Difference between revisions of "EGI-InSPIRE:SA1.2-QR11"
Line 63: | Line 63: | ||
and issued two security advisories. | and issued two security advisories. | ||
The security monitoring team was also asked by Open Science Grid to | |||
host a Pakiti service to monitor their machines. A pilot operation has been started | host a Pakiti service to monitor their machines. A pilot operation has been started | ||
and its impact will be evaluated. | and its impact will be evaluated. New custom security probes were developed as required for monitoring | ||
software now beyond end of life and for the NGI SAM instance. | |||
Establishment of a dedicated Nagios box to monitor MW components. | |||
SSC6 - report still needed | |||
Preparing for | |||
Preparations have been made for the next EGI-CSIRT security tutorial to happen | Preparations have been made for the next EGI-CSIRT security tutorial to happen | ||
Line 80: | Line 77: | ||
The Software Vulnerability Group handled 4 new vulnerabilities during the quarter | The Software Vulnerability Group handled 4 new vulnerabilities during the quarter | ||
and issued | and issued or updated five advisories, one of which was High Risk. | ||
Discussions between CSIRT, SVG, and OMB agreed the approach to sites running | Discussions between CSIRT, SVG, and OMB agreed the approach to sites running | ||
Line 87: | Line 84: | ||
away from gLite 3.2 middleware components. | away from gLite 3.2 middleware components. | ||
Planning for ISGC 2013 - seecurity workshop and talks (Security Operations and SCI) | |||
Submission of a poster on User Security for the April 2013 EGI Community Forum | |||
Planning for central emergency user suspension service. Policy and deployment mechanisms - mini project | |||
Define workplan for 2013 | |||
Participate in WLCG sec meeting at FNAL (17-18 Dec) | |||
Work on procedure for handling compromised certificates | |||
Central user banning meeting (13 Dec) and present to OMB on 18 Dec | |||
Propose mini-projects | |||
Planning for Global tasks evolution beyond EGI-InSPIRE | |||
and workshop | |||
= 3. Issues and Mitigation = <!-- fill the table below | = 3. Issues and Mitigation = <!-- fill the table below |
Revision as of 19:56, 6 February 2013
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Inspire reports menu: | Home • | SA1 weekly Reports • | SA1 Task QR Reports • | NGI QR Reports • | NGI QR User support Reports |
1. Task Meetings
Date (dd/mm/yyyy) | Url Indico Agenda | Title | Outcome |
---|---|---|---|
15/11/20112 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1250 | EGI SVG Monthly meeting | Review activities of the previous month and plan for the coming month |
22/11/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1255 | EGI CSIRT team Monthly meeting | Review activities of the previous month and plan for the coming month |
13/12/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1256 | EGI CSIRT team monthly meeting | Review activities of the previous month and plan for the coming month |
20/12/2012 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1285 | EGI SVG Monthly meeting | Review activities of the previous month and plan for the coming month |
17/01/2013 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1300 | EGI SVG Monthly meeting | Review activities of the previous month and plan for the coming month |
18/01/2013 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1297 | EGI CSIRT team monthly meeting | Review activities of the previous month and plan for the coming month |
Weekly EVO meetings (every Monday) | Minutes recorded in EGI CSIRT private wiki (not publicly accessible) | IRTF weekly meeting | Operational security issues are reviewed weekly |
Weekly EVO meetings (every Monday) | https://indico.egi.eu/indico/categoryDisplay.py?categId=71 | "Monitoring & follow up of sites running unsupported software" - joint with EGI Operations | Status of the Sites upgrading to supported software are reviewed weekly |
2. Main Achievements
The incident response team handled two security incidents during the quarter and issued two security advisories.
The security monitoring team was also asked by Open Science Grid to
host a Pakiti service to monitor their machines. A pilot operation has been started and its impact will be evaluated. New custom security probes were developed as required for monitoring software now beyond end of life and for the NGI SAM instance. Establishment of a dedicated Nagios box to monitor MW components.
SSC6 - report still needed Preparing for
Preparations have been made for the next EGI-CSIRT security tutorial to happen at the GridKa summer school (August) and at the Technical Forum (September). These will include hands-on forensics exercises.
The Software Vulnerability Group handled 4 new vulnerabilities during the quarter and issued or updated five advisories, one of which was High Risk.
Discussions between CSIRT, SVG, and OMB agreed the approach to sites running software for which security support has ended. A general advisory on this was issued by CSIRT and a further advisory has been drafted on the timeline for migration away from gLite 3.2 middleware components.
Planning for ISGC 2013 - seecurity workshop and talks (Security Operations and SCI)
Submission of a poster on User Security for the April 2013 EGI Community Forum
Planning for central emergency user suspension service. Policy and deployment mechanisms - mini project
Define workplan for 2013
Participate in WLCG sec meeting at FNAL (17-18 Dec)
Work on procedure for handling compromised certificates
Central user banning meeting (13 Dec) and present to OMB on 18 Dec Propose mini-projects
Planning for Global tasks evolution beyond EGI-InSPIRE
and workshop
3. Issues and Mitigation
Issue Description | Mitigation Description |
---|---|
4. Plans for the next period
Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.
The Site Certification Procedure will be revised to include the required security items and a procedure will be developed for the handling of compromised certificates.
Work will continue on requiring the timely migration from unsupported software.
Work will continue on Pakiti V3 and the move to site-wide security monitoring.
SSC6 will be performed at approximately 40 sites across EGI and more NGIs will perform the national variant of SSC5.
Security training will be given at the GridKa school and the Technical Forum. These will include hands-on training in forensics.
The annual review of the SVG issue handling procedure will be performed.