EGI CSIRT:Monitoring
This page is under construction. |
| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination
Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents. The OSCT contributes to the security monitoring of the EGEE infrastructure by:
- promoting a set of existing monitoring tools as part of its dissemination activity;
- performing different tests using the SAM framework.
Security monitoring tools
The OSCT highly recommends all sites to deploy a coherent set of security monitoring tools. Such a local approach enables the service managers at each sites to perform a detailed level of monitoring to detect possible change of patterns. More details, as well as a list of several useful tools are available as part of our dissemination activity.
SAM Security Monitoring
In addition to promoting the use of security monitoring tools, as part of the Grid operations, the OSCT also uses SAM to perform simple security checks at the sites.
The SAM security tests have significant technical limitations, but they provide a basic form of monitoring at all the sites.
There are several key objectives with the SAM security tests:
- identify weak sites and address possible problems;
- identify common security vulnerabilities and adapt our training material;
- raise awarness at the sites and/or at the VOs during specific security campains.
Each SAM security test is designed and implemented based on the following practices.
- Tests are NOT intrusive and DO NOT attempt to circumvent any security mechanism.
- Tests are NOT using (or trying to gain access to) any additional privilege on the system.
- Tests are NOT resource-consuming.
- Detailed results are available ONLY to the OSCT.
- Results are transmitted and stored in the encrypted form.
More details about the SAM security tests are available here.
Source
Parts of this article came from the OSCT wiki, this was written by the EGEE Operational Security Coordination Team. |