Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI-InSPIRE:SA1.2-QR13"

From EGIWiki
Jump to navigation Jump to search
 
(16 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Op menubar}} {{Template:Inspire_reports_menubar}} {{TOC_right}}  
{{Template:EGI-Inspire menubar}}
 
{{Template:Inspire_reports_menubar}}
{{TOC_right}}
= 1. Task Meetings = <!--
= 1. Task Meetings = <!--
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Line 12: Line 15:
|-
|-
| 16/05/2013
| 16/05/2013
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1337
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1669
| EGI SVG Monthly meeting  
| EGI SVG Monthly meeting  
| Review activities of the previous month and plan for the coming month
| Review activities of the previous month and plan for the coming month
|-
|-
| 16/05/2013
| 16/05/2013
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1336
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1668
| EGI CSIRT team Monthly meeting  
| EGI CSIRT team Monthly meeting  
| Review activities of the previous month and plan for the coming month
| Review activities of the previous month and plan for the coming month
|-
|-
| 20/06/2013
| 20/06/2013
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1370
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1725
| EGI SVG Monthly meeting
| EGI SVG Monthly meeting
| Review activities of the previous month and plan for the coming month
| Review activities of the previous month and plan for the coming month
|-
|-
| 27/06/2013  
| 27/06/2013  
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1371
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1733
| EGI CSIRT team monthly meeting  
| EGI CSIRT team monthly meeting  
| Review activities of the previous month and plan for the coming month
| Review activities of the previous month and plan for the coming month
|-
|-
| 18/07/2013
| 18/07/2013
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1432
| https://www.egi.eu/indico/conferenceDisplay.py?confId=1774
| EGI CSIRT team face to face meeting (Linkoping, Sweden)
| EGI CSIRT team monthly meeting  
| Review all activities, discuss current issues, collaborate with PRACE and EUDAT and plan for the coming months
| Review activities of the previous month and plan for the coming month
|-
|-
| Weekly Video conference meetings (every Monday)
| Weekly Video conference meetings (every Monday)
Line 40: Line 43:
| IRTF weekly meeting
| IRTF weekly meeting
| Operational security issues are reviewed weekly
| Operational security issues are reviewed weekly
|}




Line 45: Line 49:
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
-->  
-->
The work of the EGI CSIRT (TSA1.2), as ever, is split into several
sub-groups, each of which is reported on here. The whole team continues
to meet monthly by video conference.
 
In operational security in EGI, this was a quiet quarter in the sense
that no security incidents were reported or handled. The IRTF continued
to track new security vulnerabilities in operating systems and other
non-Grid software. Two "critical" advisories were issued to all site
security contacts during the quarter. One of these, a Linux kernel
vulnerability CVE-2013-2094, resulted in a large amount of work for the
CSIRT in monitoring and handling the requirement for sites to install
patches or to deploy suitable mitigations within the defined time.
 
For the Security Service Challenge (SSC) activity, the final report from
the SSC of 11 sites in the UK NGI was produced. The German NGI will run
the next SSC. Extensions have been made to the SSC framework for NGI
runs in particular to add the functionality needed to do concurrent runs in
different NGIs. This has been done in parallel with preparations for the
NGI-DE-SSC run. Plans for training other NGIs to run their own SSC will
be given at the EGI Technical Forum in September.
 
The security monitoring sub-group was very busy developing probes to
track all SVG and CSIRT alerts and advisories as required, in particular
for CVE-2013-2094. A pilot of site-wide monitoring was deployed at the
KIT site, where the Pakiti client was installed on all the worker nodes
to report to the EGI Pakiti server. We plan to extend the pilot to other
sites over the next months. A workflow to handle security issues in GGUS
has been drafted and discussed internally in the team. After minor
changes it will be passed on to the GGUS team so a joint discussion
could be organized at EGI TF. Training has been planned for the EGI
Technical Forum in security logging and auditing.
 
The Software Vulnerability Group (SVG) continued to handle all reported
vulnerabilities. During the quarter, 11 new vulnerabilities were
handled, including 4 from the ongoing vulnerability assessment of CREAM.
One SVG advisory was issued. The final report on the security assessment
of the gLite WMS is still awaited and the assessment of CREAM continues.
 
Activity on security training and dissemination included a successful
one-day security forensics training session given at RAL in the UK.
Plans were made for several security training sessions at the September
EGI Technical Forum. An EGI Security update session has been planned for
presentation at the Technical Forum, covering all aspects of operational
security. A member of the team presented the EGI-CSIRT at the Academic
Track at the FIRST meeting in Bangkok. Two members of the EGI CSIRT were in
the winning team of the Team Cymru Challenge at FIRST.
 
Progress was made on several security procedures during the quarter.
Work continues on the EGI CSIRT procedure for compromised certificates
and emergency suspension. A nearly final draft has been completed but
still some things to clarify. The CSIRT team identified the need for
easy access to VO security contact information, and a
vo-security-contacts mail list. A brief document was prepared describing
the requirements for this. The team has been carrying out a major
re-organization of the communications and information access levels in
EGI-CSIRT.
 
The CSIRT team helped prepare for the EGI-InSPIRE EU review and several
members attended. As input to this a brief document "Security threat
risk assessment, further information" was prepared. This included
information on activities being carried out to reduce the impact of some
of the higher risk threats.
 
Work continued on the Central Emergency Suspension Project. Progress has
been made on the Argus server deployment scenario. NGI-level Argus
servers will be difficult to be used as a replacement for a site-level
Argus service so we will advise each site to run an Argus server or
equivalent.


= 3. Issues and Mitigation = <!-- fill the table below
= 3. Issues and Mitigation = <!-- fill the table below
Line 64: Line 136:
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->  
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->  


[[Category:SA1_Task_QR_Reports]]
 
 
During the next quarter, the EGI CSIRT team will continue to work on all if its current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items are mentioned.
 
