|Main||EGI.eu operations services||Support||Documentation||Tools||Activities||Performance||Technology||Catch-all Services||Resource Allocation||Security|
|Inspire reports menu:||Home •||SA1 weekly Reports •||SA1 Task QR Reports •||NGI QR Reports •||NGI QR User support Reports|
1. Task Meetings
|Date (dd/mm/yyyy)||Url Indico Agenda||Title||Outcome|
|16/05/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1669||EGI SVG Monthly meeting||Review activities of the previous month and plan for the coming month|
|16/05/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1668||EGI CSIRT team Monthly meeting||Review activities of the previous month and plan for the coming month|
|20/06/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1725||EGI SVG Monthly meeting||Review activities of the previous month and plan for the coming month|
|27/06/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1733||EGI CSIRT team monthly meeting||Review activities of the previous month and plan for the coming month|
|18/07/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1774||EGI CSIRT team monthly meeting||Review activities of the previous month and plan for the coming month|
|Weekly Video conference meetings (every Monday)||Minutes recorded in EGI CSIRT private wiki (not publicly accessible)||IRTF weekly meeting||Operational security issues are reviewed weekly|
2. Main Achievements
The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continues to meet monthly by video conference.
In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Two "critical" advisories were issued to all site security contacts during the quarter. One of these, a Linux kernel vulnerability CVE-2013-2094, resulted in a large amount of work for the CSIRT in monitoring and handling the requirement for sites to install patches or to deploy suitable mitigations within the defined time.
For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was produced. The German NGI will run the next SSC. Extensions have been made to the SSC framework for NGI runs in particular to add the functionality needed to do concurrent runs in different NGIs. This has been done in parallel with preparations for the NGI-DE-SSC run. Plans for training other NGIs to run their own SSC will be given at the EGI Technical Forum in September.
The security monitoring sub-group was very busy developing probes to track all SVG and CSIRT alerts and advisories as required, in particular for CVE-2013-2094. A pilot of site-wide monitoring was deployed at the KIT site, where the Pakiti client was installed on all the worker nodes to report to the EGI Pakiti server. We plan to extend the pilot to other sites over the next months. A workflow to handle security issues in GGUS has been drafted and discussed internally in the team. After minor changes it will be passed on to the GGUS team so a joint discussion could be organized at EGI TF. Training has been planned for the EGI Technical Forum in security logging and auditing.
The Software Vulnerability Group (SVG) continued to handle all reported vulnerabilities. During the quarter, 11 new vulnerabilities were handled, including 4 from the ongoing vulnerability assessment of CREAM. One SVG advisory was issued. The final report on the security assessment of the gLite WMS is still awaited and the assessment of CREAM continues.
Activity on security training and dissemination included a successful one-day security forensics training session given at RAL in the UK. Plans were made for several security training sessions at the September EGI Technical Forum. An EGI Security update session has been planned for presentation at the Technical Forum, covering all aspects of operational security. A member of the team presented the EGI-CSIRT at the Academic Track at the FIRST meeting in Bangkok. Two members of the EGI CSIRT were in the winning team of the Team Cymru Challenge at FIRST.
Progress was made on several security procedures during the quarter. Work continues on the EGI CSIRT procedure for compromised certificates and emergency suspension. A nearly final draft has been completed but still some things to clarify. The CSIRT team identified the need for easy access to VO security contact information, and a vo-security-contacts mail list. A brief document was prepared describing the requirements for this. The team has been carrying out a major re-organization of the communications and information access levels in EGI-CSIRT.
The CSIRT team helped prepare for the EGI-InSPIRE EU review and several members attended. As input to this a brief document "Security threat risk assessment, further information" was prepared. This included information on activities being carried out to reduce the impact of some of the higher risk threats.
Work continued on the Central Emergency Suspension Project. Progress has been made on the Argus server deployment scenario. NGI-level Argus servers will be difficult to be used as a replacement for a site-level Argus service so we will advise each site to run an Argus server or equivalent.
3. Issues and Mitigation
|Issue Description||Mitigation Description|
4. Plans for the next period
DRAFT - WORK IN PROGRESS During the next quarter, the EGI CSIRT team will continue to work on all the current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items for QR14 are extracted from the SA1.2 plans for 2013.
For the Security Drills team, the German NGI SSC will be performed. Training at EGI TF. and one or more other NGI runs will be prepared.
For the monitoring team, a pilot implementation of site-wide monitoring will be deployed. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.
The SVG will act on the report on the WMS security assessment expected during the quarter and also on CREAM when this is available. The handling of vulnerabilities after the end of EMI and IGE will be tested and improvements will be made to the procedure if needed.
Security training courses will be given at the EGI Technical Forum in Madrid. Plans will be made for future training and dissemination.
Work will continue on forming a better understanding of the requirements for security in federated clouds, taking forward a suitable use case and deployment of monitoring and logging in the virtualised environment.