Difference between revisions of "EGI-InSPIRE:Plan 2013 SA1.2"

From EGIWiki
Jump to: navigation, search
(EGI CSIRT Activities)
 
(20 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Op menubar}} {{Template:Inspire_reports_menubar}} {{TOC_right}}  
+
{{EGI-Inspire_menubar}}{{Template:Inspire_reports_menubar}} {{TOC_right}}  
[[Category:EGI-inSPIRE SA1]]
+
 
 
= Assessment of progress in 2012 =
 
= Assessment of progress in 2012 =
  
Line 44: Line 44:
 
==Cross Security Team Activities==
 
==Cross Security Team Activities==
  
* MS235 Security Activity within EGI Month 34 Report detailing the non-operational security activity within EGI including SCG, SVG, EUGridPMA and IGTF.
+
* MS235 Security Activity within EGI Month 34 Report detailing the non-operational security activity within EGI including SCG, SVG, EUGridPMA and IGTF. (Q1)
* EGI Security Threat risk assessment - Report on what is being done concerning threats of highest risk value and highest impact value.
+
* EGI Security Threat risk assessment - Report on what is being done concerning threats of highest risk value and highest impact value. (Q2)
* Re-assess security risk assessment - start at end of 2013, to be completed before end of EGI-InSPIRE
+
* Re-assess security risk assessment - start at end of 2013, to be completed before end of EGI-InSPIRE (Q4)
* Investigate Federated Cloud Services and the implications for the various security groups. Assist in defining new policies and procedures to implement these.
+
* Investigate Federated Cloud Services and the implications for the various security groups. Assist in defining new policies and procedures to implement these. (Q3)
  
 
==EGI CSIRT Activities==
 
==EGI CSIRT Activities==
Line 56: Line 56:
 
* Via the Security Officer on Duty rota, carry out all agreed tasks as specified at
 
* Via the Security Officer on Duty rota, carry out all agreed tasks as specified at
 
https://wiki.egi.eu/csirt/index.php/Security_Officer_on_Duty_tasks
 
https://wiki.egi.eu/csirt/index.php/Security_Officer_on_Duty_tasks
 
  
 
===CSIRT meetings===
 
===CSIRT meetings===
Line 65: Line 64:
  
 
* Need improvements to RTIR for Security Service Challenges (Q2)
 
* Need improvements to RTIR for Security Service Challenges (Q2)
* EGI customisations need to be ported to new releases of RTIR (by EGI IT team) or move away from use of EGI SSO
+
* EGI customisations need to be ported to new releases of RTIR (by EGI IT team) or move away from use of EGI SSO (Q3)
  
 
===Incident Response===
 
===Incident Response===
  
 
* Regular weekly IRTF meetings
 
* Regular weekly IRTF meetings
* How we deal with loss of active members - build a sustainable future.
+
* handle security incidents as and when they occur
 
+
* Plan for and build a sustainable future beyond the end of EGI-InSPIRE (Q4)
 
 
  
 
===Security drills===
 
===Security drills===
  
* The natural agenda would be to run SSC7 in Q2-3, evaluation/debriefing in Q3
+
* Complete the evaluation of SSC6 (Q1)
* In addition we should try to get the NGI runs done, say one or two in Q1, more in the following Q n
+
* Define, develop and run SSC7 in Q3, with subsequent evaluation/debriefing
* Here we rely on RT-IR, I hope that Carlos/John can free up some time to migrate this part.
+
* NGI runs to be carried out, say one (Q1) and more in the quarters to follow
* SSC6 evaluation is depending on that, we need the RT-IR tickets from SSC6 for the report. This is currently not really accessible.
 
 
 
 
 
  
 
===Security monitoring tools===
 
===Security monitoring tools===
 
<!-- add or remove entries below as needed -->
 
<!-- add or remove entries below as needed -->
* SHA2 "campaign", if needed continue to support MW-Upgrade campaigns
+
* Assist in SHA2 "campaign"
 +
* if needed continue to support MW-Upgrade campaigns
 
* site-wide monitoring - a description of plans produced and delivered to OMB (Q1), technical pilot with a few NGIs implemented and evaluated (Q2-Q4)
 
* site-wide monitoring - a description of plans produced and delivered to OMB (Q1), technical pilot with a few NGIs implemented and evaluated (Q2-Q4)
 
* Pakiti release - alpha (Q2), final (Q4). If we don't have resources for more extensive development, the current development release will be frozen and stabilized. The EGI instance will be primarily supported focusing mainly on sufficient support for site-wide monitoring.
 
* Pakiti release - alpha (Q2), final (Q4). If we don't have resources for more extensive development, the current development release will be frozen and stabilized. The EGI instance will be primarily supported focusing mainly on sufficient support for site-wide monitoring.
 
* probes - overview the SVG/CSIRT issues/alerts and make sure they're monitored, enable sending notifications (Q2).
 
