All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS...
Transcript of All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS...
![Page 1: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/1.jpg)
All Your Cluster-Grids Are Belong to Us: Monitoring the (in)Security of
Infrastructure Monitoring Systems
Andrei Costin
EURECOM, France
1st Workshop on Security & Privacy in the Cloud (SPC)
30 Sep 2015, Florence Italy
![Page 2: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/2.jpg)
Agenda
● Introduction● Overview of NMS● Reconaissance● Static+Dynamic Analysis● Vulnerability Analysis● Countermeasures● Conclusion
![Page 3: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/3.jpg)
IntroductionWhat is Cloud Computing?
"When broken down, cloud computing is a specialized distributed computing model. Building upon the desirable characteristics of cluster, grid, utility, [...] to create a new computing paradigm"
J. Idziorek, Exploiting Cloud Utility Models for Profit and Ruin, 2012
![Page 4: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/4.jpg)
IntroductionWhat is HPC?
![Page 5: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/5.jpg)
IntroductionWhat is NMS?
● NMS● Network Monitoring System● Monitoring systems for infrastructure, servers and
networks
![Page 6: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/6.jpg)
IntroductionWhat is NMS?
● NMS● Network Monitoring System● Monitoring systems for infrastructure, servers and
networks
● Where used?● HPC=High-Performance Computing
– Grids– Clusters– Federation of Clusters
● Cloud
![Page 7: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/7.jpg)
IntroductionWhat is NMS?
![Page 8: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/8.jpg)
Overview of NMSWhat are the tools?
![Page 9: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/9.jpg)
Overview of NMSWhat are the tools?
● Ganglia
”a scalable distributed monitoring system for High-Performance Computing (HPC) systems such as clusters and grids”
![Page 10: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/10.jpg)
Overview of NMSWhat are the tools?
● Ganglia
”a scalable distributed monitoring system for High-Performance Computing (HPC) systems such as clusters and grids”
● Cacti
”a complete network graphing solution”
![Page 11: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/11.jpg)
Overview of NMSWhat are the tools?
● Ganglia
”a scalable distributed monitoring system for High-Performance Computing (HPC) systems such as clusters and grids”
● Cacti
”a complete network graphing solution”● Observium
”an autodiscovering network monitoring platform supporting a wide range of hardware platforms and operating systems including Cisco, Windows, Linux, HP, Juniper, Dell, FreeBSD, Brocade, Netscaler, NetApp and many more. Observium seeks to provide a powerful yet simple and intuitive interface to the health and status of your network”
![Page 12: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/12.jpg)
Overview of NMSHow they work?
![Page 13: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/13.jpg)
Overview of NMSWho uses them?
![Page 14: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/14.jpg)
Information LeakageWhat is leaked?
![Page 15: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/15.jpg)
Information LeakageAttack-Enabler
● OS Details● CVEs for Kernel
● NIST NVD, CVEdetails
![Page 16: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/16.jpg)
Information LeakageAttack-Enabler
● OS Details● CVEs for Kernel
● Linux Kernel 2.6.32
![Page 17: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/17.jpg)
Information LeakageAttack-Enabler
● Usernames● Login Bruteforce● Social Engineering Emails (e.g., phishing, drive-by)
● Social Engineering Toolkit (SET)
![Page 18: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/18.jpg)
Information LeakageAttack-Enabler
● Commands, Resource Usage● Mimicry and Blending Attacks
● How?● Learn normal system status/behaviour – Xn● When in malicious state Xm, stick as close as
possibly to the legitimate state Xn
A(Xm) = argmin d(Xm, Xn), s.t., d(Xm, Xn) < D
![Page 19: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/19.jpg)
ReconaissanceTypes
● Active● Tools: NMAP, AMAP, Nessus● Pros: +/- accurate, wide range of info● Cons: noisy, triggers IPS/IDS
![Page 20: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/20.jpg)
ReconaissanceTypes
● Active● Tools: NMAP, AMAP, Nessus● Pros: +/- accurate, wide range of info● Cons: noisy, triggers IPS/IDS
● Passive● Search dorks: Google, Shodan● Attack: Information Leakage and non-Authorization
![Page 21: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/21.jpg)
ReconaissancePassive
● Google dorks – Ganglia● intitle:"Cluster Report"● intitle:"Grid Report"● intitle:"Node View"● intitle:"Host Report"● intitle:"Ganglia:: "● "Ganglia Web Frontend version 2.0.0"
![Page 22: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/22.jpg)
ReconaissancePassive
● Google dorks – Cacti● inurl:"/cacti/graph_view.php"● intitle:"cacti" inurl:"graph_view.php"
![Page 23: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/23.jpg)
ReconaissancePassive
● Google dorks – Cacti
![Page 24: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/24.jpg)
ReconaissancePassive and Recursive
● Google dorks – Cacti → Ganglia
![Page 25: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/25.jpg)
ReconaissancePassive and Recursive
● Google dorks – Cacti → Ganglia● www.aglt2.org
![Page 26: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/26.jpg)
ReconaissancePassive and Recursive
● Google dorks – Cacti → Ganglia● www.aglt2.org Job Status Page
![Page 27: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/27.jpg)
ReconaissancePassive and Recursive
● Google dorks – Cacti → Ganglia● From Cacti reached also to Ganglia!
