A Port in the Storm
Today’s computer user groups can offer invaluable assistance in dealing with security threats
“DANGEROUS NEW VIRUS!” scream the headlines of mass media. Gory details of the havoc that will be wrought from the latest computer security threat are available in newspapers, magazines, radio, television, Web sites and email lists. How do science professionals know who to trust, what to do, what not to do, what others have done, and what is applicable to their environment? Will “it” affect their hardware, software, networks or data? One port to turn to in this storm of confusion is a computer user group.
No longer a collection of hobbyists gathered in a coffee shop on a Saturday morning, many of today’s user groups have much more to offer. For example, Encompass, an HP User Group to which I belong, provides assistance to its membership in many forms, including software libraries, mailing lists, technical conferences, training, technical resources and human networking. One of the group’s missions is “To provide peer-to-peer networking opportunities, enabling technical knowledge exchange and providing opportunities for members’ professional growth.” The membership of Encompass includes many users from universities, national laboratories, government agencies, private corporations, international businesses and employees of several computer manufactures.
Many security problems arise from bad configurations, software vulnerabilities or patching problems. User groups can provide a wealth of information applicable to these issues via various mechanisms. A typical user group provides access to resources such as
• lists and forums
• technical forums
• training opportunities
• special interest groups
• online resources.
Lists and forums
User group members often exchange information on a group’s mailing lists and forums. In addition to providing access to other “customers,” a user group can provide access to the vendor’s product managers, software developers or even the technical architects. Exchanging problems and experiences one-on-one with the people who write the code can be invaluable — one can learn where problems lie and how to go about resolving them.
For example, after subscribing to Encompass’ UNIX Security mailing list, a member would receive a monthly email covering various security topics. One recent topic covered was “Secure Shell — a client server application to implement secure network commands.” This email detailed what Secure Shell was, how to implement it, some examples of how to use it, as well as some hints, tips and pitfalls of the program.
Technical forums
User-group sponsored technical forums can provide training, peer support, tools and resources. At a recent user-group sponsored HP Technology Forum in Orlando, over 35 sessions were presented within the security track. The presenters were security specialists, vendors and users. Topics ranged from broad subject areas, like identity management, to particular applications and even specific hardware/software environments. Good-guy hackers showed examples of how search engines and databases could be exploited to compromise networks and systems. Several sessions even gave out computer security toolkits on DVD to the attendees. These toolkits contained software, training and presentations on how, what, where and why to stop the latest security threats. Network wiretapping, steganography (hiding data in image files), network attacks, packet filtering, wireless eavesdropping, spyware and malware topics were covered in the DVD.
The forum also provided hands-on training sessions in order to allow scientific, business and educational users to actually configure systems. The hands-on experience permitted attendees the luxury of making mistakes in a non-production environment, providing a valuable learning experience without having production repercussions. Attendees could quickly see the impact of their actions and make the necessary corrections under the eye of their instructor.
Forum attendees were given a chance to experience new security technologies like radio frequency identification (RFID). Using a RFID chip in their badges, attendees could visit various locations at the conference where they could ask questions about this technology’s applications, limitations and security.
“I am a high-energy computing scientist, not a programmer, but I find myself managing a cluster of computers for high-energy physicists,” to paraphrase Rochelle Lauer, a presenter and Encompass member at the forum. This presentation gave a scientist’s experiences, tips and tricks on securely managing a cluster of computers used in her work at Yale University’s Physics Department. Real-world examples included snippets of code and anecdotes of other solutions tried, including both successes and failures.
Training opportunities
At some conferences, both professional and peer training are available. Professional training may take a traditional structured classroom focus. Peer training is often delivered as hands-on experiential education. Even spontaneous experience is delivered at various technology campgrounds, as a lively discussion around virtual campfires. Specialized topics are covered at “birds of a feather” meetings, where people having similar issues gather informally to exchange ideas. Off-site and distance learning is delivered via video Webcasts or at regional/local user group meetings.
At one technology campground, attendees discussed the security needs of the Unix operating system. Each attendee talked about what was needed and why. Discussion ensued over the timetable and requirements to be presented to the computer vendor in light of recent computer security breaches.
Special interest groups
Special interest groups (SIG) can bring together members interested in such topics as Enterprise UNIX, Linux and enterprise storage systems. A SIG represents a place or forum where people with similar interests can gather together to exchange ideas or just discuss technologies. As the user group grows, SIGs offer a means whereby members can easily find the programs that interest them, a forum where they can network with other members with similar interests, and a place where they can learn more about a particular aspect of a vendor’s product, service or technology.
SIG members don’t have to be experts in the group’s area of focus, they just need to have an interest. SIG members want to learn more about the specialty focus, exchange ideas with others who are facing similar technical and business issues, and take part in special programs offered by or for the SIGs, including providing product feedback to the vendors.
Members of these SIGs are typically able to:
• provide a technical lead in forming the development of their special focus
• work cooperatively with vendors about future product direction
• maintain a mailing list of fellow SIG members that can be used for free discussion of issues
• provide periodic surveys of members and publish results
• provide a Web page devoted to providing current product information, updates, links to related sites, action items, minutes of leadership calls, an electronic newsletter, and so forth
• provide support to the main user group for the direction of desired presentations and tracks for its educational programs and seminars
• provide a liaison to appropriate sister organizations
• provide an open forum for discussion at user group events.
Online resources
User group Web sites also can provide access to technical presentations for topics that go beyond security for scientists. One storage management example is “How Do I Manage Data? Data Movement Today: A Recent Case Study.” This article illustrates how scientists at Los Alamos National Laboratory dump 100 GB of supercomputing data to tape and FedEx it to Sandia National Laboratory, as well as their transition to storage area network.
Other topics that might appear include disaster recovery, grid computing, high performance computing and visualization, utility computing, technology migration, evaluation of new technologies, mobile computing, information workflow, and comparisons of vendor approaches to hardware. A typical Webcast might include the different vendor approaches to a particular area of security. A side-by-side comparison of two different operating systems and how they handle security/permissions at the file system level was the topic of a recent Webcast.
Summary
Computer security threats are omnipresent, dangerous and continuing to grow at an alarming rate; one leading virus protection vendor received more than 18,000 virus reports in the first week of 2006. Keeping ahead of these threats can be a daunting task. It requires managing complex time- and data-consuming activities. Unfortunately, many of us have limited resources of time, money, tools and training to deal with computer security needs.
Users groups have products and services in place to disseminate vast amounts of technical knowledge and information to their members. These groups specialize in technical areas such as enterprise management, networking and security. A user group also has clout to address the problems of its members when dealing with computer vendors.
Since the scientific community uses computers in a myriad of ways, from data collection, analyzing, modeling and publication of results, when scientists participate as members of user groups, both communities receive the benefit of cross-pollination. Everyone can save time, leverage money and reduce mistakes when combating computer security problems.
Wayne McDilda is a senior security analyst at Mirage Networks and a member of the Encompass HP User Group. He can be reached at [email protected].