* probes - overview the SVG/CSIRT issues/alerts and make sure they're monitored, enable sending notifications (Q2).
 
* Collaboration with dashboard developers
 
* Collaboration with dashboard developers
** Involvement of RODs in handling non-criticial issues (our results start appearing in operational dashboard) (Q?)
+
** Involvement of RODs in handling non-criticial issues (our results start appearing in operational dashboard)
 
** Start providing reports to mgmt/NGIs/sites - providing monthly (?) plots summarizing number of issues detected/handled (Q2)
 
** Start providing reports to mgmt/NGIs/sites - providing monthly (?) plots summarizing number of issues detected/handled (Q2)
 
* Monitoring of our tool with EGI-wide monitoring (Q3)
 
* Monitoring of our tool with EGI-wide monitoring (Q3)
 
+
* nagios: CRL checking on services that have gridftp (CEs/SEs) and checking for known vulnerable file permissions via gridftp (Q2)
  
 
====Security Training&Dissemination====
 
====Security Training&Dissemination====
  
* We have the TF-CSIRT / FIRST in January in Lisbon (Q1)
+
* Training in the TF-CSIRT / FIRST in January in Lisbon (Q1)
* I could think of running it again at GKS and TF (Q2/3)
+
* Training at ISGC 2013 (Q1)
* Additional Trainings might be possible at other Grid-events.
+
* Preparation of a poster for EGI CF (Q2)
* Wiki renovation
+
* Consider training at other Grid events such as GKS and TF (Q2/3)
 
+
* Updating and renovation of the CSIRT Wiki (Q4)
  
 
====Security procedures====
 
====Security procedures====
  
* EGI CSIRT operational procedure for compromised certificates. (1st quarter)
+
* EGI CSIRT operational procedure for compromised certificates. (Q1)
 +
* Review of Incident Handling procedures (Q4)
  
 
==EGI SVG Activities==
 
==EGI SVG Activities==
 
<!-- Add or remove entries as needed -->
 
<!-- Add or remove entries as needed -->
 +
===Continue Vulnerability issue handling===
 +
* The most important activity of the group is to perform its ongoing operational duties handling vulnerabilities according to the agreed procedures
  
 
===SVG meetings===
 
===SVG meetings===
  
* Regular monthly SVG meetings
+
* Monthly SVG meetings
* SVG session at Technical Forum
+
* SVG session at EGI Technical Forum
  
 
===Revise and improve Vulnerability Issue handing procedure ===
 
===Revise and improve Vulnerability Issue handing procedure ===
  
* Revise EGI Software Vulnerability Handling procedure for Post EMI/IGE. (Also submitted an abstract to present this at the CF.)
+
* Revise EGI Software Vulnerability Handling procedure for Post EMI/IGE (Q1). (Also submitted an abstract to present this at the CF.)
* Poster at CF on how to report a vulnerability or incident (and explain the difference) to be generally useful as well as for the CF. (CSIRT/SVG)
+
* Poster at CF on how to report a vulnerability or incident (and explain the difference) to be generally useful as well as for the CF. (Q2) (CSIRT/SVG)
* Further revise Vulnerability issue handling - after a few months using it.
+
* Further revise Vulnerability issue handling - after a few months using it. (Q3)
 
+
* Improve tracking of vulnerable and fixed RPM versions, platforms, and distributions. (Q4)
===Continue Vulnerability issue handling===
 
 
 
* Regular ongoing work
 
  
 
===Vulnerability Assessments===
 
===Vulnerability Assessments===
  
* Completion of WMS vulnerability Assessment (asked Elisa to confirm)
+
* Completion of WMS vulnerability Assessment (Q1)
* Start of CREAM vulnerability Assessment (asked Elisa to confirm)
+
* CREAM vulnerability Assessment (Q2)
* Report on Status of Vulnerability assessment after the end of EMI - and whether anything further can be done.
+
* Report on Status of Vulnerability assessment after the end of EMI - and whether anything further can be done. (Q2)

Latest revision as of 19:05, 24 December 2014

EGI Inspire Main page


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports



Assessment of progress in 2012

Completed Activities and Milestones

Successful ongoing security operational activities, including SVG operations and close collaboration on the MW upgrade campaign.

