Searching for open windows and unlocked doors: port scanning in large-scale commodity clusters

• Published in: CCGrid 2005. IEEE International Symposium on Cluster Computing and the Grid, 2005 Vol. 1; pp. 146 - 151 Vol. 1
• Main Authors: Lee, A.J., Koenig, G.A., Xin Meng, Yurcik, W.
• Format: Conference Proceeding
• Language: English
• Published: IEEE 2005
• Subjects: Application software; Computer science; Computer security; Computerized monitoring; Energy management; Explosions; Grid computing; Large-scale systems; Performance analysis; Power system management
• ISBN: 0780390741; 9780780390744
• DOI: 10.1109/CCGRID.2005.1558546

Current methods for monitoring the security of large-scale commodity clusters tend to treat these clusters as nothing more than collections of independent nodes. As such, the techniques used to secure these clusters have, for the most part, been adaptations of techniques developed for securing and monitoring enterprise computing environments. We have previously proposed the idea of monitoring the security-state of large-scale commodity clusters by examining their emergent properties, that is, properties that are only visible when one ceases to look at a cluster as a collection of disparate nodes and begins to look at the properties of the cluster as a whole. We show that by correlating the open network ports observed on cluster nodes with other emergent properties - such as active processes and the contents of important system files - security analysts can make insightful observations that can greatly restrict the actions that an attacker can carry out undetected.