1 / 23

Security Operation Center for NCHC

Security Operation Center for NCHC. Professor Ce- Kuen Shieh General Director, National Center for High-performance Computing National Cheng Kung University. Outline. Brief Introduction to NCHC Purpose of Security Operation Center Architecture of SOC Features of NCHC SOC

alessa
Télécharger la présentation

Security Operation Center for NCHC

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Security Operation Center for NCHC Professor Ce-Kuen Shieh General Director, National Center for High-performance Computing National Cheng Kung University

  2. Outline • Brief Introduction to NCHC • Purpose of Security Operation Center • Architecture of SOC • Features of NCHC SOC • Main Achievements • Summary

  3. NARLabs Organization Board of Directors President Consultation Committee Vice President National Center for High-performance Computing Taiwan Typhoon & Flood Research Institute National Center for Research on Earthquake Engineering National Chip Implementation Center 業務推廣室 行政管理室 財務會計室 稽核室 資訊管理室 企劃考核室 Instrument Technology Research Center Taiwan Ocean Research Institute National Space Organization National Laboratory Animal Center Science & Technology Policy Research and Information Center National Nano Device Laboratories

  4. NCHC Milestones 2008 Taichung Office Opened 2005 Tainan Office Opened 2003 Became Incorporated 1993 HsinchuHeadquarters Opened 1991 Officially Founded

  5. Categories of NCHC’s Tasks • Service • Computing • Storage • Networking • Research & Development • Modeling & Simulation • Big Data Applications • Open Source Software Development • Software Defined Network

  6. HPC, Storage and Network Services • Open to academic, research, and Industrial users • Supporting 700+ research projects per year ALPS, 2011:Rmax 177 TFLOPS, 442.00 MFLOPS/W Formosa series built by ourselves NCHC Total Computing Capacity Rmax(TF) • Storage Capacity • Three-site, 3-tier backup • Total capacity 5.4 PB • TaiWan Advanced Research and Education Network (TWAREN) • 20Gbps backbone (Toward 100 G) • 5Gbps international connection Year

  7. Self-built Cluster Computers 2012 Formosa 5 • Cloud Cluster • Big memory • Hybrid-Computing Platform 2011 Formosa 4 2005 Formosa 2 • Cloud Cluster • GPU accelerator 2010 Formosa 3 2003 Formosa 1 • The first 64-bit PC Cluster for online service • 64-bit Dual-Core CPU and InfiniBand • Cloud Cluster • Virtualization and Green Computing • Cloud IaaSService • The first PC Cluster for online service 2011 TOP500 #232 2011 TOP500 #234 2011 Green500 #62 2011 Green500 #37 2003 TOP500 #135

  8. Backbone Network Service TWAREN TaiWanAdvanced & REsearch Network • TWAREN • Domestic backbone : 20Gbps • 12 regional networks • 95 universities & research institutes • 500K users • International connection : 5Gbps • w/35 int’l research networks • Network usability : 99.99% • Shared with TANET (managed by MOE) • 4000 schools, 4M users TWAREN Domestic Backbone TWAREN International Connection TWAREN跨國連網圖 • 100Gbps backbone is coming by the end of this year

  9. Cyber Threats to Taiwan Source from: Symantec 2014 Internet Security Threat Report, Volume 19 4 5 • Taiwan is at the frontline in an emerging global battle for cyberspace • No.4 of Most Botnet Activity in 2013 • No.5 of Top Attack Traffic Originating Countries in 2013 Source from: AKAMEAI’s state of the Internet, Q4 2013 report

  10. Purpose of SOC • Security Operation Center (SOC) is to ensureinformation security of internet users by • Security device management • Vulnerability management • Network threat detection • Security event management • Incident response

  11. Architecture of SOC Security and Network Devices Procedure Device Management Threat and Vulnerability Management Incident Response Security Information and Event Management (SIEM) Incident Handlers Software Engineers Level 2 Security Analysts People Level 1 Security Operators Software Hardware

  12. Features of NCHC SOC Hybrid Intrusion Detection System Security Intelligence Dashboard and Visualization of Information Security Sharing intelligences with Information Sharing and Analysis Center (A-ISAC) Joint Defense among TANet partners

  13. Hybrid Intrusion Detection System Detecting Known network attacks by signatures and patterns. DDoS Network Intrusion Detection System SIEM Hackers Distributed Honeynet System Event Correlation and incident identification Network Worms Phishing emails Collecting Unknown network threats and malware samples for further analysis.

  14. Hybrid Intrusion Detection System • Network Intrusion Detection System • Enterprise and Open-source solutions • APT Mail Detector • Secure Web Gateway • Distributed Honeynet System • Low-interaction honeypots • Simulating vulnerable systems for network threats • Collecting malware samples and suspicious exploit traffic for further research • Analyzing Malware behavior for potential threats

  15. Distributed Honeynet System Using 6000+ IP address for sensor deployment and data collection Cooperating with 11 National Universities Collecting 1,500,000+ malware samples Providing network threat list for TANet partners weekly Establishing Malware Database

  16. Cyber Intelligence Dashboard Aweb-based system for monitoring, managing, reporting and notifying of events for IP enabled devices A Self-developed system based on open source software toprovides cost-efficient network management services

  17. Features of NCHC SOC -Security Visualization

  18. Information Sharing and Analysis Government Service Network G-ISAC HiNet Incidents Taiwan Academic Network Hinet Incidents GSN Incidents GSN Incidents A-ISAC ISPs NCC-ISAC NCHC SOC NCHC SOC shares intelligence with other partners through Information Sharing and Analysis Centers .

  19. Incident Reported by NCHC SOC Incidents from TANet users Over 6,000 Incidents reported by NCHC SOC in one month. Incidents from Taiwan ISPs NCHC SOC detected more than 10,000 Incidents of network attacks in one month

  20. Joint Defense of TANet partners 24/7 operation for ensuring the efficiency of incident handling. NCHC cooperates with 7 regional network centers of Taiwan Academic Network for network monitoring and threat detection. Providing digital forensics, malware analysis and other technical supports

  21. Main Achievements Telecom ISAC MSSP/SOC ISAC CERT CSIRT EC-Cert G-ISAC GOV Agencies Academic ISAC Forensics SPAM Mails Analysis TWAREN Netflow Incident Management TWNIC TWCERT/CC NTU ASOC NCHC ASOC Search Engine Netflow Analysis Malware Analysis • Ensuring Information Security • Protecting 4,000+ schools and 5 Million users • Reporting real-time Incidents(Avg.) • Taiwan: 12,000+ tickets/month • International: 2,500+ tickets/month • Malware Collection • Malware Samples: 1.5 Million(since 2009) • Big Data(Avg.) • Honeypot: 60GB/day • Malware: 1200+ sample/day Malicious list Campus Netflow TWMAN Analysis Honeynet Analysis

  22. Summary To adapt with the changing network threats, Hybrid Intrusion Detection Systems is essential for bettering security protection and provide efficient security services. Distributed Honeynet System not only collects network threat samples, but also brings values to information security researches. Strengthening International technological exchange and academic-industry cooperation to extend the scope of our Joint Defense Alliance are the our future job.

  23. Q & A

More Related