Argonne National Laboratory’s Cyber Operations, Analysis, and Research

Recent News:

Nessus Compliance Generator

Today we're releasing a tool called Nessus Compliance Generator as open source under the BSD License.  The full code can be found on the Argonne National Laboratory github.

Nessus has many options to check for audit and compliance issues on databases and systems. However, building the config files to do these types of checks can be tedious and time consuming. To bridge this gap, we've built a GUI tool to help you stitch the different pieces together and make building compliance tasks more a data entry task than a task for a sysadmin or a programmer.

read more

Reflecting on Our Second Annual Cyber Defense Competition

On April 1st 2017, fifteen collegiate teams from across the country participated in Argonne National Laboratory’s Second Annual Cyber Defense Competition. Blue Teams defended their networking infrastructure and utilities against attacks from the Red Team. This post will detail the highlights of the competition, including how teams were breached, what went into scoring, and how our team built the Industrial Control Systems for the competition.

read more

Amazon S3 Outage Highlights Resilience Issues with Cloud Infrastructure

Amazon S3 suffered a significant outage on Wednesday in its US-East-1 region. This outage affected a number of companies in what seemed to be unpredictable ways.  Yesterday a DNS outage at GoDaddy caused similar effects on availability of what otherwise seems like an unrelated set of Internet sites.  We saw similar outages last year as a result of configuration problems at Level 3 and DDoS attacks from the Mirai botnet.  All of these outages point to significant resilience issues incurred with cloud and managed hosting services.  These resilience issues should be approached as part of risk management planning, but as our recent study in Ashburn VA highlighted, shared vocabulary for these types of informed risk decisions between customers and data center and network providers is often not adequate.

read more

Improving Resilience When We Don't Have Steady State

Nate Evans and Mike Thompson from the COAR team recently spent some time at the African Institute for Mathematics and Science (AIMS) teaching computer networking and cyber security to a cohort of 40 students.  During our time at AIMS, we encountered many situations that made us think about how our research in resilience applies in a place like Senegal where we can't make any assumptions about steady state.

read more