Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI-InSPIRE:SA1.2-QR16"

From EGIWiki
Jump to navigation Jump to search
 
(23 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{Template:Op menubar}} {{Template:Inspire_reports_menubar}} {{TOC_right}}  
{{Template:EGI-Inspire menubar}}
 
{{Template:Inspire_reports_menubar}}
{{TOC_right}}
= 1. Task Meetings = <!--
= 1. Task Meetings = <!--
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings participants are ALWAYS recorded either on indico from the registrants’ list, or in the minutes.  
Line 20: Line 23:
| https://www.egi.eu/indico/conferenceDisplay.py?confId=2149  
| https://www.egi.eu/indico/conferenceDisplay.py?confId=2149  
| EGI SVG meeting  
| EGI SVG meeting  
| Review open vulnerabilities, discussion on Cloud issues and questionnaire for EGI federated cloud providers
| Mostly discussions on 3rd party software and support.
|-
|-
| 06/03/2014
| 06/03/2014
| https://www.egi.eu/indico/conferenceDisplay.py?confId=2087  
| https://www.egi.eu/indico/conferenceDisplay.py?confId=2087  
| EGI CSIRT team monthly meeting  
| EGI CSIRT team meeting  
| Review activities of the previous month and plan for the coming month
| Review activities of the previous month and plan for the coming month
|-
|-
Line 30: Line 33:
| https://www.egi.eu/indico/conferenceDisplay.py?confId=2077  
| https://www.egi.eu/indico/conferenceDisplay.py?confId=2077  
| EGI SVG meeting  
| EGI SVG meeting  
| Review open vulnerabilities, discussion on Cloud issues and questionnaire for EGI federated cloud providers
| Review open vulnerabilities, discussion on future planning and discussion on Cloud issues and questionnaire for EGI federated cloud providers
|-
|-
| Weekly Video conference meetings (every Monday)
| Weekly Video conference meetings (every Monday)
Line 42: Line 45:
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (AVOID BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN AN OVERALL REPORT)
-->
-->
* Monitoring - Proposed Pakiti clients on services for Heartbleed. Argus monitoring probe developed. Preparing for monitoring training in CF 2014.
 
The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continues to meet regularly by video conference and two or three times a year in a face to face meeting.
 
For the Incident Response Task Force (IRTF) two security incidents were handled during the quarter.  The IRTF also continued to track new security vulnerabilities in operating systems and other non-Grid software, and chase sites who were vulnerable to previously announced problems. The most important was the OpenSSL Heartbleed bug (also known as vulnerability CVE-2014-0160) announced to the world on 7th April 2014. Advisories were quickly distributed to all sites and VOs. Monitoring was developed and used and encouragement was given  to ensure that all service operators performed the necessary remedial actions and updates in a timely manner.
 
Much of the free time available to members of the CSIRT, i.e. that not being spent on daily operations tasks, has been devoted this quarter to understanding the security environment and required changes to policies and procedures of the EGI Federated Cloud activities. The security risk assessment for this new technology is only just underway and is looking at issues of trust, logging, traceability, responsibilities, monitoring, incident handling etc. It is worth noting that we were not able to allocate enough resource to Cloud Security and that we got involved rather late in this activity (January 2014) .
 
We were still not able to run any Security Service Challenges during the quarter, partly due to lack of effort and partly because the required changes to the technical infrastructure only came late in the quarter. We now plan to run some national challenges in the coming months.
 
The security monitoring activity has worked on tools to integrate results from Nagios and Pakiti into the dashboard. Following on from earlier work on site-wide Pakiti monitoring and the handling of the Heartbleed OpenSSL vulnerability, a proposal was made to install Pakiti clients on site services. An Argus monitoring probe was developed. Preparations were made for security monitoring training in the Community Forum 2014.
 
The Software Vulnerability Group (SVG) continues to handle reported vulnerabilities. This quarter 6 new vulnerabilities were reported, including the OpenSSL heartbleed vulnerability, which SVG was involved in alongside CSIRT. This was considered 'Critical'. The WN tarball was found to contain this vulnerability, and this was fixed promptly. SVG issued 4 advisories (partly as a result of resolution of vulnerabilities reported prior to this reporting quarter) and 2 CSIRT alerts were also issued (drafted by SVG).  A further vulnerability was found in Torque and SVG members produced another new version in the 'SVG fixes' area of the AppDB area of the EGI UMD. https://appdb.egi.eu/store/software/software.vulnerability.group
 
SVG members have been involved in producing 2 questionnaires related to EGI Federated Cloud Security. One for technology providers, and one for Cloud Resource Providers. These questionnaires are aimed at ensuring that the emerging Cloud infrastructure is able to comply with EGI Security Policies, and provide a similar level of assurance concerning security as the EGI Infrastructure based on Grid Technology.
 
A successful security training workshop was provided on the Sunday before the ISGC 2014 conference in Taipei. Twenty people attended this training event which consisted of lectures and hands-on exercises on best practice for managing the security of Linux clusters.  Plans were also made for security training sessions at the EGI Community Forum in Helsinki.


= 3. Issues and Mitigation = <!-- fill the table below
= 3. Issues and Mitigation = <!-- fill the table below
Line 61: Line 79:
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->  
= 4. Plans for the next period = <!-- provide your text below. PLEASE PROVIDE TEXT IN A GOOD EDITED FORM (NO BULLET LISTS OF SHORT ITEMS THAT REQUIRE EXPANSION WHEN INSERTED IN A REPORT) -->  


[[Category:SA1_Task_QR_Reports]]


*monitoring - mechanism to evaluate results from Pakiti and Nagios to provide single result. Site wide pakiti and document rules and procedures.
 
