Survey on Supercomputer Cluster Security



To Cluster System Administrators:

Our University has done some classified DoD work on various Beowulf
clusters. As a result, we have gotten interested in the questions of
securing supercomputer clusters. In particular, we are especially
interested in better understanding the nature of the threats against
supercomputer clusters, and the extent to which security measures are
implemented . It would help us greatly if you would answer a few
questions on this subject. Feel free to not answer any question that
you do not wish to answer. Just select the no answer selection. A
complete list of questions and possible answers are listed below in
text form.

If there are several system administrators for your cluster(s), please
ensure that your group submits only one survey per cluster.

You can answer the questions interactively at our website (our
preferred method), by e-mail, by fax, and by regular mail. To answer
on the web, please go to

http://www.cs.umaine.edu/~markov/clustersurvey/survey.html

and login with

login ClusterSurvey

password S3cur3Qu3st

The login is just to keep random visitors to the website from filling
out the questionnaire. The web questionnaire will only be available
until June 1, 2007.

There are two options when if you choose to by e-mail, fax, or regular
mail. First, you can download a PDF version of the questionnaire from
a link on the webpage referenced above. This is an interactive PDF
file that permits you to answer the questions in the form providing
you are using a new enough version of Adobe Acrobat Reader (Version 8
recommended). You can either print out the results and fax them or
mail them, or you can e-mail the file or just the answers by hitting
the e-mail button in the form. Alternatively, you can answer the
questions on the form below and either e-mail it back or print out the
results and fax or e-mail them back.

If you wish to fax your answers, please fax them to 207-866-3050,
which is a secure fax.

We will collect whatever data we receive and organize the results.
These results will be available on the web using the URL above
starting July 15, 2007 in case you are interested.

All data will be aggregated and in no way will we identify any
respondents -- my goal is to have some general numbers and percentages
that can help us better understand who is trying to crack into
supercomputers and why.

If you know of other people who would be interested
in the results or would be interested in providing data, please feel
free to send them a copy of this letter.

Sincerely yours,

George Markowsky, Professor
Department of Computer Science
5752 Neville Hall
University of Maine
Orono, ME 04469-5752


QUESTIONNAIRE

1. How frequently are your supercomputer clusters attacked relative to
any desktops that might be in your laboratories?

More Frequently
About the Same Frequency
Less Frequently
No Answer

2. How sophisticated are the attacks against your clusters compared to
the attacks against any desktops that might be in your laboratories?

More Sophisticated
About the Same Level of Sophistication
Less Sophisticated
No Answer

3. Are there any IP addresses that regularly try to break into your
cluster?

Yes
No
Not Sure
No Answer

4. Has anyone ever tried a man-in-the-middle type of attack against
any of your clusters?

Yes
No
Not Sure
No Answer

5. Have you ever been attacked from foreign IP addresses?

Yes
No
Not Sure
No Answer

6. Have your clusters ever been attacked by foreign interests?

Yes
No
Not Sure
No Answer

7. Has anyone ever tried a physical approach to either disrupt a
computation or to steal data?

Yes
No
Not Sure
No Answer

8. Has anyone ever tried to bribe or otherwise co-opt one of the
cluster staff into helping with compromising the security?

Yes
No
Not Sure
No Answer

9. How many times has security been breached on one of your
supercomputer clusters over the past three years that resulted in
either downtime or lost data?

11 or more
6-10
2-5
1
0
Not Sure
No Answer

10. Does your center have a person whose primary responsibility is
cluster security?

Yes
No
Not Sure
No Answer

11. Do you run an intrusion detection system on your clusters?

Yes, on all
No, not on any
Mixed, on some and not on others
Not Sure
No Answer

12. How often do you check for rootkits?

Multiple Times a Day
Daily
Weekly
Monthly
Annually
Not at all
Not Sure
No Answer

13. How often do you run backups on your clusters?

Multiple Times a Day
Daily
Weekly
Monthly
Annually
Not at all
Not Sure
No Answer