Difference between revisions of "EGI-InSPIRE:SA1.2-QR13"
Line 51: | Line 51: | ||
In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Two "critical" advisories were issued to all site security contacts during the quarter. One of these, a Linux kernel vulnerability CVE-2013-2094, resulted in a large amount of work for the CSIRT in monitoring and handling the requirement for sites to install patches or to deploy suitable mitigations. | In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Two "critical" advisories were issued to all site security contacts during the quarter. One of these, a Linux kernel vulnerability CVE-2013-2094, resulted in a large amount of work for the CSIRT in monitoring and handling the requirement for sites to install patches or to deploy suitable mitigations. | ||
For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was | For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was produced. The German NGI will run the next SSC. Plans for training other NGIs to run SSCs will be given at the EGI Technical Forum in September. | ||
The security monitoring sub-group | The security monitoring sub-group was very busy developing probes to track all SVG and CSIRT alerts and advisories as required, in particular for CVE-2013-2094. Training has been planned at the EGI Technical Forum in security logging and auditing. | ||
Progress was made on several security procedures during the quarter. | Progress was made on several security procedures during the quarter. An updated version of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The requirements for VO security contacts and mail lists were documented and are close to approval. | ||
The Software Vulnerability Group (SVG) | The Software Vulnerability Group (SVG) continued to handle all reported vulnerabilities. During the quarter, xx new vulnerabilities were handled. One SVG advisories was issued. The final report on the security assessment of the gLite WMS is still awaited and the assessment of CREAM has been continuing. | ||
Activity on security training and dissemination included a successful one-day security forensics training session given at RAL in the UK. Plans were made for several security training sessions at the September EGI Technical Forum. An EGI Security update has been planned for presentation at the Technical Forum, covering all aspects of operational security. | |||
= 3. Issues and Mitigation = <!-- fill the table below | = 3. Issues and Mitigation = <!-- fill the table below |
Revision as of 18:42, 1 August 2013
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Inspire reports menu: | Home • | SA1 weekly Reports • | SA1 Task QR Reports • | NGI QR Reports • | NGI QR User support Reports |
1. Task Meetings
Date (dd/mm/yyyy) | Url Indico Agenda | Title | Outcome |
---|---|---|---|
16/05/2013 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1669 | EGI SVG Monthly meeting | Review activities of the previous month and plan for the coming month |
16/05/2013 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1668 | EGI CSIRT team Monthly meeting | Review activities of the previous month and plan for the coming month |
20/06/2013 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1725 | EGI SVG Monthly meeting | Review activities of the previous month and plan for the coming month |
27/06/2013 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1733 | EGI CSIRT team monthly meeting | Review activities of the previous month and plan for the coming month |
18/07/2013 | https://www.egi.eu/indico/conferenceDisplay.py?confId=1774 | EGI CSIRT team monthly meeting | Review activities of the previous month and plan for the coming month |
Weekly Video conference meetings (every Monday) | Minutes recorded in EGI CSIRT private wiki (not publicly accessible) | IRTF weekly meeting | Operational security issues are reviewed weekly |
2. Main Achievements
The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continued to meet monthly by video conference.
In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Two "critical" advisories were issued to all site security contacts during the quarter. One of these, a Linux kernel vulnerability CVE-2013-2094, resulted in a large amount of work for the CSIRT in monitoring and handling the requirement for sites to install patches or to deploy suitable mitigations.
For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was produced. The German NGI will run the next SSC. Plans for training other NGIs to run SSCs will be given at the EGI Technical Forum in September.
The security monitoring sub-group was very busy developing probes to track all SVG and CSIRT alerts and advisories as required, in particular for CVE-2013-2094. Training has been planned at the EGI Technical Forum in security logging and auditing.
Progress was made on several security procedures during the quarter. An updated version of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The requirements for VO security contacts and mail lists were documented and are close to approval.
The Software Vulnerability Group (SVG) continued to handle all reported vulnerabilities. During the quarter, xx new vulnerabilities were handled. One SVG advisories was issued. The final report on the security assessment of the gLite WMS is still awaited and the assessment of CREAM has been continuing.
Activity on security training and dissemination included a successful one-day security forensics training session given at RAL in the UK. Plans were made for several security training sessions at the September EGI Technical Forum. An EGI Security update has been planned for presentation at the Technical Forum, covering all aspects of operational security.
3. Issues and Mitigation
Issue Description | Mitigation Description |
---|---|
4. Plans for the next period
During the next quarter, the EGI CSIRT team will continue to work on all the current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items for QR14 are extracted from the SA1.2 plans for 2013.
For the Security Drills team, the German NGI SSC will be performed. Training at EGI TF. and one or more other NGI runs will be prepared.
For the monitoring team, a pilot implementation of site-wide monitoring will be deployed. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.
The SVG will act on the report on the WMS security assessment expected during the quarter and also on CREAM when this is available. The handling of vulnerabilities after the end of EMI and IGE will be tested and improvements will be made to the procedure if needed.
Security training courses will be given at the EGI Technical Forum in Madrid. Plans will be made for future training and dissemination.
Work will continue on forming a better understanding of the requirements for security in federated clouds, taking forward a suitable use case and deployment of monitoring and logging in the virtualised environment.