Difference between revisions of "EGI-InSPIRE:SA1.2-QR10"

From EGIWiki
Jump to: navigation, search
(4. Plans for the next period)
(2. Main Achievements)
Line 38: Line 38:
 
<not yet final>
 
<not yet final>
  
The incident response team handled one security incidents during the quarter
+
This quarter has seen one incident, EGI-20120731, which affected saao.ac.za. This site is not yet a full EGI member, but we worked with them to resolve the incident anyway.
and issued xx security advisories.
 
  
 +
Large efforts have gone into handling two WMS vulnerabilities, EGI-SVG-2012-4073 and EGI-SVG-2012-4039, as well as the more general issues surrounding sites running obsolescent software.
 +
 +
EGI CSIRT provided monitoring of sites that deploy obsolete grid
 +
middleware. The results were made available from the operations portal and
 +
handled by the COD team. The CSIRT will take over the handling of sites
 +
that are not updated at the end of Oct.
  
 
Good progress has been made on preparing for  
 
Good progress has been made on preparing for  
Line 47: Line 52:
 
into the SSC Framework took longer than anticipated.
 
into the SSC Framework took longer than anticipated.
  
Preparations have been made for the next EGI-CSIRT security tutorial to happen
+
development of the training framework, which was used during GridKa School and TF in Prague. Preparations have been made for the next EGI-CSIRT security tutorial to happen
 
at the GridKa summer school (August) and at the Technical Forum (September).  
 
at the GridKa summer school (August) and at the Technical Forum (September).  
 
These will include hands-on forensics exercises.
 
These will include hands-on forensics exercises.
  
The Software Vulnerability Group handled xx new vulnerabilities during the quarter
+
Advisories released for 2 WMS vulnerabilities concerning proxy theft. (1 High, 1 Critical).
and issued two advisories.
+
 +
Advisory released for retirement of gLite 3.2 components out of security support on 1st August 2012.
 +
 +
 
  
 
Discussions between CSIRT, SVG, and OMB agreed the approach to sites running  
 
Discussions between CSIRT, SVG, and OMB agreed the approach to sites running  

Revision as of 11:23, 2 November 2012

1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
23/08/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1148 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
17/09/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1160 EGI CSIRT team face to face meeting at EGI Technical Forum, Prague Review all current activities and plan for the future
25/10/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1227 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly EVO meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly

2. Main Achievements

<not yet final>

This quarter has seen one incident, EGI-20120731, which affected saao.ac.za. This site is not yet a full EGI member, but we worked with them to resolve the incident anyway.

Large efforts have gone into handling two WMS vulnerabilities, EGI-SVG-2012-4073 and EGI-SVG-2012-4039, as well as the more general issues surrounding sites running obsolescent software.

EGI CSIRT provided monitoring of sites that deploy obsolete grid middleware. The results were made available from the operations portal and handled by the COD team. The CSIRT will take over the handling of sites that are not updated at the end of Oct.

Good progress has been made on preparing for SSC6. The execution of this has been postponed until next quarter as integrating the CMS CRAB job management system into the SSC Framework took longer than anticipated.

development of the training framework, which was used during GridKa School and TF in Prague. Preparations have been made for the next EGI-CSIRT security tutorial to happen at the GridKa summer school (August) and at the Technical Forum (September). These will include hands-on forensics exercises.

Advisories released for 2 WMS vulnerabilities concerning proxy theft. (1 High, 1 Critical).

Advisory released for retirement of gLite 3.2 components out of security support on 1st August 2012.


Discussions between CSIRT, SVG, and OMB agreed the approach to sites running software for which security support has ended. A general advisory on this was issued by CSIRT and a further advisory has been drafted on the timeline for migration away from gLite 3.2 middleware components.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

<not yet final>

Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.

Work will continue on the monitoring of the migration from unsupported gLite 3.1/3.2 software and the handling and possible suspension of sites who fail.

Work will continue on Pakiti V3 and the move to site-wide security monitoring.

More NGIs will perform the national SSC (2012).

Security training will be prepared for the ISGC2013 conference. This will include hands-on training in forensics.

Work will continue on the annual review of the SVG issue handling procedure.