EGI CSIRT:SMG
public team pages| Incident Response Task Force (IRTF) | Security Drills Group (SDG) | Security Monitoring Group (SMG) |
public pages | Mission | Incident reporting | Dissemination | Alerts | Operational notices | Monitoring | Security challenges | Policies | Contacts |
Security Monitoring Group
Objective
Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents as well as to detect weak spots in the infrastructure before they get misused. The EGI CSIRT contributes to security monitoring by developing a monitoring tools, promoting existing tools, performing security tests against the sites and providing advisories about deployment and usage of the tools.
Goals of security monitoring
The EGI CSIRT strives to provide both high-level overviews summarizing current status and detailed information about particular issues identified in the infrastructure. While closely collaborating with the NGIs and sites, the EGI CSIRT does not provide a replacement for site and NGI level monitoring, however, the EGI CSIRT will recommend a basic set of monitoring tools that the NGIs and sites can use for security monitoring. In addition, the EGI CSIRT operates its own monitoring tools collecting information from the sites. The probes used are not intrusive and do not attempt to circumvent any security mehanisms and are not resource intensive. Results collected by these probes are only available to the EGI CSIRT members and communicated to the appropriate site security contacts.
Main tasks of the activity:
- Patch management using Pakiti
- Trace activities of the users
- Integration with Nagios
- Security monitoring dashboard
Tasks
- Pakiti:
- Further development
- Monitor the result of central Pakiti server and raise alarm if necessary
- Support NGIs in setting up a national Pakiti instance.
- Improve support for non rpm based distributions.
- Tools to trace user activity.
- Nagios:
- Further development
- Security probes development and maintances
- Deploy security probes within the existing Nagios framework
- Support NGIs to intergate security probes into their local NGI Nagios framework
- Explore the possibility of using APEL data for security monitoring and security incident handling purpose
- Explore the possibility of creating a security monitoring dashboard to aggreate, consolidate and visualize monitoring results
Persons
Coordinator
- Daniel Kouril (kouril@ics.muni.cz), Czech Republic NGI
Volunteers
class="sortable"Name | NGI | Home Organization | Effort Available (PM) |
---|---|---|---|
David O'Callaghan | Irland NGI | TCD | |
Christos Triantafyllidis | Greek NGI | ||
Jinny Chien | - | ASGC | |
Daniel Kouril | Czech Republic NGI | CESNET | |
Michal Prochazka | Czech Republic NGI | CESNET | |
Dusan Vudragovic | Serbia NGI | AEGIS | |
Angela Poschlad | German NGI | KIT | |
Bartlomiej Balcerek | Poland NGI | WCSS (CYFRONET) | 4 |
Emir Imamagic | Croatia NGI | ||
Riccardo Brunetti | Italy NGI | INFN | |
Guiseppe Misurelli | Italy NGI | INFN | |
Dorine Fouossong | France NGI | ||
Feyza Eryol | TR NGI | TUBITAK-ULAKBIM |