The wiki is in the process of being deprecated and migrated to other supports.

Difference between revisions of "EGI-InSPIRE:SA1.2-QR10"

From EGIWiki
Jump to navigation Jump to search
 
(12 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[[Category:SA1 Task QR Reports]]
{{Template:EGI-Inspire menubar}}
 
{{Template:Inspire_reports_menubar}}
{{TOC_right}}
= 1. Task Meetings = <!--
= 1. Task Meetings = <!--
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Line 12: Line 15:
! style="width: 50%" | Outcome
! style="width: 50%" | Outcome
|-
|-
| 15/05/2012
| 23/08/2012
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1035
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1148
| The EGI Security Risk Assessment Group - refinement of ratings
| Review the risk assessments already provided and resolve differences
|-
| 24/05/2012
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1053
| EGI CSIRT team Monthly meeting  
| EGI CSIRT team Monthly meeting  
| Review activities of the previous month and plan for the coming month
| Review activities of the previous month and plan for the coming month
|-
|-
| 14/06/2012
| 17/09/2012  
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1087
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1160
| The EGI Security Risk Assessment Group - working towards the final report
| EGI CSIRT team face to face meeting at EGI Technical Forum, Prague
| Finalise the risk assessment and decide on content of final report
| Review all current activities and plan for the future
|-
| 21/06/20112
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1094
| EGI SVG Monthly meeting
| Review activities of the previous month and plan for the coming month
|-
|-
| 25/06/2012  
| 25/10/2012
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1095
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1227
| EGI CSIRT team monthly meeting
| Review activities of the previous month and plan for the coming month
|-
| 19/07/2012
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1128
| EGI SVG Monthly meeting
| Review activities of the previous month and plan for the coming month
|-
| 26/07/2012
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1134
| EGI CSIRT team monthly meeting  
| EGI CSIRT team monthly meeting  
| Review activities of the previous month and plan for the coming month
| Review activities of the previous month and plan for the coming month
Line 56: Line 39:
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
-->
-->
The incident response team handled two security incidents during the quarter
This quarter has seen the handling of one security incident, EGI-20120731, which affected saao.ac.za. This site is not yet a full EGI member, but we worked with them to resolve the incident anyway.
and issued two security advisories.
 
A proposal was made to extend the Pakiti monitoring to include all machines
at a site. The security monitoring team was also asked by Open Science Grid to
host a Pakiti service to monitor their machines. A pilot operation has been started
and its impact will be evaluated.
 
The security service challenge framework for SSC5 was extended to integrate more
job-submission methods and to improve the reporting module. After this, SSC5 was
performed at 4/5 sites in NGI-NL. Good progress has been made on preparing for
SSC6. The execution of this has been
postponed until next quarter as integrating the CMS CRAB job management system
into the SSC Framework took longer than anticipated.


Preparations have been made for the next EGI-CSIRT security tutorial to happen
Large efforts have gone into the monitoring and handling of two WMS vulnerabilities, EGI-SVG-2012-4073 and EGI-SVG-2012-4039. EGI CSIRT provided monitoring of sites that deploy obsolete grid middleware (gLite 3.1 and 3.2). The results were made available from the operations portal and handled by the COD team. The CSIRT will take over the handling of sites that are not updated at the end of October 2012.
at the GridKa summer school (August) and at the Technical Forum (September).  
These will include hands-on forensics exercises.


The Software Vulnerability Group handled 4 new vulnerabilities during the quarter
Security service challenge SSC6 was fully prepared and executed on ~40 sites in early September 2012. A full analysis of the results is underway and will be completed next quarter.
and issued two advisories.


Discussions between CSIRT, SVG, and OMB agreed the approach to sites running
As a part of the Training and Dissemination activities of the EGI CSIRT group, a security hands-on was organised for the EGI 2012 TF in Prague. In this event, we focused our attention on the topic of the forensic
software for which security support has ended. A general advisory on this was issued
analysis, using a training test bed which was initially developed for the latest GridKa school. The participants took the role as as security teams being responsible for the operational security of simulated grid sites running in a virtualised environment. They faced attacks very similar to those seen in real life. The teams' task was to respond to these attacks and keep their services up and running as far as possible. Two kind of attack scenarios have been considered, one involving vulnerability of the OS as seen in recent real incidents and one exploring the Grid technology. The training took three sessions for a total of 6 hours. The EGI CSIRT plan is to keep on developing this training test bed, also improving the related documentation, and using it also for the next security trainings events inside the EGI community.
by CSIRT and a further advisory has been drafted on the timeline for migration
away from gLite 3.2 middleware components.


