Difference between revisions of "EGI-InSPIRE:SA1.2-QR11"

From EGIWiki
Jump to: navigation, search
Line 60: Line 60:
 
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
 
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
 
-->  
 
-->  
 +
The incident response team handled two security incidents during the quarter
 +
and issued two security advisories.
 +
 +
A proposal was made to extend the Pakiti monitoring to include all machines
 +
at a site. The security monitoring team was also asked by Open Science Grid to
 +
host a Pakiti service to monitor their machines. A pilot operation has been started
 +
and its impact will be evaluated.
 +
 +
The security service challenge framework for SSC5 was extended to integrate more
 +
job-submission methods and to improve the reporting module. After this, SSC5 was
 +
performed at 4/5 sites in NGI-NL. Good progress has been made on preparing for
 +
SSC6. The execution of this has been
 +
postponed until next quarter as integrating the CMS CRAB job management system
 +
into the SSC Framework took longer than anticipated.
 +
 +
Preparations have been made for the next EGI-CSIRT security tutorial to happen
 +
at the GridKa summer school (August) and at the Technical Forum (September).
 +
These will include hands-on forensics exercises.
 +
 +
The Software Vulnerability Group handled 4 new vulnerabilities during the quarter
 +
and issued two advisories.
 +
 +
Discussions between CSIRT, SVG, and OMB agreed the approach to sites running
 +
software for which security support has ended. A general advisory on this was issued
 +
by CSIRT and a further advisory has been drafted on the timeline for migration
 +
away from gLite 3.2 middleware components.
 +
 +
  
 
= 3. Issues and Mitigation = <!-- fill the table below
 
= 3. Issues and Mitigation = <!-- fill the table below
Line 77: Line 105:
  
 
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->
 
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->
 +
Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.
 +
 +
The Site Certification Procedure will be revised to include the required security items and a procedure will be developed for the handling of compromised certificates.
 +
 +
Work will continue on requiring the timely migration from unsupported software.
 +
 +
Work will continue on Pakiti V3 and the move to site-wide security monitoring.
 +
 +
SSC6 will be performed at approximately 40 sites across EGI and more NGIs will perform the national variant of SSC5.
 +
 +
Security training will be given at the GridKa school and the Technical Forum.
 +
These will include hands-on training in forensics.
 +
 +
The annual review of the SVG issue handling procedure will be performed.

Revision as of 18:36, 6 February 2013

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports


1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
15/11/20112 https://www.egi.eu/indico/conferenceDisplay.py?confId=1250 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
22/11/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1255 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
13/12/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1256 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
20/12/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1285 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
17/01/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1300 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
18/01/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1297 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly EVO meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly
Weekly EVO meetings (every Monday) https://indico.egi.eu/indico/categoryDisplay.py?categId=71 "Monitoring & follow up of sites running unsupported software" - joint with EGI Operations Status of the Sites upgrading to supported software are reviewed weekly

2. Main Achievements

The incident response team handled two security incidents during the quarter and issued two security advisories.

A proposal was made to extend the Pakiti monitoring to include all machines at a site. The security monitoring team was also asked by Open Science Grid to host a Pakiti service to monitor their machines. A pilot operation has been started and its impact will be evaluated.

The security service challenge framework for SSC5 was extended to integrate more job-submission methods and to improve the reporting module. After this, SSC5 was performed at 4/5 sites in NGI-NL. Good progress has been made on preparing for SSC6. The execution of this has been postponed until next quarter as integrating the CMS CRAB job management system into the SSC Framework took longer than anticipated.

Preparations have been made for the next EGI-CSIRT security tutorial to happen at the GridKa summer school (August) and at the Technical Forum (September). These will include hands-on forensics exercises.

The Software Vulnerability Group handled 4 new vulnerabilities during the quarter and issued two advisories.

Discussions between CSIRT, SVG, and OMB agreed the approach to sites running software for which security support has ended. A general advisory on this was issued by CSIRT and a further advisory has been drafted on the timeline for migration away from gLite 3.2 middleware components.


3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

Work will continue on the improvements of the RT/RTIR ticketing system, e.g. to facilitate better reporting.

The Site Certification Procedure will be revised to include the required security items and a procedure will be developed for the handling of compromised certificates.

Work will continue on requiring the timely migration from unsupported software.

Work will continue on Pakiti V3 and the move to site-wide security monitoring.

SSC6 will be performed at approximately 40 sites across EGI and more NGIs will perform the national variant of SSC5.

Security training will be given at the GridKa school and the Technical Forum. These will include hands-on training in forensics.

The annual review of the SVG issue handling procedure will be performed.