Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI-InSPIRE:SA1.2-QR7"

From EGIWiki
Jump to navigation Jump to search
Line 54: Line 54:
-->  
-->  


SA1.2 2012 roadmap was discussed and agreed [https://wiki.egi.eu/wiki/Plan_2012_SA1.2 roadmap] is now online. The second release of security dashboard was made avaliable before Christmas of 2011. Some important improvement has been made. The improvement of security dashboard continues and it is expected to be in full production by end of Q1 of 2012. The the development of security challenge framework continue. The SSC5 NGI run is expected to start in the Q1 of 2012. The next CSIRT 2 days face to face meeting will be held at CNAF in Bologna, Italy.
SA1.2 2012 roadmap was discussed and agreed [[Plan_2012_SA1.2 |roadmap]] is now online. The second release of security dashboard was made avaliable before Christmas of 2011. Some important improvement has been made. The improvement of security dashboard continues and it is expected to be in full production by end of Q1 of 2012. The the development of security challenge framework continue. The SSC5 NGI run is expected to start in the Q1 of 2012. The next CSIRT 2 days face to face meeting will be held at CNAF in Bologna, Italy.


SVG has improved co-ordination of fixing of issues and release of advisories, with EMI and EGI DMSU,  to ensure advisories issued when software is released, this has made significant progress. SVG received the report on the Vulnerability Assessment of VOMS core from EMI.
SVG has improved co-ordination of fixing of issues and release of advisories, with EMI and EGI DMSU,  to ensure advisories issued when software is released, this has made significant progress. SVG received the report on the Vulnerability Assessment of VOMS core from EMI.

Revision as of 14:41, 4 December 2012

1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
09/11/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=686 EGI D4.4 and Security Assessment planning To discuss EGI delivery D4.4
17/11/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=692 The EGI SVG monthly meeting Review previous month activities and plan for the coming month
24/11/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=696 EGI CSIRT team Monthly meeting Review previous month activities and plan for the coming month
15/12/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=715 EGI SVG Monthly meeting Review previous month activities and plan for the coming month
15/12/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=711 EGI CSIRT team monthly meeting Review previous month activities and plan for the coming month
19/12/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=801 EGI SVG Monthly meeting Review previous month activities and plan for the coming month
19/12/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=780 EGI CSIRT team monthly meeting Review previous month activities and plan for the coming month

EGI CSIRT also has a weekly operation meeting on EVO. The minutes is recorded in EGI CSIRT private wiki (not publicly accessable)

2. Main Achievements

SA1.2 2012 roadmap was discussed and agreed roadmap is now online. The second release of security dashboard was made avaliable before Christmas of 2011. Some important improvement has been made. The improvement of security dashboard continues and it is expected to be in full production by end of Q1 of 2012. The the development of security challenge framework continue. The SSC5 NGI run is expected to start in the Q1 of 2012. The next CSIRT 2 days face to face meeting will be held at CNAF in Bologna, Italy.

SVG has improved co-ordination of fixing of issues and release of advisories, with EMI and EGI DMSU, to ensure advisories issued when software is released, this has made significant progress. SVG received the report on the Vulnerability Assessment of VOMS core from EMI.

EGI delivery D4.4 was completed and went to the external reviewers on 2nd January 2012. Comments from the reviewers received on 14th January. These have been addressed and the document has been finalized.

In this quarter, CSIRT has issued two security alerts, one is critical and one is high risk and handled 3 security incidents; SVG has handled 11 reported vulnerabilities and issued 4 advisories.


3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

CSIRT will continue working with security dashboard developers. The security dashboard will be in full production by end of Q1 of 2012. Domain name of CSIRT Nagios box will be migrated from current srv-102.afroditi.hellasgrid.gr into *.egi.eu domain, no service interruption is expected. SSC5 regional run in NGIs, to pilot at least one NGI run in Q1 of 2012, and assist NGI security officers for their regional runs after the initial pilot.

SVG will continue issue handling and improving usage of the EGI RT tracker to allow better reporting, including metrics. Discussion and plans on what should be done to assess new software, e.g. software from providers with which EGI is forming a relationship. EMI starting on Security Vulnerability Assessment of WMS.

The chair of SVG will co-ordinate the EGI Security Threat Risk Assessment described in D4.4.