The EGI Security Threat Risk Assessment activity and the related final report were
SVG released two advisories for WMS vulnerabilities concerning proxy theft. (1 High, 1 Critical). An advisory was also released on 1st August 2012 for the retirement of gLite 3.2 components out of security support.
completed.


= 3. Issues and Mitigation = <!-- fill the table below -->  
= 3. Issues and Mitigation = <!-- fill the table below -->  
Line 101: Line 65:


= 4. Plans for the next period = <!-- provide your text below -->
= 4. Plans for the next period = <!-- provide your text below -->
Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.  
Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.  


Line 106: Line 71:


Work will continue on Pakiti V3 and the move to site-wide security monitoring.
Work will continue on Pakiti V3 and the move to site-wide security monitoring.
The SSC6 which took place in September 2012 will be fully analysed and a report will be written.


More NGIs will perform the national SSC (2012).
More NGIs will perform the national SSC (2012).


Security training will be prepared for the ISGC2013 conference. This will include hands-on training in forensics.
Security training will be prepared for the ISGC2013 conference and the EGI Community Forum 2013. This will build on the work done for EGI TF 2012 and include hands-on training in forensics.


Work will continue on the annual review of the SVG issue handling procedure.
Work will continue on the annual review of the SVG issue handling procedure. SVG will sort out the status and advisories for open ‘Low’ risk issues.
SVG will revise  the EGI Software Vulnerability issue handling procedure and update the  EGI/EMI Vulnerability Assessment plan/status document.
The EGI CSIRT Operational Procedure for Compromised Certificates will be prepared.

Latest revision as of 17:53, 6 January 2015

EGI Inspire Main page


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports



1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
23/08/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1148 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
17/09/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1160 EGI CSIRT team face to face meeting at EGI Technical Forum, Prague Review all current activities and plan for the future
25/10/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1227 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly EVO meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly

2. Main Achievements

This quarter has seen the handling of one security incident, EGI-20120731, which affected saao.ac.za. This site is not yet a full EGI member, but we worked with them to resolve the incident anyway.

Large efforts have gone into the monitoring and handling of two WMS vulnerabilities, EGI-SVG-2012-4073 and EGI-SVG-2012-4039. EGI CSIRT provided monitoring of sites that deploy obsolete grid middleware (gLite 3.1 and 3.2). The results were made available from the operations portal and handled by the COD team. The CSIRT will take over the handling of sites that are not updated at the end of October 2012.

Security service challenge SSC6 was fully prepared and executed on ~40 sites in early September 2012. A full analysis of the results is underway and will be completed next quarter.

As a part of the Training and Dissemination activities of the EGI CSIRT group, a security hands-on was organised for the EGI 2012 TF in Prague. In this event, we focused our attention on the topic of the forensic analysis, using a training test bed which was initially developed for the latest GridKa school. The participants took the role as as security teams being responsible for the operational security of simulated grid sites running in a virtualised environment. They faced attacks very similar to those seen in real life. The teams' task was to respond to these attacks and keep their services up and running as far as possible. Two kind of attack scenarios have been considered, one involving vulnerability of the OS as seen in recent real incidents and one exploring the Grid technology. The training took three sessions for a total of 6 hours. The EGI CSIRT plan is to keep on developing this training test bed, also improving the related documentation, and using it also for the next security trainings events inside the EGI community.

SVG released two advisories for WMS vulnerabilities concerning proxy theft. (1 High, 1 Critical). An advisory was also released on 1st August 2012 for the retirement of gLite 3.2 components out of security support.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.

Work will continue on the monitoring of the migration from unsupported gLite 3.1/3.2 software and the handling and possible suspension of sites who fail.

Work will continue on Pakiti V3 and the move to site-wide security monitoring.

The SSC6 which took place in September 2012 will be fully analysed and a report will be written.

More NGIs will perform the national SSC (2012).

Security training will be prepared for the ISGC2013 conference and the EGI Community Forum 2013. This will build on the work done for EGI TF 2012 and include hands-on training in forensics.

Work will continue on the annual review of the SVG issue handling procedure. SVG will sort out the status and advisories for open ‘Low’ risk issues.

SVG will revise the EGI Software Vulnerability issue handling procedure and update the EGI/EMI Vulnerability Assessment plan/status document.

The EGI CSIRT Operational Procedure for Compromised Certificates will be prepared.