Difference between revisions of "EGI-InSPIRE:SA1.2-QR12"

From EGIWiki
Jump to: navigation, search
 
(5 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Op menubar}}
+
{{Template:EGI-Inspire menubar}}
 +
 
 
{{Template:Inspire_reports_menubar}}
 
{{Template:Inspire_reports_menubar}}
 
{{TOC_right}}
 
{{TOC_right}}
[[Category:SA1 Task QR Reports]]
+
 
 
= 1. Task Meetings = <!--
 
= 1. Task Meetings = <!--
 
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
 
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Line 14: Line 15:
 
! style="width: 20%" | Title  
 
! style="width: 20%" | Title  
 
! style="width: 50%" | Outcome
 
! style="width: 50%" | Outcome
|-
 
| ...
 
| ....
 
| ...
 
| ...
 
|-
 
|}
 
 
 
|-
 
|-
 
| 21/02/2013
 
| 21/02/2013
Line 31: Line 24:
 
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1336  
 
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1336  
 
| EGI CSIRT team Monthly meeting  
 
| EGI CSIRT team Monthly meeting  
 +
| Review activities of the previous month and plan for the coming month
 +
|-
 +
| 22/03/2013
 +
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1370
 +
| EGI SVG Monthly meeting
 
| Review activities of the previous month and plan for the coming month
 
| Review activities of the previous month and plan for the coming month
 
|-
 
|-
Line 36: Line 34:
 
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1371  
 
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1371  
 
| EGI CSIRT team monthly meeting  
 
| EGI CSIRT team monthly meeting  
| Review activities of the previous month and plan for the coming month
 
|-
 
| 22/03/2013
 
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1370
 
| EGI SVG Monthly meeting
 
 
| Review activities of the previous month and plan for the coming month
 
| Review activities of the previous month and plan for the coming month
 
|-
 
|-
Line 53: Line 46:
 
| Review all activities, discuss current issues, collaborate with PRACE and EUDAT and plan for the coming months
 
| Review all activities, discuss current issues, collaborate with PRACE and EUDAT and plan for the coming months
 
|-
 
|-
| Weekly EVO meetings (every Monday)
+
| Weekly Video conference meetings (every Monday)
 
| Minutes recorded in EGI CSIRT private wiki (not publicly accessible)
 
| Minutes recorded in EGI CSIRT private wiki (not publicly accessible)
 
| IRTF weekly meeting
 
| IRTF weekly meeting
 
| Operational security issues are reviewed weekly
 
| Operational security issues are reviewed weekly
 
|}
 
|}
 
 
  
 
= 2. Main Achievements = <!--
 
= 2. Main Achievements = <!--
Line 66: Line 57:
 
-->  
 
-->  
  
The improvements to the RT/RTIR ticketing system for the tracking of security service challenges will be finalised.
+
The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continued to meet monthly by video conference and we held our six-monthly face to face meeting in Linkoping, Sweden on 24/25 April. At that meeting we discussed the changes in procedures and approach required for dealing with security in a federated Cloud environment. Traceability continues to be of utmost importance and logging and monitoring will also be essential. We agreed that we need to start by considering some simple use cases and we identified the need to work with the EGI federated Cloud team. We invited representatives from both PRACE and EUDAT to our face to face meeting. This was very useful not only for sharing information but we also all see great benefits in working closer together in the future as we move towards a sustainable security team beyond the current projects. It was agreed that a joint EGI/PRACE/EUDAT security workshop in the autumn of 2013 would be very useful. Planning for this has started.
  
Work will continue on requiring the timely migration from unsupported software, this time for the retirement of EMI 1 middleware and services, by the end of April 2013.
+
In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. This did however enable the Incident Response Task Force (IRTF) to work on other longer term issues. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Three "high-risk" advisories were issued to all site security contacts during the quarter.
  
