BEGIN:VCALENDAR VERSION:2.0 PRODID:Linklings LLC BEGIN:VTIMEZONE TZID:America/Denver X-LIC-LOCATION:America/Denver BEGIN:DAYLIGHT TZOFFSETFROM:-0700 TZOFFSETTO:-0600 TZNAME:MDT DTSTART:19700308T020000 RRULE:FREQ=YEARLY;BYMONTH=3;BYDAY=2SU END:DAYLIGHT BEGIN:STANDARD TZOFFSETFROM:-0600 TZOFFSETTO:-0700 TZNAME:MST DTSTART:19701101T020000 RRULE:FREQ=YEARLY;BYMONTH=11;BYDAY=1SU END:STANDARD END:VTIMEZONE BEGIN:VEVENT DTSTAMP:20240116T191657Z LOCATION:DEF Concourse DTSTART;TZID=America/Denver:20231114T100000 DTEND;TZID=America/Denver:20231114T170000 UID:submissions.supercomputing.org_SC23_sess289_spostg103@linklings.com SUMMARY:Cray EX40 Cluster Intrusion Detection System DESCRIPTION:ACM Student Research Competition: Graduate Poster, ACM Student Research Competition: Undergraduate Poster, Posters\n\nDaniel Wild (Los A lamos National Laboratory (LANL), University of New Mexico)\n\nAnalysis of a High-Performance Computing cluster’s external network traffic provides the opportunity to identify security issues, cluster misuse, or configurat ion problems without reducing performance. This project captured the exter nal network traffic to and from a Cray EX40 cluster over three months and analyzed it utilizing two open-source intrusion detection tools, Suricata and Zeek. The tool alerts were sent to Splunk via rsyslog for parsing and analysis. Several security concerns were identified, including excessive f ailed authentication attempts and the use of four invalid certificates. Mu ltiple cluster configuration issues were also identified, including recurr ent anomalous Domain Name Service (DNS) queries which comprised 97% of all DNS traffic and incorrectly routed outbound Hypertext Transfer Protocol t raffic. The port mirror architecture combined with network intrusion detec tion tools offered valuable insight into security concerns and several con figuration issues. Excessive failed authentication attempts and a switch D NS configuration issue were both resolved by this project.\n\nRegistration Category: Tech Program Reg Pass, Exhibits Reg Pass END:VEVENT END:VCALENDAR