EGI-InSPIRE:SA1.2-QR8

From EGIWiki
Revision as of 17:18, 27 April 2012 by Mingchao (talk | contribs) (Created page with "= 1. Task Meetings = <!-- Notes. Report here all task-specific meetings held. This includes (a) face-to-face meetings and (b) phone meetings. Make sure that for all task meetings...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
23-24/04/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=812 EGI CSIRT face to face meeting activities review and plan
20/04/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=1018 The EGI Security Assessment Group - ratings discussion Discuss EGI security assessment document
22/03/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=962 EGI CSIRT team Monthly meeting Review previous month activities and plan for the coming month
23/03/20112 https://www.egi.eu/indico/conferenceDisplay.py?confId=959 EGI SVG Monthly meeting Review previous month activities and plan for the coming month
23/02/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=826 EGI CSIRT team monthly meeting Review previous month activities and plan for the coming month
16/02/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=822 EGI SVG Monthly meeting Review previous month activities and plan for the coming month
15/02/2012 https://www.egi.eu/indico/conferenceDisplay.py?confId=816 The EGI Security Threat Risk Assessment kickoff meeting EGI risk assessment

EGI CSIRT also has a weekly operation meeting on EVO. The minutes is recorded in EGI CSIRT private wiki (not publicly accessable)

2. Main Achievements

SA1.2 2012 roadmap was discussed and agreed roadmap is now online. The second release of security dashboard was made avaliable before Christmas of 2011. Some important improvement has been made. The improvement of security dashboard continues and it is expected to be in full production by end of Q1 of 2012. The the development of security challenge framework continue. The SSC5 NGI run is expected to start in the Q1 of 2012. The next CSIRT 2 days face to face meeting will be held at CNAF in Bologna, Italy.

SVG has improved co-ordination of fixing of issues and release of advisories, with EMI and EGI DMSU, to ensure advisories issued when software is released, this has made significant progress. SVG received the report on the Vulnerability Assessment of VOMS core from EMI.

EGI delivery D4.4 was completed and went to the external reviewers on 2nd January 2012. Comments from the reviewers received on 14th January. These have been addressed and the document has been finalized.

In this quarter, CSIRT has issued two security alerts, one is critical and one is high risk and handled 3 security incidents; SVG has handled 11 reported vulnerabilities and issued 4 advisories.


3. Issues and Mitigation

Issue Description Mitigation Description

4. Plans for the next period

CSIRT will continue working with security dashboard developers. The security dashboard will be in full production by end of Q1 of 2012. Domain name of CSIRT Nagios box will be migrated from current srv-102.afroditi.hellasgrid.gr into *.egi.eu domain, no service interruption is expected. SSC5 regional run in NGIs, to pilot at least one NGI run in Q1 of 2012, and assist NGI security officers for their regional runs after the initial pilot.

SVG will continue issue handling and improving usage of the EGI RT tracker to allow better reporting, including metrics. Discussion and plans on what should be done to assess new software, e.g. software from providers with which EGI is forming a relationship. EMI starting on Security Vulnerability Assessment of WMS.

The chair of SVG will co-ordinate the EGI Security Threat Risk Assessment described in D4.4.