The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
Difference between revisions of "EGI-InSPIRE:SA1.2-QR10"
| Line 12: | Line 12: | ||
! style="width: 50%" | Outcome | ! style="width: 50%" | Outcome | ||
|- | |- | ||
| | | 15/05/2012 | ||
| ... | | https://www.egi.eu/indico/conferenceDisplay.py?confId=1035 | ||
| | | The EGI Security Risk Assessment Group - refinement of ratings | ||
| | | Review the risk assessments already provided and resolve differences | ||
|- | |- | ||
| 24/05/2012 | |||
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1053 | |||
| EGI CSIRT team Monthly meeting | |||
| Review activities of the previous month and plan for the coming month | |||
|- | |||
| 14/06/2012 | |||
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1087 | |||
| The EGI Security Risk Assessment Group - working towards the final report | |||
| Finalise the risk assessment and decide on content of final report | |||
|- | |||
| 21/06/20112 | |||
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1094 | |||
| EGI SVG Monthly meeting | |||
| Review activities of the previous month and plan for the coming month | |||
|- | |||
| 25/06/2012 | |||
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1095 | |||
| EGI CSIRT team monthly meeting | |||
| Review activities of the previous month and plan for the coming month | |||
|- | |||
| 19/07/2012 | |||
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1128 | |||
| EGI SVG Monthly meeting | |||
| Review activities of the previous month and plan for the coming month | |||
|- | |||
| 26/07/2012 | |||
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1134 | |||
| EGI CSIRT team monthly meeting | |||
| Review activities of the previous month and plan for the coming month | |||
|- | |||
| Weekly EVO meetings (every Monday) | |||
| Minutes recorded in EGI CSIRT private wiki (not publicly accessible) | |||
| IRTF weekly meeting | |||
| Operational security issues are reviewed weekly | |||
|} | |} | ||
= 2. Main Achievements = <!-- | = 2. Main Achievements = <!-- | ||
Note. This is a detailed account of progress over the previous quarter of activities within the task. | Note. This is a detailed account of progress over the previous quarter of activities within the task. | ||
--> | |||
-- | The incident response team handled two security incidents during the quarter | ||
and issued two security advisories. | |||
A proposal was made to extend the Pakiti monitoring to include all machines | |||
at a site. The security monitoring team was also asked by Open Science Grid to | |||
host a Pakiti service to monitor their machines. A pilot operation has been started | |||
and its impact will be evaluated. | |||
The security service challenge framework for SSC5 was extended to integrate more | |||
job-submission methods and to improve the reporting module. After this, SSC5 was | |||
performed at 4/5 sites in NGI-NL. Good progress has been made on preparing for | |||
SSC6. The execution of this has been | |||
postponed until next quarter as integrating the CMS CRAB job management system | |||
into the SSC Framework took longer than anticipated. | |||
= 3. Issues and Mitigation = <!-- fill the table below | Preparations have been made for the next EGI-CSIRT security tutorial to happen | ||
at the GridKa summer school (August) and at the Technical Forum (September). | |||
These will include hands-on forensics exercises. | |||
The Software Vulnerability Group handled 4 new vulnerabilities during the quarter | |||
and issued two advisories. | |||
Discussions between CSIRT, SVG, and OMB agreed the approach to sites running | |||
software for which security support has ended. A general advisory on this was issued | |||
by CSIRT and a further advisory has been drafted on the timeline for migration | |||
away from gLite 3.2 middleware components. | |||
The EGI Security Threat Risk Assessment activity and the related final report were | |||
completed. | |||
= 3. Issues and Mitigation = <!-- fill the table below --> | |||
{| cellspacing="0" cellpadding="2" border="1" | {| cellspacing="0" cellpadding="2" border="1" | ||
| Line 39: | Line 100: | ||
|} | |} | ||
= 4. Plans for the next period = <!-- provide your text below. | = 4. Plans for the next period = <!-- provide your text below --> | ||
Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting. | |||
Work will continue on the monitoring of the migration from unsupported gLite 3.1/3.2 software and the handling and possible suspension of sites who fail. | |||
Work will continue on Pakiti V3 and the move to site-wide security monitoring. | |||
More NGIs will perform the national SSC (2012). | |||
Security training will be prepared for the ISGC2013 conference. This will include hands-on training in forensics. | |||
Work will continue on the annual review of the SVG issue handling procedure. | |||
Revision as of 16:34, 30 October 2012
1. Task Meetings
| Date (dd/mm/yyyy) | Url Indico Agenda | Title | Outcome |
|---|---|---|---|
| 15/05/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1035 | The EGI Security Risk Assessment Group - refinement of ratings | Review the risk assessments already provided and resolve differences |
| 24/05/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1053 | EGI CSIRT team Monthly meeting | Review activities of the previous month and plan for the coming month |
| 14/06/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1087 | The EGI Security Risk Assessment Group - working towards the final report | Finalise the risk assessment and decide on content of final report |
| 21/06/20112 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1094 | EGI SVG Monthly meeting | Review activities of the previous month and plan for the coming month |
| 25/06/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1095 | EGI CSIRT team monthly meeting | Review activities of the previous month and plan for the coming month |
| 19/07/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1128 | EGI SVG Monthly meeting | Review activities of the previous month and plan for the coming month |
| 26/07/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1134 | EGI CSIRT team monthly meeting | Review activities of the previous month and plan for the coming month |
| Weekly EVO meetings (every Monday) | Minutes recorded in EGI CSIRT private wiki (not publicly accessible) | IRTF weekly meeting | Operational security issues are reviewed weekly |
2. Main Achievements
The incident response team handled two security incidents during the quarter and issued two security advisories.
A proposal was made to extend the Pakiti monitoring to include all machines at a site. The security monitoring team was also asked by Open Science Grid to host a Pakiti service to monitor their machines. A pilot operation has been started and its impact will be evaluated.
The security service challenge framework for SSC5 was extended to integrate more job-submission methods and to improve the reporting module. After this, SSC5 was performed at 4/5 sites in NGI-NL. Good progress has been made on preparing for SSC6. The execution of this has been postponed until next quarter as integrating the CMS CRAB job management system into the SSC Framework took longer than anticipated.
Preparations have been made for the next EGI-CSIRT security tutorial to happen at the GridKa summer school (August) and at the Technical Forum (September). These will include hands-on forensics exercises.
The Software Vulnerability Group handled 4 new vulnerabilities during the quarter and issued two advisories.
Discussions between CSIRT, SVG, and OMB agreed the approach to sites running software for which security support has ended. A general advisory on this was issued by CSIRT and a further advisory has been drafted on the timeline for migration away from gLite 3.2 middleware components.
The EGI Security Threat Risk Assessment activity and the related final report were completed.
3. Issues and Mitigation
| Issue Description | Mitigation Description |
|---|---|
4. Plans for the next period
Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.
Work will continue on the monitoring of the migration from unsupported gLite 3.1/3.2 software and the handling and possible suspension of sites who fail.
Work will continue on Pakiti V3 and the move to site-wide security monitoring.
More NGIs will perform the national SSC (2012).
Security training will be prepared for the ISGC2013 conference. This will include hands-on training in forensics.
Work will continue on the annual review of the SVG issue handling procedure.