Difference between revisions of "EGI-InSPIRE:Plan 2012 SA1.2"

From EGIWiki
Jump to: navigation, search
Line 29: Line 29:
 
==Ongoing Activities==
 
==Ongoing Activities==
  
SSC5 regional NGI runs (see 2012 plan below)
+
* SSC5 regional NGI runs (see 2012 plan below)
  
Still some improvements need to be made to the use of the RT tracker for vulnerability handling.
+
* Still some improvements need to be made to the use of the RT tracker for vulnerability handling.
  
D4.4 EGI Security Assessment, Linda Cornwall is the leading author
+
* D4.4 EGI Security Assessment is being led and coordinated by Linda Cornwall
  
 
= Plans for 2012 =
 
= Plans for 2012 =
Line 42: Line 42:
  
 
==EGI CSIRT Activities==
 
==EGI CSIRT Activities==
 +
 +
===Project Mileston===
 +
 +
* project milestone MS419 - Operational Security Procedures is due at PM 27, Aug. 2012
 +
 +
===CSIRT meetings===
 +
 +
* To organize two face to face meetings in 2012: a 1.5 day EGI CSIRT face to face meeting in March or April 2012 and an EGI CSIRT face to face meeting during the EGI TF 2012
 +
 +
* Continue organizing EGI CSIRT monthly team meeting (online) and weekly operation meeting (online) on each Monday
 +
 +
===RTIR ticketing system===
 +
 +
* RTIR ticketing system further improvement, to develop more templates and organize a hands on training sessions for member of IRTF at next face to face meeting (March/April 2012)
 +
 +
* Continue improving issue handling with RT and RTIR and improving internal issue handling procedure/document
 +
 +
===Incident Response===
 +
 +
* Response to reported security incident and assist affected resource centers to resolve the incident
 +
 +
===Daily Operation===
 +
 +
* Incident Response Task Force (IRTF a subset of EGI CSIRT) members will take weekly security officer on duty rota and look after EGI CSIRT daily operation
 +
 +
===SSC 5 Framework Improvement and SSC5 NGI runs===
 +
 +
* To extend SSC5-framework and integrate more job-submission methods, ATLAS panda had been fully integrated, Globus and gLite job submission will be integrated by Q1 of 2012
 +
 +
* To improve stability & reliability of test-incident-status monitoring activity of the malware/user and access management at the sites such as banning and unbanning), anticipated to complete by Q1 of 2012
 +
 +
* To automate evaluation of the sites security operations and reporting, anticipated to complete by Q1 of 2012
 +
 +
* SSC5 regional run in NGIs, to pilot at least one NGI run in Q1 of 2012, other NGIs will follow.
 +
 +
===SSC6 plan===
 +
 +
* To prepare security service challenge 6. The SSC6 will simulate a security incident to test sites, VO and CSIRT incident response capabilities and their collaboration. The SSC6 preparation will complete by Q2 of 2012 and SSC6 is expected to launch in Q3 of 2012
 +
 +
* Evaluation of SSC6 results will be completed and made available to participants in Q4 of 2012.
 +
 +
===Security Dashboard===
 +
 +
* Security Dashboard further development & improvement based on gathered feedback, expect to be in full production in Q1 of 2012
 +
 +
* To define and optimize security alerts (as shown in security dashboard) handling workflow, explore the possibility of integrating non-critical security operation into normal day to day operation, expect to implement an initial workflow by Q2 of 2012
 +
 +
* To define some basic security metrics, which are calculated through security dashboard; expecting to produce regular security metric reports (monthly or quarterly) by Q3 of 2012
 +
 +
===Pakiti===
 +
 +
* A new version of Pakiti (Version 3) is expected to be released in Q2 of 2012
 +
 +
===Site wide security monitoring===
 +
 +
* To explore the feasibility of implementing site-wide security monitoring (patch monitoring) via job wrappers or other mechanism; To identity feasible solution, produce implementation plan and proposal by Q2 of 2012
 +
 +
===Nagios security monitoring===
 +
 +
* Migrate domain name of CSIRT Nagios box from current srv-102.afroditi.hellasgrid.gr into *.egi.eu domain (e.g. secmon.egi.eu). No service interruption is expected. To be completed by Q1 of 2012
 +
 +
* Continue improving the backend Nagios-based security probes. CRL checking on services that have gridftp (CEs/SEs) and checking for known vulnerable file permissions via gridftp, are expected to be implemented by Q4 of 2012; Exploit the possibility of adding more security probe for other services
 +
 +
===Security Training&Dissemination===
 +
 +
* To organize security trainings at EGI TF 2012; If possible, will join effort again with EMI security team to deliver the training sessions
 +
 +
* To maintain and continue improving EGI CSIRT wikis, assisting best practice document development
 +
 +
EGI CSIRT will also keep track of development in area of identity federation, IPv6 security and cloud/virtualization security
 +
 +
===Security procedures===
 +
 +
* To add security check to site certification procedure PROC09 (https://wiki.egi.eu/wiki/PROC09), propose the necessary change to the procedure to allow EGI CSIRT to carry out site security check (e.g. security patch) before it becomes certified, Q3 of 2012
 +
 +
* Continue defining and developing new security procedures and updating existing procedures when requirement raised
  