For IRTF, planning will continue for incident handling beyond the end of EGI-InSPIRE. A joint meeting between EGI CSIRT and security staff from PRACE and EUDAT is planned for October. Future cooperation on security operations will be one of the topics to be discussed there.
 
For the Security Drills team, the German NGI SSC will be performed. Training will be given at the EGI Technical Forum to help other NGIs prepare for and operate their own SSC.
 
For the monitoring team, further testing of site-wide monitoring will be performed, working towards a full-blown proposal to EGI for deployment. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.
 
The SVG will consider how to improve distribution/version handling and tracking. Revision of the vulnerability issue handling document will take place now that the post-EMI/IGE situation is clearer, and will take account of other changes that are happening. The SVG will act on the reports on the WMS and CREAM security assessments when these become available.
 
The Emergency Suspension document will be finalised and OMB approval will be sought. First implementation of the suspension ARGUS system will either be deployed and tested or planned for the following quarter.
 
Members of the team will attend the EGI Technical Forum in Madrid to give various security training courses and to present at and run the planned EGI security sessions. Plans will be made for future training and dissemination.
 
Work will continue on forming a better understanding of the requirements for security in federated clouds, taking forward a suitable use case and deployment of monitoring and logging in the virtualised environment.

Latest revision as of 17:43, 6 January 2015

EGI Inspire Main page


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports



1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
16/05/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1669 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
16/05/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1668 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
20/06/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1725 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
27/06/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1733 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
18/07/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1774 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly Video conference meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly


2. Main Achievements

The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continues to meet monthly by video conference.

In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Two "critical" advisories were issued to all site security contacts during the quarter. One of these, a Linux kernel vulnerability CVE-2013-2094, resulted in a large amount of work for the CSIRT in monitoring and handling the requirement for sites to install patches or to deploy suitable mitigations within the defined time.

For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was produced. The German NGI will run the next SSC. Extensions have been made to the SSC framework for NGI runs in particular to add the functionality needed to do concurrent runs in different NGIs. This has been done in parallel with preparations for the NGI-DE-SSC run. Plans for training other NGIs to run their own SSC will be given at the EGI Technical Forum in September.

The security monitoring sub-group was very busy developing probes to track all SVG and CSIRT alerts and advisories as required, in particular for CVE-2013-2094. A pilot of site-wide monitoring was deployed at the KIT site, where the Pakiti client was installed on all the worker nodes to report to the EGI Pakiti server. We plan to extend the pilot to other sites over the next months. A workflow to handle security issues in GGUS has been drafted and discussed internally in the team. After minor changes it will be passed on to the GGUS team so a joint discussion could be organized at EGI TF. Training has been planned for the EGI Technical Forum in security logging and auditing.

The Software Vulnerability Group (SVG) continued to handle all reported vulnerabilities. During the quarter, 11 new vulnerabilities were handled, including 4 from the ongoing vulnerability assessment of CREAM. One SVG advisory was issued. The final report on the security assessment of the gLite WMS is still awaited and the assessment of CREAM continues.

Activity on security training and dissemination included a successful one-day security forensics training session given at RAL in the UK. Plans were made for several security training sessions at the September EGI Technical Forum. An EGI Security update session has been planned for presentation at the Technical Forum, covering all aspects of operational security. A member of the team presented the EGI-CSIRT at the Academic Track at the FIRST meeting in Bangkok. Two members of the EGI CSIRT were in the winning team of the Team Cymru Challenge at FIRST.

Progress was made on several security procedures during the quarter. Work continues on the EGI CSIRT procedure for compromised certificates and emergency suspension. A nearly final draft has been completed but still some things to clarify. The CSIRT team identified the need for easy access to VO security contact information, and a vo-security-contacts mail list. A brief document was prepared describing the requirements for this. The team has been carrying out a major re-organization of the communications and information access levels in EGI-CSIRT.

The CSIRT team helped prepare for the EGI-InSPIRE EU review and several members attended. As input to this a brief document "Security threat risk assessment, further information" was prepared. This included information on activities being carried out to reduce the impact of some of the higher risk threats.

Work continued on the Central Emergency Suspension Project. Progress has been made on the Argus server deployment scenario. NGI-level Argus servers will be difficult to be used as a replacement for a site-level Argus service so we will advise each site to run an Argus server or equivalent.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

During the next quarter, the EGI CSIRT team will continue to work on all if its current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items are mentioned.

For IRTF, planning will continue for incident handling beyond the end of EGI-InSPIRE. A joint meeting between EGI CSIRT and security staff from PRACE and EUDAT is planned for October. Future cooperation on security operations will be one of the topics to be discussed there.

For the Security Drills team, the German NGI SSC will be performed. Training will be given at the EGI Technical Forum to help other NGIs prepare for and operate their own SSC.

For the monitoring team, further testing of site-wide monitoring will be performed, working towards a full-blown proposal to EGI for deployment. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.

The SVG will consider how to improve distribution/version handling and tracking. Revision of the vulnerability issue handling document will take place now that the post-EMI/IGE situation is clearer, and will take account of other changes that are happening. The SVG will act on the reports on the WMS and CREAM security assessments when these become available.

The Emergency Suspension document will be finalised and OMB approval will be sought. First implementation of the suspension ARGUS system will either be deployed and tested or planned for the following quarter.

Members of the team will attend the EGI Technical Forum in Madrid to give various security training courses and to present at and run the planned EGI security sessions. Plans will be made for future training and dissemination.

Work will continue on forming a better understanding of the requirements for security in federated clouds, taking forward a suitable use case and deployment of monitoring and logging in the virtualised environment.