Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI-InSPIRE:Plan 2012 SA1.2"

From EGIWiki
Jump to navigation Jump to search
Line 37: Line 37:
= Plans for 2012 =
= Plans for 2012 =


==Activities Cross Security Teams==
==Cross Security Teams Activities==


* A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall
* A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall

Revision as of 21:30, 10 January 2012

Assessment of progress, 2011

Completed Activities

  • EGI Security Incident Handling Procedure update, available at DocDB here
  • EGI Software Vulnerability Issue Handling Procedure update, available at DocDB here
  • New EGI CSIRT Critical Vulnerability Operational Procedure, available at DocDB here
  • Milestone MS412 - Operational Security Procedures, availabe at DocDB here
  • Plan of Vulnerability Assessment of Grid Middleware used in the EGI infrastructure was produced jointly with EMI, availabe at DocDB here
  • EGI CSIRT/SVG internal detailed procedure for handling critical software vulnerabilities available at EGI private wiki (update is needed as RT was replaced by RTIR)
  • A ticketing system for incident response - RTIR was put into production
  • Security Service challenge 5 EGI run was completed in June 2011, in total 40 EGI sites participated
  • Security dashboard initial release in Q3 of 2011, feedback and further requirement was solicited from NGI security officers. An improved version will be released in Q1 of 2012 (see 2012 plan)
  • Two security training sessions were organized at EGITF 2011. The training was very well received.
  • In 2011, EGI CSIRT organized monthly team meeting and from May 2011, SVG also organized monthly meeting; In 2011, CSIRT organized two face to face meetings and SVG organized one face to face meeting; EGI CSIRT also has weekly operation meeting each Monday morning.
  • 33 potential vulnerabilities were reported to SVG in 2011 and 11 advisories issued by SVG; EGI CSIRT handled 10 reported incident and issued 5 EGI security alerts, of which two were critical and 3 were high risk

Ongoing Activities

  • SSC5 regional NGI runs (see 2012 plan below)
  • Still some improvements need to be made to the use of the RT tracker for vulnerability handling.
  • D4.4 EGI Security Assessment is being led and coordinated by Linda Cornwall

Plans for 2012

Cross Security Teams Activities

  • A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall

EGI CSIRT Activities

CSIRT meetings

  • To organize two face to face meetings in 2012: a 1.5 day EGI CSIRT face to face meeting in March or April 2012 and an EGI CSIRT face to face meeting during the EGI TF 2012
  • Continue organizing EGI CSIRT monthly team meeting (online) and weekly operation meeting (online) on each Monday

RTIR ticketing system

  • RTIR ticketing system further improvement, to develop more templates and organize a hands on training sessions for member of IRTF at next face to face meeting (March/April 2012)
  • Continue improving issue handling with RT and RTIR and improving internal issue handling procedure/document

Incident Response

  • Response to reported security incident and assist affected resource centers to resolve the incident

Daily Operation

  • Incident Response Task Force (IRTF a subset of EGI CSIRT) members will take weekly security officer on duty rota and look after EGI CSIRT daily operation

SSC 5 Framework Improvement and SSC5 NGI runs

  • To extend SSC5-framework and integrate more job-submission methods, ATLAS panda had been fully integrated, Globus, gLite job submission and VO-Job-Submissions-Frameworks (as needed) will be integrated by Q2 of 2012
  • To address the scaleing problem of Access Monitor Module by Q1 of 2012. This module tests if a certain x509-proxy can be used to access services at a site (ban-monitor)
  • To address issues found in the reporting module during the SSC5 run, this is ongoing activities so the improvement will continue if issue was found in SSC6 run.
  • SSC5 regional run in NGIs, to pilot at least one NGI run in Q1 of 2012, and assist NGI security officers for their regional runs after the initial pilot.

SSC6

  • To prepare security service challenge 6. SSC6 will be similar to SSC5 using another VO-Job-Submission-Framework. It will simulate a security incident to test sites, VO and CSIRT incident response capabilities and their collaboration. The SSC6 preparation will complete by Q2 of 2012 and SSC6 is expected to launch in Q3 of 2012
  • Evaluation of SSC6 results will be completed and made available to participants in Q4 of 2012.

Security Dashboard

  • Security Dashboard further development & improvement based on gathered feedback, expect to be in full production in Q1 of 2012
  • To define and optimize security alerts (as shown in security dashboard) handling workflow, explore the possibility of integrating non-critical security operation into normal day to day operation, expect to implement an initial workflow by Q2 of 2012
  • To define some basic security metrics, which are calculated through security dashboard; expecting to produce regular security metric reports (monthly or quarterly) by Q3 of 2012

Pakiti

  • A new version of Pakiti (Version 3) is expected to be released in Q2 of 2012

Site wide security monitoring

  • To explore the feasibility of implementing site-wide security monitoring (patch monitoring) via job wrappers or other mechanism; To identity feasible solution, produce implementation plan and proposal by Q2 of 2012

Nagios security monitoring

  • Migrate domain name of CSIRT Nagios box from current srv-102.afroditi.hellasgrid.gr into *.egi.eu domain (e.g. secmon.egi.eu). No service interruption is expected. To be completed by Q1 of 2012
  • Continue improving the backend Nagios-based security probes. CRL checking on services that have gridftp (CEs/SEs) and checking for known vulnerable file permissions via gridftp, are expected to be implemented by Q4 of 2012; Exploit the possibility of adding more security probe for other services

Security Training&Dissemination

  • To organize security trainings at EGI TF 2012; If possible, will join effort again with EMI security team to deliver the training sessions
  • To maintain and continue improving EGI CSIRT wikis, assisting best practice document development

Security procedures

  • To add security check to site certification procedure PROC09 (https://wiki.egi.eu/wiki/PROC09), propose the necessary change to the procedure to allow EGI CSIRT to carry out site security check (e.g. security patch) before it becomes certified, Q3 of 2012
  • Continue defining and developing new security procedures (such as Operational procedure for Certificate compromise) and updating existing procedures when requirement raised

Other Activities

  • EGI CSIRT will also keep track of development in area of identity federation, IPv6 security and cloud/virtualization security

EGI SVG Activities

SVG meetings

  • To organize an EGI SVG face to face meetings in 2012, possibly during the EGI TF 2012
  • Continue to organize EGI SVG monthly online meetings

Revise and improve Vulnerability Issue handing procedure

  • Improve internal procedures and RT usage for resolution of issues
  • Improve RT usage for reporting and computation of matricies as agreed
  • Update the issue handling document around PM27

Continue Vulnerability issue handling

  • As defined in the issue handling document, and agreed.
  • This includes investigation of issues, risk assessments, drafting advisories and co-ordination as necessary
  • Note this is SVG's largest activity

Vulnerability Assessments

  • Update the Vulnerability Assessment plan, including reporting progress made.

Coordination EUGridPMA