Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI-InSPIRE:SA1.2-QR14"

From EGIWiki
Jump to navigation Jump to search
 
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
{{Template:Op menubar}} {{Template:Inspire_reports_menubar}} {{TOC_right}}  
{{Template:EGI-Inspire menubar}}
 
{{Template:Inspire_reports_menubar}}
{{TOC_right}}
= 1. Task Meetings = <!--
= 1. Task Meetings = <!--
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Line 98: Line 101:
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->  
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->  


[[Category:SA1_Task_QR_Reports]]


DRAFT - NOT COMPLETED


During the next quarter, the EGI CSIRT team will continue to work on all if its current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items are mentioned.
During the next quarter, the EGI CSIRT team will continue to work on all if its current activities in the same sub-groups. A face to face meeting of the whole team will be held in The Netherlands on 2-3 December 2013. This will enable us to review all our plans for 2014, including the security implications of new services, such as federated cloud services and Globus Online.
 
Apart from the usual ongoing regular operational duties, the following items are mentioned.


For IRTF, planning will continue for incident handling beyond the end of EGI-InSPIRE. A joint meeting between EGI CSIRT and security staff from PRACE and EUDAT is planned for October. Future cooperation on security operations will be one of the topics to be discussed there.
For IRTF, planning will continue for incident handling beyond the end of EGI-InSPIRE. Joint discussions on this topic with PRACE and EUDAT will continue.


For the Security Drills team, the German NGI SSC will be performed. Training will be given at the EGI Technical Forum to help other NGIs prepare for and operate their own SSC.
For the Security Drills team, the Italian NGI SSC will be performed.Plans will be made for the next set of NGI SSC's.


For the monitoring team, further testing of site-wide monitoring will be performed, working towards a full-blown proposal to EGI for deployment. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.
Following the evaluation of pilot deployments of the site-wide Pakiti installation, a full-blown proposal for its deployment in EGI will be provided. We will finish the mechanism for better processing and aggregation of results produced by Pakiti and Nagios, which will limit the number of false-positive alerts.


The SVG will consider how to improve distribution/version handling and tracking. Revision of the vulnerability issue handling document will take place now that the post-EMI/IGE situation is clearer, and will take account of other changes that are happening. The SVG will act on the reports on the WMS and CREAM security assessments when these become available.
SVG will prepare a report on the vulnerability assessments that have happened, referring back to the original plans made in early 2011. It should be noted that all the software which was planned to be assessed in this original plan has had their assessments completed or they are currently in progress. Plans will be made for which pieces of software should have priority for the future, assuming this activity is able continue.  This will probably include one or more of Data Management and software enabling cloud federation. Engagement with the EGI Federated cloud team is required, including invitations to join the RAT.  


The Emergency Suspension document will be finalised and OMB approval will be sought. First implementation of the suspension ARGUS system will either be deployed and tested or planned for the following quarter.
Work will continue on the deployment and testing of the Emergency Suspension mechanisms, including to sites and NGIs who do not (yet) run Argus.


Members of the team will attend the EGI Technical Forum in Madrid to give various security training courses and to present at and run the planned EGI security sessions. Plans will be made for future training and dissemination.
Various security training courses will be given. Italy, Prague and DFN are currently being planned. Plans will also be made for a security workshop at ISGC 2014 in Taipei (March 2014).


Work will continue on forming a better understanding of the requirements for security in federated clouds, taking forward a suitable use case and deployment of monitoring and logging in the virtualised environment.
Work will continue on forming a better understanding of the requirements for security in federated clouds. A security threat risk assessment for federated clouds is required and is scheduled for either quarter 15 or quarter 16.

Latest revision as of 18:44, 6 January 2015

EGI Inspire Main page


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports



1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
22/08/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1807 EGI CSIRT team Monthly meeting Review activities of the previous month and plan for the coming month
12/09/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1868 EGI SVG Monthly meeting Review activities of the previous month and plan for the coming month
30/10/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1927 EGI SVG monthly meeting Review activities of the previous month and plan for the coming month
31/10/2013 https://www.egi.eu/indico/conferenceDisplay.py?confId=1923 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly Video conference meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly

2. Main Achievements

The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continues to meet monthly by video conference, except that we did not have a meeting in September as we had a security session that month at the EGI Technical Forum in Madrid.