Specific milestones achieved during 2012 include:

  • extension of access Monitor Module of SSC5
  • 1 NGI run of SSC5
  • further development of security dashboard
  • EMI Vulnerability Assessment of VOMS Core
  • Security Threat Risk Assessment (as described in D4.4)
  • CSIRT face to face meeting
  • extension of SSC5 framework (integration of more job-submission methods), improvement of reporting module
  • optimization of alerts in security dashboard
  • proposal for site-wide security monitoring
  • Update of the EGI Software Vulnerability Group/EMI Vulnerability Assessment plan, including status report. (This is for pro-active examination of software to find vulnerabilities that may exist carried out by our collaborators.)
  • Ran SSC6
  • update of site certification procedure
  • SVG face to face meeting
  • security training at EGI technical forum
  • EMI Vulnerability Assessment of WMS completion started (but delayed by illness)

Milestones not accomplished

  • The security vulnerability assessment of WMS and CREAM (started but not completed)
  • Improvements to the RTIR ticketing system are still awaited
  • The evaluation of SSC6 still to be completed
  • nagios: CRL checking on services that have gridftp (CEs/SEs) and checking for known vulnerable file permissions via gridftp
  • The revision of the Vulnerability Issue handing procedure was postponed to handle post EMI/IGE handling at the same time
  • EGI CSIRT operational procedure for compromised certificates still to be done
  • Security monitoring
    • New version of Pakiti -- largely maintenance performed; insufficient effort to finish current development version
    • docs on site-wide monitoring

Plans for 2013

Cross Security Team Activities

  • MS235 Security Activity within EGI Month 34 Report detailing the non-operational security activity within EGI including SCG, SVG, EUGridPMA and IGTF. (Q1)
  • EGI Security Threat risk assessment - Report on what is being done concerning threats of highest risk value and highest impact value. (Q2)
  • Re-assess security risk assessment - start at end of 2013, to be completed before end of EGI-InSPIRE (Q4)
  • Investigate Federated Cloud Services and the implications for the various security groups. Assist in defining new policies and procedures to implement these. (Q3)

EGI CSIRT Activities

Daily security operations

A very important part of the CSIRT work

  • Via the Security Officer on Duty rota, carry out all agreed tasks as specified at

https://wiki.egi.eu/csirt/index.php/Security_Officer_on_Duty_tasks

CSIRT meetings

  • Regular monthly team meetings including 2 F2F meetings

RTIR ticketing system

  • Need improvements to RTIR for Security Service Challenges (Q2)
  • EGI customisations need to be ported to new releases of RTIR (by EGI IT team) or move away from use of EGI SSO (Q3)

Incident Response

  • Regular weekly IRTF meetings
  • handle security incidents as and when they occur
  • Plan for and build a sustainable future beyond the end of EGI-InSPIRE (Q4)

Security drills

  • Complete the evaluation of SSC6 (Q1)
  • Define, develop and run SSC7 in Q3, with subsequent evaluation/debriefing
  • NGI runs to be carried out, say one (Q1) and more in the quarters to follow

Security monitoring tools

  • Assist in SHA2 "campaign"
  • if needed continue to support MW-Upgrade campaigns
  • site-wide monitoring - a description of plans produced and delivered to OMB (Q1), technical pilot with a few NGIs implemented and evaluated (Q2-Q4)
  • Pakiti release - alpha (Q2), final (Q4). If we don't have resources for more extensive development, the current development release will be frozen and stabilized. The EGI instance will be primarily supported focusing mainly on sufficient support for site-wide monitoring.
  • probes - overview the SVG/CSIRT issues/alerts and make sure they're monitored, enable sending notifications (Q2).
  • Collaboration with dashboard developers
    • Involvement of RODs in handling non-criticial issues (our results start appearing in operational dashboard)
    • Start providing reports to mgmt/NGIs/sites - providing monthly (?) plots summarizing number of issues detected/handled (Q2)
  • Monitoring of our tool with EGI-wide monitoring (Q3)
  • nagios: CRL checking on services that have gridftp (CEs/SEs) and checking for known vulnerable file permissions via gridftp (Q2)

Security Training&Dissemination

  • Training in the TF-CSIRT / FIRST in January in Lisbon (Q1)
  • Training at ISGC 2013 (Q1)
  • Preparation of a poster for EGI CF (Q2)
  • Consider training at other Grid events such as GKS and TF (Q2/3)
  • Updating and renovation of the CSIRT Wiki (Q4)

Security procedures

  • EGI CSIRT operational procedure for compromised certificates. (Q1)
  • Review of Incident Handling procedures (Q4)

EGI SVG Activities

Continue Vulnerability issue handling

  • The most important activity of the group is to perform its ongoing operational duties handling vulnerabilities according to the agreed procedures

SVG meetings

  • Monthly SVG meetings
  • SVG session at EGI Technical Forum

Revise and improve Vulnerability Issue handing procedure

  • Revise EGI Software Vulnerability Handling procedure for Post EMI/IGE (Q1). (Also submitted an abstract to present this at the CF.)
  • Poster at CF on how to report a vulnerability or incident (and explain the difference) to be generally useful as well as for the CF. (Q2) (CSIRT/SVG)
  • Further revise Vulnerability issue handling - after a few months using it. (Q3)
  • Improve tracking of vulnerable and fixed RPM versions, platforms, and distributions. (Q4)

Vulnerability Assessments

  • Completion of WMS vulnerability Assessment (Q1)
  • CREAM vulnerability Assessment (Q2)
  • Report on Status of Vulnerability assessment after the end of EMI - and whether anything further can be done. (Q2)