Security: A shared responsibility

Overview:

  • Teaching: 10 min
  • Exercises: 0 min

Questions

  • Why do I need to take security seriously?
  • Who is responsible for the sercurity of HPC services?

Objectives

  • Understand that HPC are expensive shared resources, and security issues can be costly.
  • Understand that HPC is a shared resource and that users and system maintainers have a shared responsibility to maintain security.

Why do I need to take security seriously?

We may be tempted to think that our work isn’t valuable enough to be hacked so we don’t need to take cybersecurity seriously. However, what we must understand is that HPC resources as well as many services you will use, are shared resources. They are used by many researchers studying a wide range of problems and are only as secure at the weakest link in the chain.

Any issues arising from the actions of one individual can therefore impact many of your colleagues and result in resources being taken offline whilst issues are investigated and remedied. Furthermore HPC systems are expensive resources typically run by small or modest sized teams so impacts, whilst hopefully rare, can be costly in time and personpower. This is before we consider the potential loss of data or breaches of sensitive data.

Security advice

Security, a shared responsibility

Users and system operators have a shared responsibility to ensure the security of resources. System operators monitor the system, ensure security patches are up-to-date and that the systems is configured to restrict access correctly e.g. so that users cannot see each others data/files by default.

Users should follow best practice to mitigate the risk of accounts and access details being compromised, e.g. we all know that we must keep our passwords secret. You shouldn't make your files accessible to others unless necessary. This episode specifically addresses how we can use ssh and associated tools to securely access remote resources and mitigate potential security issues.

All of the approaches described here, to assist your secure use of ssh, also apply when transfering data using tools such as scp, rsync and sftp.

Data security

Generally HPC systems have scratch storage filesystems. While these enable the fast and high bandwidth access required by High Performance computing it means the data is typically not backed up. As a result you should ensure that your data is copied elsewhere as soon as possible and removed from the scratch filesystem. This will also help to ensure that the HPC system operates optimally, as full file systems have slower performance and put jobs at risk of failing if no space is available to write output. Futhermore if there is a security concern on a system, if you do not have data on it, you are not at risk of losing it or it being compromised.

If you are working with sensitive data you should ensure that you are meeting your obligations to keep that data secure. If you have any questions relating to storage of senstive data then you should speak with your IT security team.

Key Points:

  • breaches of security can result in loss of services, lost data or breaches of sensitive data
  • security of HPC services is a shared responsibilty:
    • System operators are responsible for the security of the system
    • Users are responsible for securing their credentials to access resources

Previous

Schedule

Next