EGI-InSPIRE:Plan 2013 SA1.2
Revision as of 17:50, 19 February 2013 by Dkelsey (talk | contribs) (→Completed Activities and Milestones)
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Inspire reports menu: | Home • | SA1 weekly Reports • | SA1 Task QR Reports • | NGI QR Reports • | NGI QR User support Reports |
Assessment of progress in 2012
Completed Activities and Milestones
- SVG plans
- WMS, CREAM
- Q1
- extension of access Monitor Module of SSC5
- 1 NGI run of SSC5
- further development of security dashboard
- EMI Vulnerability Assessment of VOMS Core completion expected
- Q2
- Security Threat Risk Assessment (as described in D4.4)
- CSIRT face to face meeting
- improvement of RTIR ticketing system
- improvement of internal issue handling procedure with RTIR
- extension of SSC5 framework (integration of more job-submission methods), improvement of reporting module
- optimization of alerts in security dashboard
- new version of Pakiti
- proposal for site-wide security monitoring
- Update of the EGI Software Vulnerability Group/EMI Vulnerability Assessment plan, including status report. (This is for pro-active examination of software to find vulnerabilities that may exist carried out by our collaborators.)
- Q3
- SSC6
- update of site certification procedure
- SVG face to face
- security training at EGI technical forum
- EGI CSIRT operational procedure for compromised certificates.
- EMI Vulnerability Assessment of WMS completion expected
- Q4
- evaluation of SSC6
- nagios: CRL checking on services that have gridftp (CEs/SEs) and checking for known vulnerable file permissions via gridftp
- Revise and improve Vulnerability Issue handing procedure
- EMI Vulnerabity of CREAM begins
Milestones not accomplished
Plans for 2013
Cross Security Teams Activities
- MS235 Security Activity within EGI Month 34 Report detailing the non-operational security activity within EGI including SCG, SVG, EUGridPMA and IGTF.
- EGI Security Threat risk assessment - Report on what is being done concerning threats of highest risk value and highest impact value.
- Also we should look at Clouds and implications for the various security groups, what needs to be done. Since in the 6th highest risk threat was clouds - and so many seem to assume all the security problems go away and they can ignore us all.
- Also, obviously virtual environments (Cloud as the buzzword) is getting more and more important. Not sure what this means for our monitoring. At the end we might have to follow the natural route:
- have a policy for Cloud/VMs/etc
- depending on this develop monitoring needed to enforce these policies.
EGI CSIRT Activities
- we still have to submit the DNs of the IRTF members, this is about to change currently, but might be addressed in Q1
CSIRT meetings
- Regular monthly team meetings including 2 F2F meetings
RTIR ticketing system
Incident Response
- Regualar weekly IRTF meetings
- How we deal with loss of active members - build a sustainable future.
Daily security operations
Security drills
- The natural agenda would be to run SSC7 in Q2-3, evaluation/debriefing in Q3
- In addition we should try to get the NGI runs done, say one or two in Q1, more in the following Q n
- Here we rely on RT-IR, I hope that Carlos/John can free up some time to migrate this part.
- SSC6 evaluation is depending on that, we need the RT-IR tickets from SSC6 for the report. This is currently not really accessible.
Security monitoring tools
- supporting MW-Upgrade campaigns
- site-wide monitoring - eventually kick it off, Q1
- Pakiti release - alpha Q1, final Q2 (to be safe ;-)
- probes - overview the SVG/CSIRT issues/alerts and make sure they're monitored, enable sending notifications. Involvement of RODs in handling non-criticial issues.
- Start providing reports to mgmt/NGIs/sites - providing monthly (?) plots summarizing number of issues detected/handled.
Security Dashboard
Pakiti
Site wide security monitoring
Nagios security monitoring
Security Training&Dissemination
- We have the TF-CSIRT / FIRST in January in Lisbon (Q1)
- I could think of running it again at GKS and TF (Q2/3)
- Additional Trainings might be possible at other Grid-events.
- Wiki renovation
Security procedures
- EGI CSIRT operational procedure for compromised certificates. (1st quarter)
Other Activities
EGI SVG Activities
SVG meetings
- Regular monthly SVG meetings
- SVG session at Technical Forum
Revise and improve Vulnerability Issue handing procedure
- Revise EGI Software Vulnerability Handling procedure for Post EMI/IGE. (Also submitted an abstract to present this at the CF.)
- Poster at CF on how to report a vulnerability or incident (and explain the difference) to be generally useful as well as for the CF. (CSIRT/SVG)
- Further revise Vulnerability issue handling - after a few months using it.
Continue Vulnerability issue handling
- Regular ongoing work
Vulnerability Assessments
- Completion of WMS vulnerability Assessment (asked Elisa to confirm)
- Start of CREAM vulnerability Assessment (asked Elisa to confirm)
- Report on Status of Vulnerability assessment after the end of EMI - and whether anything further can be done.