Difference between revisions of "EGI-InSPIRE:SA1.2-QR13"

From EGIWiki
Jump to: navigation, search
(2. Main Achievements)
Line 46: Line 46:
 
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
 
Note. This is a detailed account of progress over the previous quarter of activities within  the  task.  
 
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
 
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
-->  
+
-->
 +
The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continued to meet monthly by video conference. It was agreed that a joint EGI/PRACE/EUDAT security workshop in the autumn of 2013 would be very useful. Planning for this has started.
 +
 
 +
In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. This did however enable the Incident Response Task Force (IRTF) to work on other longer term issues. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Three "high-risk" advisories were issued to all site security contacts during the quarter.
 +
 
 +
For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was successfully carried out in March. The German NGI will run the next SSC. Plans for training at EGI TF.
 +
 
 +
The security monitoring sub-group Developments were also made to security monitoring to track all SVG and CSIRT alerts and advisories as required. Training at EGI TF.
 +
 
 +
Progress was made on several security procedures during the quarter. A new release of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The OMB has recently approved a new policy statement (from the Security Policy Group) on the need for sites and service operators to deploy a central security emergency suspension mechanism. This will allow the CSIRT to quickly suspend a credential involved in an ongoing security incident.
 +
 
 +
The Software Vulnerability Group (SVG) continues to handle all reported vulnerabilities. This quarter a revised handling procedure for use after both EMI and IGE have ended was prepared. This was presented at the EGI Community Forum. During the quarter, 12 new vulnerabilities were handled. Five SVG advisories were issued. The security assessment of the gLite WMS was completed and the final report on this is expected soon. The assessment of CREAM is underway and will hopefully be completed soon.
 +
 
 +
There was a lot of activity on security training and dissemination. A successful one-day security forensics training session was given at RAL in the UK. Several SA1.2 staff attended the EGI Community Forum to facilitate discussions on security issues. Two posters were presented at the Community Forum (Security best practice and incident/vulnerability reporting) and a talk on SVG after EMI/IGE was also given.
  
 
= 3. Issues and Mitigation = <!-- fill the table below
 
= 3. Issues and Mitigation = <!-- fill the table below

Revision as of 16:35, 1 August 2013

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports



1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
16/05/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1669 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
16/05/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1668 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
20/06/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1725 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
27/06/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1733 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
18/07/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1774 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly Video conference meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly


2. Main Achievements

The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continued to meet monthly by video conference. It was agreed that a joint EGI/PRACE/EUDAT security workshop in the autumn of 2013 would be very useful. Planning for this has started.

In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. This did however enable the Incident Response Task Force (IRTF) to work on other longer term issues. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Three "high-risk" advisories were issued to all site security contacts during the quarter.

For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was successfully carried out in March. The German NGI will run the next SSC. Plans for training at EGI TF.

The security monitoring sub-group Developments were also made to security monitoring to track all SVG and CSIRT alerts and advisories as required. Training at EGI TF.

Progress was made on several security procedures during the quarter. A new release of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The OMB has recently approved a new policy statement (from the Security Policy Group) on the need for sites and service operators to deploy a central security emergency suspension mechanism. This will allow the CSIRT to quickly suspend a credential involved in an ongoing security incident.

The Software Vulnerability Group (SVG) continues to handle all reported vulnerabilities. This quarter a revised handling procedure for use after both EMI and IGE have ended was prepared. This was presented at the EGI Community Forum. During the quarter, 12 new vulnerabilities were handled. Five SVG advisories were issued. The security assessment of the gLite WMS was completed and the final report on this is expected soon. The assessment of CREAM is underway and will hopefully be completed soon.

There was a lot of activity on security training and dissemination. A successful one-day security forensics training session was given at RAL in the UK. Several SA1.2 staff attended the EGI Community Forum to facilitate discussions on security issues. Two posters were presented at the Community Forum (Security best practice and incident/vulnerability reporting) and a talk on SVG after EMI/IGE was also given.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period