Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @

Difference between revisions of "EGI CSIRT:Monitoring"

From EGIWiki
Jump to navigation Jump to search
({{From OSCT wiki|}})
(Replaced content with '{{Egi-csirt-header}} No internal information needed so far. See the public version for general description of the activity.')
Line 1: Line 1:
{{Under construction|Security monitoring}}
Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents. The OSCT contributes to the security monitoring of the EGEE infrastructure by:
No internal information needed so far. See the [[EGI_CSIRT:SMG|public version]] for general description of the activity.
* promoting a set of existing monitoring tools as part of its [[EGI_CSIRT:dissemination|dissemination]] activity;
* performing different tests using the [ SAM] framework.
== Security monitoring tools ==
The OSCT highly recommends all sites to deploy a coherent set of security monitoring tools. Such a local approach enables the service managers at each sites to perform a detailed level of monitoring to detect possible change of patterns. More details, as well as a list of several useful tools are available as part of our dissemination activity.
== SAM Security Monitoring ==
In addition to promoting the use of security monitoring tools, as part of the Grid operations, the OSCT also uses [ SAM] to perform simple security checks at the sites.
The SAM security tests have significant technical limitations, but they provide a basic form of monitoring at '''all''' the sites.
There are several key objectives with the SAM security tests:
* identify weak sites and address possible problems;
* identify common security vulnerabilities and adapt our training material;
* raise awarness at the sites and/or at the VOs during specific security campains.
Each SAM security test is designed and implemented based on the following practices.
* Tests are NOT intrusive and DO NOT attempt to circumvent any security mechanism.
* Tests are NOT using (or trying to gain access to) any additional privilege on the system.
* Tests are NOT resource-consuming.
* Detailed results are available ONLY to the OSCT.
* Results are transmitted and stored in the encrypted form.
More details about the SAM security tests are available [ here].
{{From OSCT wiki|}}

Revision as of 09:28, 12 July 2010

| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination

No internal information needed so far. See the public version for general description of the activity.