 
==EGI SVG Activities==
 
==EGI SVG Activities==

Revision as of 13:13, 14 December 2011

Assessment of progress, 2011

Completed Activities

  • EGI Security Incident Handling Procedure update, available at DocDB here
  • EGI Software Vulnerability Issue Handling Procedure update, available at DocDB here
  • New EGI CSIRT Critical Vulnerability Operational Procedure, available at DocDB here
  • Milestone MS412 - Operational Security Procedures, availabe at DocDB here
  • Plan of Vulnerability Assessment of Grid Middleware used in the EGI infrastructure was produced jointly with EMI, availabe at DocDB here
  • EGI CSIRT/SVG internal detailed procedure for handling critical software vulnerabilities available at EGI private wiki (update is needed as RT was replaced by RTIR)
  • A ticketing system for incident response - RTIR was put into production
  • Security Service challenge 5 EGI run was completed in June 2011, in total 40 EGI sites participated
  • Security dashboard initial release in Q3 of 2011, feedback and further requirement was solicited from NGI security officers. An improved version will be released in Q1 of 2012 (see 2012 plan)
  • Two security training sessions were organized at EGITF 2011. The training was very well received.
  • In 2011, EGI CSIRT organized monthly team meeting and from May 2011, SVG also organized monthly meeting; In 2011, CSIRT organized two face to face meetings and SVG organized one face to face meeting; EGI CSIRT also has weekly operation meeting each Monday morning.
  • As of 28th Nov 2011, totally 28 vulnerabilities were reported

Ongoing Activities

  • SSC5 regional NGI runs (see 2012 plan below)
  • Still some improvements need to be made to the use of the RT tracker for vulnerability handling.
  • D4.4 EGI Security Assessment is being led and coordinated by Linda Cornwall

Plans for 2012

Activities Cross Security Teams

A security Assessment, as described in D4.4 is planned for the early months of 2012, led and coordinated by Linda Cornwall

EGI CSIRT Activities

Project Mileston

  • project milestone MS419 - Operational Security Procedures is due at PM 27, Aug. 2012

CSIRT meetings

  • To organize two face to face meetings in 2012: a 1.5 day EGI CSIRT face to face meeting in March or April 2012 and an EGI CSIRT face to face meeting during the EGI TF 2012
  • Continue organizing EGI CSIRT monthly team meeting (online) and weekly operation meeting (online) on each Monday

RTIR ticketing system

  • RTIR ticketing system further improvement, to develop more templates and organize a hands on training sessions for member of IRTF at next face to face meeting (March/April 2012)
  • Continue improving issue handling with RT and RTIR and improving internal issue handling procedure/document

Incident Response

  • Response to reported security incident and assist affected resource centers to resolve the incident

Daily Operation

  • Incident Response Task Force (IRTF a subset of EGI CSIRT) members will take weekly security officer on duty rota and look after EGI CSIRT daily operation

SSC 5 Framework Improvement and SSC5 NGI runs

  • To extend SSC5-framework and integrate more job-submission methods, ATLAS panda had been fully integrated, Globus and gLite job submission will be integrated by Q1 of 2012
  • To improve stability & reliability of test-incident-status monitoring activity of the malware/user and access management at the sites such as banning and unbanning), anticipated to complete by Q1 of 2012
  • To automate evaluation of the sites security operations and reporting, anticipated to complete by Q1 of 2012
  • SSC5 regional run in NGIs, to pilot at least one NGI run in Q1 of 2012, other NGIs will follow.

SSC6 plan

  • To prepare security service challenge 6. The SSC6 will simulate a security incident to test sites, VO and CSIRT incident response capabilities and their collaboration. The SSC6 preparation will complete by Q2 of 2012 and SSC6 is expected to launch in Q3 of 2012
  • Evaluation of SSC6 results will be completed and made available to participants in Q4 of 2012.

Security Dashboard

  • Security Dashboard further development & improvement based on gathered feedback, expect to be in full production in Q1 of 2012
  • To define and optimize security alerts (as shown in security dashboard) handling workflow, explore the possibility of integrating non-critical security operation into normal day to day operation, expect to implement an initial workflow by Q2 of 2012
  • To define some basic security metrics, which are calculated through security dashboard; expecting to produce regular security metric reports (monthly or quarterly) by Q3 of 2012

Pakiti

  • A new version of Pakiti (Version 3) is expected to be released in Q2 of 2012

Site wide security monitoring

  • To explore the feasibility of implementing site-wide security monitoring (patch monitoring) via job wrappers or other mechanism; To identity feasible solution, produce implementation plan and proposal by Q2 of 2012

Nagios security monitoring

  • Migrate domain name of CSIRT Nagios box from current srv-102.afroditi.hellasgrid.gr into *.egi.eu domain (e.g. secmon.egi.eu). No service interruption is expected. To be completed by Q1 of 2012
  • Continue improving the backend Nagios-based security probes. CRL checking on services that have gridftp (CEs/SEs) and checking for known vulnerable file permissions via gridftp, are expected to be implemented by Q4 of 2012; Exploit the possibility of adding more security probe for other services

Security Training&Dissemination

  • To organize security trainings at EGI TF 2012; If possible, will join effort again with EMI security team to deliver the training sessions
  • To maintain and continue improving EGI CSIRT wikis, assisting best practice document development

EGI CSIRT will also keep track of development in area of identity federation, IPv6 security and cloud/virtualization security

Security procedures

  • To add security check to site certification procedure PROC09 (https://wiki.egi.eu/wiki/PROC09), propose the necessary change to the procedure to allow EGI CSIRT to carry out site security check (e.g. security patch) before it becomes certified, Q3 of 2012
  • Continue defining and developing new security procedures and updating existing procedures when requirement raised

EGI SVG Activities

  • Revise Vulnerability Issue handing document
  • Continue Vulnerability issue handling
  • Improve RT usage and internal procedures for resolution of issues

Coordination EUGridPMA