From EGIWiki
Revision as of 19:15, 3 February 2014 by Dkelsey (talk | contribs) (First draft)
Jump to: navigation, search
Main operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security

Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports

1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
02/12/2013 EGI CSIRT team face to face meeting (2-3 Dec 2013) in Bergen Aan Zee, NL Review activities of the previous month and plan for the coming month
09/01/2014 EGI SVG monthly meeting Review activities of the previous month and plan for the coming month
30/01/2014 EGI CSIRT team monthly meeting Review activities of the previous month and plan for the coming month
Weekly Video conference meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly

2. Main Achievements

DRAFT at this point.

The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continues to meet monthly by video conference, except that the November and December meetings were combined into one two-day face to face meeting at the start of December. This meeting also involved participation by security experts from PRACE and EUDAT, continuing our growing collaboration with these infrastructures.

For the Incident Response Task Force (IRTF) x security incidents were handled during the quarter. This more than in recent quarters and suggests that there are a growing number of sites not applying timely security patches. ?Three of these related to stolen ssh passwords while one was as the result of a brute-force ssh scanner? The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software, and chase sites who were vulnerable to previously announced problems.

For the Security Drills team, we were not able to run the planned NGI Security Service Challenges (SSC) in Germany and Italy. ?Plans are now well underway for the next NGI SSC in Italy.

For the monitoring team, further testing of site-wide monitoring took place at the pilot site (KIT, Germany). The next step will be to deploy more pilot sites allowing a move towards a full delpoyment across EGI. A new version of Pakiti was deployed with an implementation of better mechanisms for collecting data from the sites. Currently the probes report to both the old and the new servers. New NAGIOS probes were developed and deployed to monitor new critical vulnerabilities from SVG. A new mechanism for processing data for the dashboard was agreed during the EGI TF and when ready this will allow better viewing of security issues in a single place.

The Software Vulnerability Group (SVG) continues to handle reported vulnerabilities. During the quarter, 5 new vulnerabilities were addressed, including one critical and 6 high-risk issues. SVG issued ? public advisories and ? advisory that went to all EGI sites. The security assessment of CREAM-CE was completed and reported at the EGI TF. The vast majority of problems found have now been fixed. The assessment of WMS was peformed but the team doing this work were not happy with the results and wish to revisit this. In the mean time work has started on an assessment of middleware from UNICORE.

The Emergency Suspension procedures document was finalised and approved by OMB in its September 2013 meeting. The Italian NGI has successfully deployed an NGI Argus server which is correctly handling the suspended credentials out to Italian sites who also run Argus. The next step is to implement a mechanism for deployment at sites not running Argus.

Plans have been made for a number of future training and dissemination events - ISGC and EGI CF

EGI federated clouds, particularly addressed first This will be a topic for dicussion at the next face to face meeting in December 2013. then Oxford meeting and questionnaire.

3. Issues and Mitigation

Issue Description Mitigation Description
Funding and effort for operational security in EGI Federated Clouds. Lots of work to do. We need more effort and funding. We will discuss with the management.

4. Plans for the next period

DRAFT at this point.

During the next quarter, the EGI CSIRT team will continue to work on all if its current activities in the same sub-groups. A face to face meeting of the whole team may be held in April if we can find a suitable date and location, if not it will have to happen after the end of EGI-InSPIRE. This meeting will review all our plans for security after EGI-InSPIRE, including the changes needed to cope with security in the EGI federated cloud service.

Apart from the usual ongoing regular operational duties, the following items are mentioned.

For IRTF, planning will continue for incident handling beyond the end of EGI-InSPIRE. Joint discussions on this topic with PRACE and EUDAT will continue.

For the Security Drills team, the German and Italian NGI SSC will be performed. Plans will be made for the next set of NGI SSC's.

Following the evaluation of pilot deployments of the site-wide Pakiti installation, a full-blown proposal for its deployment in EGI will be provided. We will finish the mechanism for better processing and aggregation of results produced by Pakiti and Nagios, which will limit the number of false-positive alerts.

SVG will prepare a report on the vulnerability assessments that have happened, referring back to the original plans made in early 2011. It should be noted that all the software which was planned to be assessed in this original plan has had their assessments completed or they are currently in progress. Plans will be made for which pieces of software should have priority for the future, assuming this activity is able continue. This will probably include one or more of Data Management and software enabling cloud federation. Engagement with the EGI Federated cloud team is required, including invitations to join the RAT.

Work will continue on the deployment and testing of the Emergency Suspension mechanisms, including to sites and NGIs who do not (yet) run Argus.

Various security training courses will be given. Plans are well advanced for a security workshop at ISGC 2014 in Taipei (March 2014) and the EGI Community Forum in May.

Work will continue on forming a better understanding of the requirements for security in federated clouds. A security threat risk assessment for federated clouds is required and will happen.