![Page 28: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/28.jpg)
ReconaissancePassive
● Shodan
![Page 29: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/29.jpg)
ReconaissanceResults
● Exposed web interfaces● 364 Ganglia
– ~43K nodes (web info leak)– ~1370 clusters– ~490 grids
● 5K Cacti and 2K Observium
![Page 30: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/30.jpg)
ReconaissanceResults
● Exposed web interfaces● 364 Ganglia
– ~43K nodes (web info leak)– ~1370 clusters– ~490 grids
● 5K Cacti and 2K Observium
● Exposed daemons● ~40K publicly exposed Ganglia gmond nodes (XML
Info Leak)
![Page 31: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/31.jpg)
ReconaissanceResults
![Page 32: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/32.jpg)
ReconaissanceResults
● 43K nodes on 364 Ganglia Web Interfaces
![Page 33: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/33.jpg)
ReconaissanceResults
● 43K nodes on 364 Ganglia Web Interfaces● 120 main kernel versions
● 411 kernel sub-versions
![Page 34: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/34.jpg)
ReconaissanceResults
● 43K nodes on 364 Ganglia Web Interfaces● 120 main kernel versions
● 411 kernel sub-versions
● Kernel version 2.6.32 most popular● Runs on 38% of the 43K hosts● Hundreds of vulnerabilities in all 2.6.32 kernels
(according to CVEdetails)
![Page 35: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/35.jpg)
ReconaissanceResults
● 43K nodes on 364 Ganglia Web Interfaces● 120 main kernel versions
● 411 kernel sub-versions
● Kernel version 2.6.32 most popular● Runs on 38% of the 43K hosts● Hundreds of vulnerabilities in all 2.6.32 kernels (according
to CVEdetails)
● Secured kernels● grsecurity on 9 hosts (only!)● hardened-sources on 6 hosts (only!)
![Page 36: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/36.jpg)
ReconaissanceResults
● amzn kernels on 45 hosts (~0.1%)
![Page 37: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/37.jpg)
ReconaissanceResults
● 364 Ganglia Web Frontends
● Only 42 (i.e., 11.5%) run HTTPS
● Only 16 (i.e., 4.4%) run trusted* HTTPS● *Did not perform tests of weak/flawed HTTPS
implementations
![Page 38: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/38.jpg)
Static and Dynamic Analysis● Static analysis
● ”Static analysis is the process of testing an application by examining its source code, byte code or application binaries for conditions leading to a security vulnerability, without actually running it.”
● Tools● We use RIPS for Ganglia Web Frontend (PHP)● More tools
![Page 39: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/39.jpg)
Static and Dynamic Analysis● Dynamic analysis
● ”Dynamic analysis is the process of testing the application by running it.”
● Tools● We use Arachni Scanner for Ganglia Web Frontend
![Page 40: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/40.jpg)
Static and Dynamic Analysis● Analysis data
● 25 Ganglia versions (static + dynamic)– 4 JobMonarch plugin versions (static only)
● 35 Cacti versions (static only)● 1 Observium version (static only)
![Page 41: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/41.jpg)
Static Analysis● Ganglia
● Between 87 and 145 total reports per version● Between 43 and 92 XSS reports per version
![Page 42: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/42.jpg)
Static Analysis● Ganglia
● Between 87 and 145 total reports per version● Between 43 and 92 XSS reports per version
● Cacti● Between 189 and 400 total reports per version● Between 92 and 265 XSS reports per version
![Page 43: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/43.jpg)
Static Analysis● Ganglia
● Between 87 and 145 total reports per version● Between 43 and 92 XSS reports per version
● Cacti● Between 189 and 400 total reports per version● Between 92 and 265 XSS reports per version
● Observium● 82 total reports per version● 52 XSS reports per version
![Page 44: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/44.jpg)
Static Analysis● Ganglia
● Between 87 and 145 total reports per version● Between 43 and 92 XSS reports per version
● Cacti● Between 189 and 400 total reports per version● Between 92 and 265 XSS reports per version
● Observium● 82 total reports per version● 52 XSS reports per version
● Some totals● 7553 XSS reports● Manual triage and confirmation does not scale!
