Tools for Security Analyis

NRP hosts a couple of monitoring and analysis tools to oversee security threats and misuses, and help investing security incidents. Here is a list of tools:

Dashboards

1. Authentik Administration Interface

NRP uses Authentik to manage authentication and authorization for users to access resources. The administration interface provides a centralized view over the general statistics of events, with a list of recent suspicious requests.

2. Elastic Syslog Dashboard

NRP hosts an Elastic instance which collects all system logs and security logs generated by all compute nodes in the cluster. It provides the current status of log events, and also allows system admins to query, visualize and analyze log items by fields or keywords. Especially, the dashboards provides a link to query SSH logins, which is useful to investigate malicious activities through the internet towards the nodes.

3. Falcosidekick UI

Falco is a cloud native security tool that NRP uses to monitor runtime security across hosts, containers, Kubernetes and cloud environments. NRP uses Falco to monitor malware such as crypto miners in user pods.

* Cluster admins have access to the username/password if they are stored as secretes in correstponding namespaces.

Applications

1. IPMI port scanner

NRP scans all nodes’ IPMI address periodically, and notifies site admins if the port is accessible from outside of the gateway.

2. JupyterHub security scanner

NRP scans all JupyterHub instances created by users, and make sure that they limit access to institutional accounts, and don’t allow anonymous users.