AttackTagger

The cyber-infrastructure that supports science research faces the daunting challenge of defending against cyber attacks. Modest to medium research project teams have little cyber security expertise to defend against the increasingly diverse, advanced and constantly evolving attacks. Even larger facilities that have with security expertise are often overwhelmed with the amount of security log data they need to analyze in order to identify attackers and attacks, which is the first step to defending against them. AttackTagger can scale to be able to address the dramatic increase in security log data, and detect emerging threat patterns in today's constantly evolving security landscape. AttackTagger is a sophisticated log analysis tool designed to find potentially malicious activity, such as credential theft, by utilizing a Factor Graph model. AttackTagger integrates with existing security software so as to be easily deployable within existing security ecosystems and consumes a wide variety of system and network security logs.

Blue Waters Supercomputer

Blue Waters is the largest and fastest system ever developed for the National Science Foundation. It has served thousands of engineers, scientists and educators across the nation over the past few years, in particular, those who scientists with unique jobs that can't be served by other systems. With tens of thousands of nodes and 450 Gbps of external WAN connectivity on an open network, Blue Waters presents a unique set of challenges to secure.

NCSA CyberSecurity team worked to redesign security from the ground up with this new system and the National Petascale Computing Facility during the 5 years going up to full operations. Using risk based methods to develop a new security program and architecture, we have achieved the gold standard of security in the community of NSF cyberinfrastructure being the first system to require two-factor authentication, designing and deploying one of the first 100Gbps network monitoring infrastructures with the Bro IDS, and testing many other security technologies at unprecedented scale.

Bro Network Security Monitor

NCSA and the International Computer Science Institute co-develop the Bro NSM with the work at NCSA being led by CyberSecurity's Adam Slagell. Bro provides a comprehensive platform for network traffic analysis, with a particular focus on semantic security monitoring at scale. While often compared to classic intrusion detection/prevention systems, Bro takes a quite different approach by providing users with a flexible framework that facilitates customized, in-depth monitoring far beyond the capabilities of traditional systems. With initial versions in operational deployment during the mid ‘90s already, Bro finds itself grounded in more than 20 years of research. For more information, see the  Bro Overview  and our promotional document,  Why Choose Bro?

Center Cyber-protection

Cybersecurity at NCSA provides for the protection of the center's digital assets and those of key partners through the many services we provide. We have a 24/7 incident response team that performs full digital forensics and coordinates with law enforcement and other institutions. Preventative security is provided by our vulnerability management program, risk assessments & security architecting, automatic blocking, and more. We run over 60 servers to provide the monitoring, logging and other security services, including one of the largest production Bro clusters in the world. The CyberSecurity division is also responsible for training staff, notifying reliant parties of new vulnerabilities, creating policies and much more security awareness work. Finally, we participate in several organizations and maintain collaborations with XSEDE, CERN, and others in the community.

Center for Trustworthy Scientific Cyberinfrastructure

The activities of the Center for Trustworthy Scientific Cyberinfrastructure (CTSC) include one-on-one engagements with NSF projects to address their cybersecurity challenges; education, outreach, and training to raise the state of security practice across the scientific enterprise; and leadership on bringing the best and most relevant cybersecurity research to bear on the NSF cyberinfrastructure research community.

CILogon

The CILogon project enables use of federated identities by science projects. The project develops open source software that implements security standards including OAuth, SAML, and X.509. CILogon is an InCommon federation research and scholarship service provider that enables federated access to Globus, OSG, LIGO, XSEDE, and other cyberinfrastructure.

GSI-OpenSSH

GSI-OpenSSH is a modified version of OpenSSH that adds support for GSI authentication and credential forwarding (delegation), providing a single sign-on remote login and file transfer service.

LIGO Scientific Collaboration

NCSA participates in the LIGO Identity and Access Management (LIAM) group and the LSC Security Committee.

Large Synoptic Survey Telescope

The Cyber Security Division at the NCSA provides cyber security policy and security operations services to the Large Synoptic Survey Telescope. CSD helps secure and ensure that the LSST fulfills its scientific mission that includes delivering 200 petabyte set of images and data products.

MyProxy

MyProxy is open source software for managing X.509 Public Key Infrastructure (PKI) security credentials (certificates and private keys). MyProxy combines an online credential repository with an online certificate authority to allow users to securely obtain credentials when and where needed. Users run myproxy-logon to authenticate and obtain credentials, including trusted CA certificates and Certificate Revocation Lists (CRLs).

Science DMZ Actionable Intelligence Appliance (SDAIA)