|
|
| (9 intermediate revisions by 4 users not shown) |
| Line 2: |
Line 2: |
| {{TOC_right}} | | {{TOC_right}} |
|
| |
|
| == EGI CSIRT Mission == | | == EGI CSIRT == |
|
| |
|
| The EGI CSIRT covers all aspects of operational security aimed at achieving a ''secure infrastructure'' within EGI and relies on ResourceCenter and NGI security contact information maintained in the GOCDB by each NGI. The EGI CSIRT ensures both the coordination with peer grids and with the NGIs and NREN CSIRTs. The EGI CSIRT acts as a forum to combine efforts and resources from the NGIs in different areas, including Infrastructure wide security monitoring, Security training and dissemination, and improvements in responses to incidents (e.g. security drills). Each NGI will appoint an NGI Security Officer in order to provide the NGI CSIRT function. The resulting group of NGI Security Officers collaborate as part of the EGI CSIRT.
| | For all details on the EGI CSIRT, please refer to our website https://csirt.egi.eu |
|
| |
|
| The EGI CSIRT is led and coordinated by the EGI Security Officer, whose role and mission are defined by security policies approved by [[EGI]] and the [[NGI]]s.
| | == Additional resources == |
|
| |
|
| EGI CSIRT [https://documents.egi.eu/document/385 Term of Reference (ToR)]
| |
|
| |
| == Contacts ==
| |
| * [[EGI_CSIRT:Contacts#EGI_CSIRT_Contact_Information| EGI CSIRT, SVG and SPG contact information]]
| |
|
| |
| == <span style="color:#ff0000"> Incident Response </span>==
| |
| === Incident Response Task Force (IRTF) ===
| |
| https://wiki.egi.eu/wiki/EGI_CSIRT:IRTF
| |
| === Incident Response in virtualized environments ===
| |
| * Information addressing IR particularities in cloud/virtualized environments.
| |
|
| |
| === '''Communications: How To Report a Security Incident''' ===
| |
|
| |
| <!-- '''<u>This is the official and approved EGI-CSIRT procedure to be followed in case of a security incident</u>''' -->
| |
|
| |
| * Follow: '''[[EGI_CSIRT:Incident_reporting|Incident Response Procedure]]'''
| |
| *What is an [[Incident]] ?
| |
| *What to report? use [[communication template]] to report an '''Incident''' to ''' abuse .at. egi.eu'''
| |
|
| |
| === '''Incident Containment''' ===
| |
| *[[Incident Response in virtualized environments]]
| |
|
| |
| <!-- == Contacts ==
| |
|
| |
| *EGI Security Officer : Sven Gabriel [[User:sveng| sveng .at. nikhef.nl]]
| |
| *EGI CSIRTs Incident Response Task Force (IRTF); https://wiki.egi.eu/wiki/EGI_CSIRT:IRTF Use '''abuse .at. egi.eu ''' to report security incidents [https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting]. This is the contact point to IRTF
| |
| <!-- *[[EGI CSIRT:Contacts|Others contacts informations]] -->
| |
| *Contact [[EGI CSIRT:Contacts|Security Policy Group (SPG) / Security Vulnerability Group (SVG)]]
| |
| *EGI CSIRT is a '''Certified Member''' of [https://www.trusted-introducer.org/teams/egi-csirt.html Trusted Introducer] -->
| |
|
| |
| ==='''Forensics'''===
| |
| * [https://wiki.egi.eu/wiki/Forensic_Howto Forensics Howto] | | * [https://wiki.egi.eu/wiki/Forensic_Howto Forensics Howto] |
|
| |
| == EGI CSIRT Operation Policies and Procedures ==
| |
| Operational [[EGI CSIRT:Policies|Procedures]] approved by the OMB and PMB of interest for sites and users.
| |
|
| |
| ALL EGI sites are required to follow these procedures in order to report and handle Grid-related security incident. We strongly encourage all the security contacts and system administrators to have a printed copy of all of them.
| |
|
| |
| EGI CSIRT is involved in the ''[https://wiki.egi.eu/wiki/PROC09 Resource Centre Registration and Certification]'' process. To pass the #7 step of the process the site must fulfill the EGI [[EGI CSIRT:Security Certification|security certification]] requirements.
| |
|
| |
| === Central-emergency-suspension===
| |
|
| |
| [[EGI_CSIRT:central_emergency_suspension| EGI Central emergency suspension]] wiki
| |
|
| |
| == EGI Advisories and Alerts ==
| |
|
| |
| Security alerts and/or security advisories are sent to all EGI site security contacts or NGI security officers by EGI CSIRT or the EGI Software Vulnerability Group (SVG_ using either an EGI broadcasting tool or a pre-established mailing list. They are listed on [https://wiki.egi.eu/wiki/SVG:Advisories SVG Advisories page]. They may cover a wide range of software, including '''but not limited to''' the EGI middleware.
| |
|
| |
| == EGI CSIRT Members ==
| |
| You can find contact information of the team members [https://wiki.egi.eu/wiki/EGI_CSIRT:Members here]
| |
|
| |
| == RFC-2350 ==
| |
| [https://wiki.egi.eu/wiki/EGI_CSIRT:RFC_2350 RFC-2350 Document] and [https://www.trusted-introducer.org/teams/egi-csirt.html Trusted Introducer entry]
| |
The wiki is deprecated and due to be decommissioned by the end of September 2022.