1. Task Meetings
|Date (dd/mm/yyyy)||Url Indico Agenda||Title||Outcome|
|23/08/2012||https://www.egi.eu/indico/conferenceDisplay.py?confId=1148||EGI CSIRT team Monthly meeting||Review activities of the previous month and plan for the coming month|
|17/09/2012||https://www.egi.eu/indico/conferenceDisplay.py?confId=1160||EGI CSIRT team face to face meeting at EGI Technical Forum, Prague||Review all current activities and plan for the future|
|25/10/2012||https://www.egi.eu/indico/conferenceDisplay.py?confId=1227||EGI CSIRT team monthly meeting||Review activities of the previous month and plan for the coming month|
|Weekly EVO meetings (every Monday)||Minutes recorded in EGI CSIRT private wiki (not publicly accessible)||IRTF weekly meeting||Operational security issues are reviewed weekly|
2. Main Achievements
This quarter has seen the handling of one security incident, EGI-20120731, which affected saao.ac.za. This site is not yet a full EGI member, but we worked with them to resolve the incident anyway.
Large efforts have gone into the monitoring and handling of two WMS vulnerabilities, EGI-SVG-2012-4073 and EGI-SVG-2012-4039. EGI CSIRT provided monitoring of sites that deploy obsolete grid middleware (gLite 3.1 and 3.2). The results were made available from the operations portal and handled by the COD team. The CSIRT will take over the handling of sites that are not updated at the end of October 2012.
Security service challenge SSC6 was fully prepared and executed on ~40 sites in early September 2012. A full analysis of the results is underway and will be completed next quarter.
As a part of the Training and Dissemination activities of the EGI CSIRT group, a security hands-on was organised for the EGI 2012 TF in Prague. In this event, we focused our attention on the topic of the forensic analysis, using a training test bed which was initially developed for the latest GridKa school. The participants took the role as as security teams being responsible for the operational security of simulated grid sites running in a virtualised environment. They faced attacks very similar to those seen in real life. The teams' task was to respond to these attacks and keep their services up and running as far as possible. Two kind of attack scenarios have been considered, one involving vulnerability of the OS as seen in recent real incidents and one exploring the Grid technology. The training took three sessions for a total of 6 hours. The EGI CSIRT plan is to keep on developing this training test bed, also improving the related documentation, and using it also for the next security trainings events inside the EGI community.
SVG released two advisories for WMS vulnerabilities concerning proxy theft. (1 High, 1 Critical). An advisory was also released on 1st August 2012 for the retirement of gLite 3.2 components out of security support.
3. Issues and Mitigation
|Issue Description||Mitigation Description|
4. Plans for the next period
<not yet final>
Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.
Work will continue on the monitoring of the migration from unsupported gLite 3.1/3.2 software and the handling and possible suspension of sites who fail.
Work will continue on Pakiti V3 and the move to site-wide security monitoring.
More NGIs will perform the national SSC (2012).
Security training will be prepared for the ISGC2013 conference. This will include hands-on training in forensics.
Work will continue on the annual review of the SVG issue handling procedure.
Sort out status and advisories for open ‘Low’ risk issues.
Revise: EGI Software Vulnerability issue handling procedure.
EGI/EMI Vulnerability Assessment plan/status document.
Write: EGI CSIRT Operational Procedure for Compromised Certificates.