Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI CSIRT:SMG"

From EGIWiki
Jump to navigation Jump to search
Line 1: Line 1:
{{egi-csirt-team-header|Security Monitoring Group}}
{{egi-csirt-team-header|Security Monitoring Group}}


==Objective==
== Objective==
Develop, deploy and maintain security monitoring tools.
Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents as well as to detect weak spots in the infrastructure before they get misused. The EGI CSIRT contributes to security monitoring by developing a monitoring tools, promoting existing tools, performing security tests against the sites and providing advisories about deployment and usage of the tools.


== Goals of security monitoring ==
The EGI CSIRT strives to provide both high-level overviews summarizing current status and detailed information about particular issues identified in the infrastructure. While closely collaborating with the NGIs and sites, the EGI CSIRT does not provide a replacement for site and NGI level monitoring, however, the EGI CSIRT will recommend a basic set of monitoring tools that the NGIs and sites can use for security monitoring. In addition, the EGI CSIRT operates its own monitoring tools collecting information from the sites. The probes used are not intrusive and do not attempt to circumvent any security mehanisms and are not resource intensive. Results collected by these probes are only available to the EGI CSIRT members and communicated to the appropriate site security contacts.


Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents. The OSCT contributes to the security monitoring of the EGEE infrastructure by:
Main tasks of the activity:
 
* Patch management using Pakiti
* promoting a set of existing monitoring tools as part of its [[EGI_CSIRT:dissemination|dissemination]] activity;
* Trace activities of the users
* performing different tests using the [https://twiki.cern.ch/twiki/bin/view/LCG/SAMOverview SAM] framework.
* Integration with Nagios
 
* Security monitoring dashboard
===Security monitoring tools ==
 
The OSCT highly recommends all sites to deploy a coherent set of security monitoring tools. Such a local approach enables the service managers at each sites to perform a detailed level of monitoring to detect possible change of patterns. More details, as well as a list of several useful tools are available as part of our dissemination activity.
===SAM Security Monitoring ==
 
In addition to promoting the use of security monitoring tools, as part of the Grid operations, the EGI CSIRT also performs simple security checks at the sites.
 
The SAM security tests have significant technical limitations, but they provide a basic form of monitoring at '''all''' the sites.
 
There are several key objectives with the SAM security tests:
 
* identify weak sites and address possible problems;
* identify common security vulnerabilities and adapt our training material;
* raise awarness at the sites and/or at the VOs during specific security campains.
 
Each SAM security test is designed and implemented based on the following practices.
 
* Tests are NOT intrusive and DO NOT attempt to circumvent any security mechanism.
* Tests are NOT using (or trying to gain access to) any additional privilege on the system.
* Tests are NOT resource-consuming.
* Detailed results are available ONLY to the OSCT.
* Results are transmitted and stored in the encrypted form.
 


== Tasks==  
== Tasks==  
Line 52: Line 31:
== Persons ==
== Persons ==
=== Coordinator ===
=== Coordinator ===
* Daniel Kouril, Czech Republic NGI
* Daniel Kouril (kouril@ics.muni.cz), Czech Republic NGI


=== Volunteers ===
=== Volunteers ===

Revision as of 10:26, 12 July 2010

EGI-CSIRT wiki

public team pages| Incident Response Task Force (IRTF) | Security Drills Group (SDG) | Security Monitoring Group (SMG) |
public pages | Mission | Incident reporting | Dissemination | Alerts | Operational notices | Monitoring | Security challenges | Policies | Contacts |

Security Monitoring Group


Objective

Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents as well as to detect weak spots in the infrastructure before they get misused. The EGI CSIRT contributes to security monitoring by developing a monitoring tools, promoting existing tools, performing security tests against the sites and providing advisories about deployment and usage of the tools.

Goals of security monitoring

The EGI CSIRT strives to provide both high-level overviews summarizing current status and detailed information about particular issues identified in the infrastructure. While closely collaborating with the NGIs and sites, the EGI CSIRT does not provide a replacement for site and NGI level monitoring, however, the EGI CSIRT will recommend a basic set of monitoring tools that the NGIs and sites can use for security monitoring. In addition, the EGI CSIRT operates its own monitoring tools collecting information from the sites. The probes used are not intrusive and do not attempt to circumvent any security mehanisms and are not resource intensive. Results collected by these probes are only available to the EGI CSIRT members and communicated to the appropriate site security contacts.

Main tasks of the activity:

  • Patch management using Pakiti
  • Trace activities of the users
  • Integration with Nagios
  • Security monitoring dashboard

Tasks

  • Pakiti:
    • Further development
    • Monitor the result of central Pakiti server and raise alarm if necessary
    • Support NGIs in setting up a national Pakiti instance.
    • Improve support for non rpm based distributions.
  • Tools to trace user activity.
  • Nagios:
    • Further development
    • Security probes development and maintances
    • Deploy security probes within the existing Nagios framework
    • Support NGIs to intergate security probes into their local NGI Nagios framework
  • Explore the possibility of using APEL data for security monitoring and security incident handling purpose
  • Explore the possibility of creating a security monitoring dashboard to aggreate, consolidate and visualize monitoring results

Persons

Coordinator

  • Daniel Kouril (kouril@ics.muni.cz), Czech Republic NGI

Volunteers

class="sortable"
Name NGI Home Organization Effort Available (PM)
David O'Callaghan Irland NGI TCD
Christos Triantafyllidis Greek NGI
Jinny Chien - ASGC
Daniel Kouril Czech Republic NGI CESNET
Michal Prochazka Czech Republic NGI CESNET
Dusan Vudragovic Serbia NGI AEGIS
Angela Poschlad German NGI KIT
Bartlomiej Balcerek Poland NGI WCSS (CYFRONET) 4
Emir Imamagic Croatia NGI
Riccardo Brunetti Italy NGI INFN
Guiseppe Misurelli Italy NGI INFN
Dorine Fouossong France NGI
Feyza Eryol TR NGI TUBITAK-ULAKBIM
Retrieved from "https://wiki.egi.eu/w/index.php?title=EGI_CSIRT:SMG&oldid=1645"