![Page 45: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/45.jpg)
Static Analysis
![Page 46: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/46.jpg)
Static and Dynamic Analysis
![Page 47: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/47.jpg)
Static and Dynamic Analysis
![Page 48: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/48.jpg)
Static and Dynamic Analysis
![Page 49: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/49.jpg)
Static and Dynamic Analysis● 364 Ganglia Web Interfaces
● 193 of them (i.e., 53%) run Ganglia Web ver < 3.5.1
![Page 50: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/50.jpg)
Static and Dynamic Analysis● 364 Ganglia Web Interfaces
● 193 of them (i.e., 53%) run Ganglia Web ver < 3.5.1
![Page 51: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/51.jpg)
Vulnerability Analysis● CVE-2012-3448
![Page 53: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/53.jpg)
Countermeasures● Periodic upgrade to latest versions
● Need better coding practices for NMS● Manual patching where applicable
![Page 54: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/54.jpg)
Countermeasures● Periodic upgrade to latest versions
● Need better coding practices for NMS● Manual patching where applicable
● Password protect● E.g., basic HTTP authentication
![Page 55: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/55.jpg)
Countermeasures● Periodic upgrade to latest versions
● Need better coding practices for NMS● Manual patching where applicable
● Password protect● E.g., basic HTTP authentication
● HTTPS● Not self-signed certificates!
![Page 56: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/56.jpg)
Contributions● First to systematically analyze at large scale the
risks and vulnerabilities posed by the use of web monitoring tools
![Page 57: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/57.jpg)
Contributions● First to systematically analyze at large scale the
risks and vulnerabilities posed by the use of web monitoring tools
● Collected and analyzed the internal details of networks and systems of a large number of grid and cluster environments● Investigated the risks of such data being openly
available to the large public
![Page 58: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/58.jpg)
Conclusions● Large number of NMS web interfaces publicly
exposed● Too many run obsolete exploitable versions (~53%)● Too few run proper HTTPS (~4.4%)
![Page 59: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/59.jpg)
Conclusions● Large number of NMS web interfaces publicly
exposed● Too many run obsolete exploitable versions (~53%)● Too few run proper HTTPS (~4.4%)
● Big amount of infrastructure details publicly exposed● More than 40K nodes
![Page 60: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/60.jpg)
Conclusions● Large number of NMS web interfaces publicly
exposed● Too many run obsolete exploitable versions (~53%)● Too few run proper HTTPS (~4.4%)
● Big amount of infrastructure details publicly exposed● More than 40K nodes
● Many vulnerabilities reported in NMS tools
![Page 61: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/61.jpg)
Conclusions● Large number of NMS web interfaces publicly
exposed● Too many run obsolete exploitable versions (~53%)● Too few run proper HTTPS (~4.4%)
● Big amount of infrastructure details publicly exposed● More than 40K nodes
● Many vulnerabilities reported in NMS tools● Privacy and security of cloud monitoring is not yet
completely sufficient
![Page 62: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/62.jpg)
Reference● A. Costin, “All your cluster-grids are belong to
us: Monitoring the (in)security of infrastructure monitoring systems”, Proceedings of the 1st IEEE Workshop on Security and Privacy in the Cloud (SPC), Florence Italy, September 2015.
![Page 63: All Your Cluster-Grids Are Belong to Us: Monitoring the … · Agenda Introduction Overview of NMS Reconaissance Static+Dynamic Analysis Vulnerability Analysis Countermeasures Conclusion](https://reader031.fdocuments.net/reader031/viewer/2022022603/5b5c5f007f8b9a16498bf14e/html5/thumbnails/63.jpg)
Andrei Costin63
Thank You!Questions?
{name.surname}@eurecom.fr