SSC6 will be fully analysed and one or two NGIs will perform national SSCs.
+
For the Security Service Challenge (SSC) activity, improvements were made to the RT/RTIR ticketing system and the reporting modules. This work did not happen in time to produce the final report for the recent SSC6 run which will now be done next quarter. Plans were also made for two NGI SSC runs. An SSC of 11 sites in the UK NGI was successfully carried out in March. All sites performed well and detailed feedback is under preparation. The German NGI will run the next SSC.
  
The new release (an alpha release) of Pakiti will take place this next quarter. Developments will be made to security monitoring to track all SVG and CSIRT alerts and advisories as required.
+
The security monitoring sub-group was active during the quarter but with reduced effort. A new release of Pakiti was made during the quarter. Developments were also made to security monitoring to track all SVG and CSIRT alerts and advisories as required and for the retirement of EMI 1 middleware and services by the end of April 2013. The members of the activity based in the Czech NGI have been working on a new method for analysing centrally stored security audit logs using cloud services. This was presented at the ISGC 2013 conference in Taipei. It is a very useful approach for the future monitoring. More work has also been done on the possible methods for achieving the security monitoring of all worker nodes in a site.  
  
The EGI CSIRT operational procedure for compromised certificates will be finalised and submitted for approval. The SVG handling procedure for post EMI/IGE will be completed.
+
Progress was made on several security procedures during the quarter. A new release of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The OMB has recently approved a new policy statement (from the Security Policy Group) on the need for sites and service operators to deploy a central security emergency suspension mechanism. This will allow the CSIRT to quickly suspend a credential involved in an ongoing security incident. An initial draft of the related procedure was produced and discussed at the EGI CSIRT face to face meeting (24/25 April). The technical implementation of this will be done later this year.
  
Security training will be given at the ISGC2013 conference in Taipei in March 2013 and SA1.2 staff will attend the EGI Community Forum to facilitate discussions on security issues.
+
The Software Vulnerability Group (SVG) continues to handle all reported vulnerabilities. This quarter a revised handling procedure for use after both EMI and IGE have ended was prepared. This was presented at the EGI Community Forum. During the quarter, 12 new vulnerabilities were handled. Five SVG advisories were issued. The security assessment of the gLite WMS was completed and the final report on this is expected soon. The assessment of CREAM is underway and will hopefully be completed soon.
  
 +
There was a lot of activity on security training and dissemination. A successful one-day security forensics training session was given in Taipei just before the ISGC2013 conference in Taipei (17 March 2013). A talk on the EGI CSIRT was also presented at ISGC 2013. Several SA1.2 staff attended the EGI Community Forum to facilitate discussions on security issues. Two posters were presented at the Community Forum (Security best practice and incident/vulnerability reporting) and a talk on SVG after EMI/IGE was also given.
  
 
= 3. Issues and Mitigation = <!-- fill the table below
 
= 3. Issues and Mitigation = <!-- fill the table below
Line 95: Line 87:
  
 
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->
 
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->
 +
 +
During the next quarter, the EGI CSIRT team will continue to work on all the current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items for QR13 are extracted from the SA1.2 plans for 2013.
 +
 +
For the Security Drills team, the final report of SSC6 will be produced and feedback given to participants. The German NGI SSC will be performed and one or more other NGI runs will be prepared.
 +
 +
For the monitoring team, a pilot implementation of site-wide monitoring will be deployed. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.
 +
 +
The SVG will act on the report on the WMS security assessment expected during the quarter and also on CREAM when this is available. The handling of vulnerabilities after the end of EMI and IGE will be tested and improvements will be made to the procedure if needed.
 +
 +
Security training courses will be given in several places including a meeting of the UK NGI site administrators. Plans will be made for training and dissemination at the EGI Technical Forum in September.
 +
 +
Work will also start on forming a better understanding of the requirements for security in federated clouds, starting with the selection of a suitable use case and deployment of monitoring and logging in the virtualised environment.

