Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

EGI CSIRT:Monitoring

From EGIWiki
Revision as of 10:51, 21 June 2010 by Wbuehler (talk | contribs) ({{From OSCT wiki|http://osct.web.cern.ch/osct/monitoring.html}})
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
Baustelle.png This page is under construction.


| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination


Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents. The OSCT contributes to the security monitoring of the EGEE infrastructure by:

  • promoting a set of existing monitoring tools as part of its dissemination activity;
  • performing different tests using the SAM framework.

Security monitoring tools

The OSCT highly recommends all sites to deploy a coherent set of security monitoring tools. Such a local approach enables the service managers at each sites to perform a detailed level of monitoring to detect possible change of patterns. More details, as well as a list of several useful tools are available as part of our dissemination activity.

SAM Security Monitoring

In addition to promoting the use of security monitoring tools, as part of the Grid operations, the OSCT also uses SAM to perform simple security checks at the sites.

The SAM security tests have significant technical limitations, but they provide a basic form of monitoring at all the sites.

There are several key objectives with the SAM security tests:

  • identify weak sites and address possible problems;
  • identify common security vulnerabilities and adapt our training material;
  • raise awarness at the sites and/or at the VOs during specific security campains.

Each SAM security test is designed and implemented based on the following practices.

  • Tests are NOT intrusive and DO NOT attempt to circumvent any security mechanism.
  • Tests are NOT using (or trying to gain access to) any additional privilege on the system.
  • Tests are NOT resource-consuming.
  • Detailed results are available ONLY to the OSCT.
  • Results are transmitted and stored in the encrypted form.

More details about the SAM security tests are available here.

Source

Parts of this article came from the OSCT wiki, this was written by the EGEE Operational Security Coordination Team.


Retrieved from "https://wiki.egi.eu/w/index.php?title=EGI_CSIRT:Monitoring&oldid=1296"