anti-virus companies and security researchers. This is an effective way to share the findings of cybersecurity experts worldwide, but the newest, most advanced malware strains usually avoid detection. Part of the reason for this is that signature updates only occur periodically (e.g. weekly), and APT-level actors tend not to release their best material for risk of it getting caught. In addition, polymorphic code exists, mutating the source code of a program while keeping the original algorithm intact. The desired effect is to prevent exact signature matches once the code is recompiled.

Other host level security measures include file verification (attestation) and ac-

count management. File verification compares the hashes of critical files against

known good versions. This ensures data integrity and can work in tandem with file backups. An offshoot of checking known good files is to look for newly created files that were not in the last system image. This can reveal unwanted material, although operating systems and applications do generate legitimate temporary files, so false positives could be numerous. Account management is the constant process of updat- ing basic user and administrator accounts so that users have the correct privileges established by policy and/or management. At the host level, this has to do with a user’s ability to read, write, and execute individual files and folders. At the network level, this entails allowing the user (or service) to interact with other devices.

Network security is often more difficult than that at the host level, especially in an enterprise-scale network with widely heterogeneous data and/or with a large number of approved ports, protocols, and services (PPS). The strictest way to limit network traffic is with firewalls and Access Control Lists (ACLs). Application layer filtering is possible with more modern firewalls, but traditional firewalls and ACL rules block incoming or outgoing traffic on specific burbs/interfaces (physical ports) of a firewall, switch, or router. Traffic is typically blocked or allowed based on the destination or source address, port, protocol, or service. Similarly, proxy servers or proxies act as application-level gateways between a local network and a larger-scale network such as the Internet. They usually filter limited types of traffic, such as web pages or e-mail content [30].

The network equivalent to anti-virus software is an Intrusion Detection/Prevention System (IDS/IPS). These devices look for signatures in network traffic. The differ- ence between the two is that an IDS will only send alerts based on signature matches whereas an IPS will drop or reject individual packets or conversations. Anti-intrusion

systems also tend not to be super effective, because hackers can use compression and packing techniques to obfuscate their code over the wire. Network access con- trol is handled by a AAA server running an authentication service such as RADIUS or TACACS+ [31]. Microsoft Windows Server utilizes Active Directory which runs LDAP and Kerberos, which are newer, more secure services [32].

A strong network defense combines multiple of the elements discussed in this subchapter. Just as castles of old did not rely solely on moats or castle walls to repel invaders, computer networks should not depend on only one defense mechanism. Network architects used to believe that a firewall alone could prevent all unwanted traffic from entering, but more recently the accepted train of thought is that talented attackers can find a way in somehow and that defenders must utilize layered defenses in order to make an adversary’s job as difficult as possible. This strategy is referred to as Defense in Depth. The goal is that even if a hacker or piece of malware were to gain access, that entity would not be able to gain administrative privileges or be able to move around the internal network unchecked.