From EGIWiki
Revision as of 17:37, 1 August 2013 by Dkelsey (talk | contribs) (4. Plans for the next period)
Jump to: navigation, search
Main operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security

Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports

1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
16/05/2013 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
16/05/2013 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
20/06/2013 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
27/06/2013 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
18/07/2013 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly Video conference meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly

2. Main Achievements

The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continued to meet monthly by video conference. It was agreed that a joint EGI/PRACE/EUDAT security workshop in the autumn of 2013 would be very useful. Planning for this has started.

In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. This did however enable the Incident Response Task Force (IRTF) to work on other longer term issues. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Three "high-risk" advisories were issued to all site security contacts during the quarter.

For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was successfully carried out in March. The German NGI will run the next SSC. Plans for training at EGI TF.

The security monitoring sub-group Developments were also made to security monitoring to track all SVG and CSIRT alerts and advisories as required. Training at EGI TF.

Progress was made on several security procedures during the quarter. A new release of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The OMB has recently approved a new policy statement (from the Security Policy Group) on the need for sites and service operators to deploy a central security emergency suspension mechanism. This will allow the CSIRT to quickly suspend a credential involved in an ongoing security incident.

The Software Vulnerability Group (SVG) continues to handle all reported vulnerabilities. This quarter a revised handling procedure for use after both EMI and IGE have ended was prepared. This was presented at the EGI Community Forum. During the quarter, 12 new vulnerabilities were handled. Five SVG advisories were issued. The security assessment of the gLite WMS was completed and the final report on this is expected soon. The assessment of CREAM is underway and will hopefully be completed soon.

There was a lot of activity on security training and dissemination. A successful one-day security forensics training session was given at RAL in the UK. Several SA1.2 staff attended the EGI Community Forum to facilitate discussions on security issues. Two posters were presented at the Community Forum (Security best practice and incident/vulnerability reporting) and a talk on SVG after EMI/IGE was also given.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

During the next quarter, the EGI CSIRT team will continue to work on all the current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items for QR13 are extracted from the SA1.2 plans for 2013.

For the Security Drills team, the final report of SSC6 will be produced and feedback given to participants. The German NGI SSC will be performed and one or more other NGI runs will be prepared.

For the monitoring team, a pilot implementation of site-wide monitoring will be deployed. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.

The SVG will act on the report on the WMS security assessment expected during the quarter and also on CREAM when this is available. The handling of vulnerabilities after the end of EMI and IGE will be tested and improvements will be made to the procedure if needed.

Security training courses will be given in several places including a meeting of the UK NGI site administrators. Plans will be made for training and dissemination at the EGI Technical Forum in September.

Work will also start on forming a better understanding of the requirements for security in federated clouds, starting with the selection of a suitable use case and deployment of monitoring and logging in the virtualised environment.