For the Incident Response Task Force (IRTF) 4 security incidents were handled during the quarter. Three of these related to stolen ssh passwords while one was as the result of a brute-force ssh scanner. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software, and chase sites who were vulnerable to previously announced problems. A joint security training event and security workshop between EGI and security staff from PRACE and EUDAT was held on 7-9 October 2013 in Linkoping, Sweden. This was a very useful and successful meeting and plans for future closer cooperation on security operations were discussed.

For the Security Drills team, it was not yet possible to run the NGI Security Service Challenge (SSC) in Germany. A successful training session at the EGI Technical Forum helped a number of other NGIs prepare for their own SSC. Plans are now well underway for the next NGI SSC in Italy.

For the monitoring team, further testing of site-wide monitoring took place at the pilot site (KIT, Germany). The next step will be to deploy more pilot sites allowing a move towards a full delpoyment across EGI. A new version of Pakiti was deployed with an implementation of better mechanisms for collecting data from the sites. Currently the probes report to both the old and the new servers. New NAGIOS probes were developed and deployed to monitor new critical vulnerabilities from SVG. A new mechanism for processing data for the dashboard was agreed during the EGI TF and when ready this will allow better viewing of security issues in a single place.

Experience of handling vulnerabilities after the end of EMI and IGE shows that the Software Vulnerabiliy Group (SVG) communication and handling procedures are still working well. No changes to the SVG procedures are needed. The SVG risk assessment team suffers from lack of effort available for performing the risk assessments. During the quarter, 11 new vulnerabilities were handled, including one critical and 6 high-risk issues. SVG issued 6 public advisories and one advisory that went to all EGI sites. The security assessment of CREAM-CE was completed and reported at the EGI TF. The vast majority of problems found have now been fixed. The assessment of WMS was peformed but the team doing this work were not happy with the results and wish to revisit this. In the mean time work has started on an assessment of middleware from UNICORE.

The Emergency Suspension procedures document was finalised and approved by OMB in its September 2013 meeting. The Italian NGI has successfully deployed an NGI Argus server which is correctly handling the suspended credentials out to Italian sites who also run Argus. The next step is to implement a mechanism for deployment at sites not running Argus.

Many members of the CSIRT team attended the EGI Technical Forum in Madrid in September. Three security training courses were successfully given and all security activities (operational and policy) were presented and discussed at an open session. Training was also given at the GridKa school in August. Plans have been made for a number of future training and dissemination events.

There was little time to make much progress on forming a better understanding of the requirements for security in federated clouds, particularly as we had no private face to face meeting during the quarter. This will be a topic for dicussion at the next face to face meeting in December 2013.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

During the next quarter, the EGI CSIRT team will continue to work on all if its current activities in the same sub-groups. A face to face meeting of the whole team will be held in The Netherlands on 2-3 December 2013. This will enable us to review all our plans for 2014, including the security implications of new services, such as federated cloud services and Globus Online.

Apart from the usual ongoing regular operational duties, the following items are mentioned.

For IRTF, planning will continue for incident handling beyond the end of EGI-InSPIRE. Joint discussions on this topic with PRACE and EUDAT will continue.

For the Security Drills team, the Italian NGI SSC will be performed.Plans will be made for the next set of NGI SSC's.

Following the evaluation of pilot deployments of the site-wide Pakiti installation, a full-blown proposal for its deployment in EGI will be provided. We will finish the mechanism for better processing and aggregation of results produced by Pakiti and Nagios, which will limit the number of false-positive alerts.

SVG will prepare a report on the vulnerability assessments that have happened, referring back to the original plans made in early 2011. It should be noted that all the software which was planned to be assessed in this original plan has had their assessments completed or they are currently in progress. Plans will be made for which pieces of software should have priority for the future, assuming this activity is able continue. This will probably include one or more of Data Management and software enabling cloud federation. Engagement with the EGI Federated cloud team is required, including invitations to join the RAT.

Work will continue on the deployment and testing of the Emergency Suspension mechanisms, including to sites and NGIs who do not (yet) run Argus.

Various security training courses will be given. Italy, Prague and DFN are currently being planned. Plans will also be made for a security workshop at ISGC 2014 in Taipei (March 2014).

Work will continue on forming a better understanding of the requirements for security in federated clouds. A security threat risk assessment for federated clouds is required and is scheduled for either quarter 15 or quarter 16.