Latest revision as of 17:43, 6 January 2015

EGI Inspire Main page


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports



1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
21/02/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1337 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
21/02/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1336 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
22/03/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1370 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
26/03/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1371 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
18/04/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1415 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
24-25/04/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1432 EGI CSIRT team face to face meeting (Linkoping, Sweden) Review all activities, discuss current issues, collaborate with PRACE and EUDAT and plan for the coming months
Weekly Video conference meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly

2. Main Achievements

The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continued to meet monthly by video conference and we held our six-monthly face to face meeting in Linkoping, Sweden on 24/25 April. At that meeting we discussed the changes in procedures and approach required for dealing with security in a federated Cloud environment. Traceability continues to be of utmost importance and logging and monitoring will also be essential. We agreed that we need to start by considering some simple use cases and we identified the need to work with the EGI federated Cloud team. We invited representatives from both PRACE and EUDAT to our face to face meeting. This was very useful not only for sharing information but we also all see great benefits in working closer together in the future as we move towards a sustainable security team beyond the current projects. It was agreed that a joint EGI/PRACE/EUDAT security workshop in the autumn of 2013 would be very useful. Planning for this has started.

In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. This did however enable the Incident Response Task Force (IRTF) to work on other longer term issues. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Three "high-risk" advisories were issued to all site security contacts during the quarter.

For the Security Service Challenge (SSC) activity, improvements were made to the RT/RTIR ticketing system and the reporting modules. This work did not happen in time to produce the final report for the recent SSC6 run which will now be done next quarter. Plans were also made for two NGI SSC runs. An SSC of 11 sites in the UK NGI was successfully carried out in March. All sites performed well and detailed feedback is under preparation. The German NGI will run the next SSC.

The security monitoring sub-group was active during the quarter but with reduced effort. A new release of Pakiti was made during the quarter. Developments were also made to security monitoring to track all SVG and CSIRT alerts and advisories as required and for the retirement of EMI 1 middleware and services by the end of April 2013. The members of the activity based in the Czech NGI have been working on a new method for analysing centrally stored security audit logs using cloud services. This was presented at the ISGC 2013 conference in Taipei. It is a very useful approach for the future monitoring. More work has also been done on the possible methods for achieving the security monitoring of all worker nodes in a site.

Progress was made on several security procedures during the quarter. A new release of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The OMB has recently approved a new policy statement (from the Security Policy Group) on the need for sites and service operators to deploy a central security emergency suspension mechanism. This will allow the CSIRT to quickly suspend a credential involved in an ongoing security incident. An initial draft of the related procedure was produced and discussed at the EGI CSIRT face to face meeting (24/25 April). The technical implementation of this will be done later this year.

The Software Vulnerability Group (SVG) continues to handle all reported vulnerabilities. This quarter a revised handling procedure for use after both EMI and IGE have ended was prepared. This was presented at the EGI Community Forum. During the quarter, 12 new vulnerabilities were handled. Five SVG advisories were issued. The security assessment of the gLite WMS was completed and the final report on this is expected soon. The assessment of CREAM is underway and will hopefully be completed soon.

There was a lot of activity on security training and dissemination. A successful one-day security forensics training session was given in Taipei just before the ISGC2013 conference in Taipei (17 March 2013). A talk on the EGI CSIRT was also presented at ISGC 2013. Several SA1.2 staff attended the EGI Community Forum to facilitate discussions on security issues. Two posters were presented at the Community Forum (Security best practice and incident/vulnerability reporting) and a talk on SVG after EMI/IGE was also given.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

During the next quarter, the EGI CSIRT team will continue to work on all the current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items for QR13 are extracted from the SA1.2 plans for 2013.

For the Security Drills team, the final report of SSC6 will be produced and feedback given to participants. The German NGI SSC will be performed and one or more other NGI runs will be prepared.

For the monitoring team, a pilot implementation of site-wide monitoring will be deployed. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.

The SVG will act on the report on the WMS security assessment expected during the quarter and also on CREAM when this is available. The handling of vulnerabilities after the end of EMI and IGE will be tested and improvements will be made to the procedure if needed.

Security training courses will be given in several places including a meeting of the UK NGI site administrators. Plans will be made for training and dissemination at the EGI Technical Forum in September.

Work will also start on forming a better understanding of the requirements for security in federated clouds, starting with the selection of a suitable use case and deployment of monitoring and logging in the virtualised environment.