The next quarter is beyond the end of funding by EGI-InSPIRE for the operational security tasks. Activity will continue in most areas with funding by NGIs and the central EGI.eu funding for security coordination.
 
In addition to all of the ongoing security operational tasks, e.g. IRTF and SVG, the main area of work will be in the EGI Federated Cloud Security Threat Risk assessment. This should provide some indication of where the highest risk threats are concerning EGI Federated cloud security. As time permits, our policies and procedures will be modified to take account of this new environment.
 
Work on security monitoring will include finalising the mechanisms to evaluate the results from Pakiti and Nagios to provide single result. Site wide pakiti will be deployed more widely and the related rules and procedures will be documented.
 
Security Service challenges will be performed in at least two NGIs.
 
SVG will continue the Vulnerability issue handling usual. SVG will invite some members of the EGI Federated Cloud task force to be members of the SVG.  SVG along with CSIRT plans to finalize and get approval for the Cloud questionnaires.

Latest revision as of 17:44, 6 January 2015

EGI Inspire Main page


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports



1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
15/04/2014 https://www.egi.eu/indico/conferenceDisplay.py?confId=2163 EGI CSIRT team face to face meeting (15-17th April 2014) in Abingdon, UK. Review activities of the previous months and plans for the Horizon 2020 and the next few months
03/04/2014 https://www.egi.eu/indico/conferenceDisplay.py?confId=2149 EGI SVG meeting Mostly discussions on 3rd party software and support.
06/03/2014 https://www.egi.eu/indico/conferenceDisplay.py?confId=2087 EGI CSIRT team meeting Review activities of the previous month and plan for the coming month
20/02/2014 https://www.egi.eu/indico/conferenceDisplay.py?confId=2077 EGI SVG meeting Review open vulnerabilities, discussion on future planning and discussion on Cloud issues and questionnaire for EGI federated cloud providers
Weekly Video conference meetings (every Monday) Minutes recorded in EGI CSIRT private wiki (not publicly accessible) IRTF weekly meeting Operational security issues are reviewed weekly

2. Main Achievements

The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continues to meet regularly by video conference and two or three times a year in a face to face meeting.

For the Incident Response Task Force (IRTF) two security incidents were handled during the quarter. The IRTF also continued to track new security vulnerabilities in operating systems and other non-Grid software, and chase sites who were vulnerable to previously announced problems. The most important was the OpenSSL Heartbleed bug (also known as vulnerability CVE-2014-0160) announced to the world on 7th April 2014. Advisories were quickly distributed to all sites and VOs. Monitoring was developed and used and encouragement was given to ensure that all service operators performed the necessary remedial actions and updates in a timely manner.

Much of the free time available to members of the CSIRT, i.e. that not being spent on daily operations tasks, has been devoted this quarter to understanding the security environment and required changes to policies and procedures of the EGI Federated Cloud activities. The security risk assessment for this new technology is only just underway and is looking at issues of trust, logging, traceability, responsibilities, monitoring, incident handling etc. It is worth noting that we were not able to allocate enough resource to Cloud Security and that we got involved rather late in this activity (January 2014) .

We were still not able to run any Security Service Challenges during the quarter, partly due to lack of effort and partly because the required changes to the technical infrastructure only came late in the quarter. We now plan to run some national challenges in the coming months.

The security monitoring activity has worked on tools to integrate results from Nagios and Pakiti into the dashboard. Following on from earlier work on site-wide Pakiti monitoring and the handling of the Heartbleed OpenSSL vulnerability, a proposal was made to install Pakiti clients on site services. An Argus monitoring probe was developed. Preparations were made for security monitoring training in the Community Forum 2014.

The Software Vulnerability Group (SVG) continues to handle reported vulnerabilities. This quarter 6 new vulnerabilities were reported, including the OpenSSL heartbleed vulnerability, which SVG was involved in alongside CSIRT. This was considered 'Critical'. The WN tarball was found to contain this vulnerability, and this was fixed promptly. SVG issued 4 advisories (partly as a result of resolution of vulnerabilities reported prior to this reporting quarter) and 2 CSIRT alerts were also issued (drafted by SVG). A further vulnerability was found in Torque and SVG members produced another new version in the 'SVG fixes' area of the AppDB area of the EGI UMD. https://appdb.egi.eu/store/software/software.vulnerability.group

SVG members have been involved in producing 2 questionnaires related to EGI Federated Cloud Security. One for technology providers, and one for Cloud Resource Providers. These questionnaires are aimed at ensuring that the emerging Cloud infrastructure is able to comply with EGI Security Policies, and provide a similar level of assurance concerning security as the EGI Infrastructure based on Grid Technology.

A successful security training workshop was provided on the Sunday before the ISGC 2014 conference in Taipei. Twenty people attended this training event which consisted of lectures and hands-on exercises on best practice for managing the security of Linux clusters. Plans were also made for security training sessions at the EGI Community Forum in Helsinki.

3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

The next quarter is beyond the end of funding by EGI-InSPIRE for the operational security tasks. Activity will continue in most areas with funding by NGIs and the central EGI.eu funding for security coordination.

In addition to all of the ongoing security operational tasks, e.g. IRTF and SVG, the main area of work will be in the EGI Federated Cloud Security Threat Risk assessment. This should provide some indication of where the highest risk threats are concerning EGI Federated cloud security. As time permits, our policies and procedures will be modified to take account of this new environment.

Work on security monitoring will include finalising the mechanisms to evaluate the results from Pakiti and Nagios to provide single result. Site wide pakiti will be deployed more widely and the related rules and procedures will be documented.

Security Service challenges will be performed in at least two NGIs.

SVG will continue the Vulnerability issue handling usual. SVG will invite some members of the EGI Federated Cloud task force to be members of the SVG. SVG along with CSIRT plans to finalize and get approval for the Cloud questionnaires.