The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
EGI CSIRT:SMG
public team pages| Incident Response Task Force (IRTF) | Security Drills Group (SDG) | Security Monitoring Group (SMG) |
public pages | Mission | Incident reporting | Dissemination | Alerts | Operational notices | Monitoring | Security challenges | Policies | Contacts |
Security Monitoring Group
Objective
Develop, deploy and maintain security monitoring tools.
Security monitoring is a key component to security. It may enable the service managers to prevent, detect and contain security incidents. The OSCT contributes to the security monitoring of the EGEE infrastructure by:
- promoting a set of existing monitoring tools as part of its dissemination activity;
- performing different tests using the SAM framework.
=Security monitoring tools
The OSCT highly recommends all sites to deploy a coherent set of security monitoring tools. Such a local approach enables the service managers at each sites to perform a detailed level of monitoring to detect possible change of patterns. More details, as well as a list of several useful tools are available as part of our dissemination activity.
=SAM Security Monitoring
In addition to promoting the use of security monitoring tools, as part of the Grid operations, the EGI CSIRT also performs simple security checks at the sites.
The SAM security tests have significant technical limitations, but they provide a basic form of monitoring at all the sites.
There are several key objectives with the SAM security tests:
- identify weak sites and address possible problems;
- identify common security vulnerabilities and adapt our training material;
- raise awarness at the sites and/or at the VOs during specific security campains.
Each SAM security test is designed and implemented based on the following practices.
- Tests are NOT intrusive and DO NOT attempt to circumvent any security mechanism.
- Tests are NOT using (or trying to gain access to) any additional privilege on the system.
- Tests are NOT resource-consuming.
- Detailed results are available ONLY to the OSCT.
- Results are transmitted and stored in the encrypted form.
Tasks
- Pakiti:
- Further development
- Monitor the result of central Pakiti server and raise alarm if necessary
- Support NGIs in setting up a national Pakiti instance.
- Improve support for non rpm based distributions.
- Tools to trace user activity.
- Nagios:
- Further development
- Security probes development and maintances
- Deploy security probes within the existing Nagios framework
- Support NGIs to intergate security probes into their local NGI Nagios framework
- Explore the possibility of using APEL data for security monitoring and security incident handling purpose
- Explore the possibility of creating a security monitoring dashboard to aggreate, consolidate and visualize monitoring results
Persons
Coordinator
- Daniel Kouril, Czech Republic NGI
Volunteers
class="sortable"| Name | NGI | Home Organization | Effort Available (PM) |
|---|---|---|---|
| David O'Callaghan | Irland NGI | TCD | |
| Christos Triantafyllidis | Greek NGI | ||
| Jinny Chien | - | ASGC | |
| Daniel Kouril | Czech Republic NGI | CESNET | |
| Michal Prochazka | Czech Republic NGI | CESNET | |
| Dusan Vudragovic | Serbia NGI | AEGIS | |
| Angela Poschlad | German NGI | KIT | |
| Bartlomiej Balcerek | Poland NGI | WCSS (CYFRONET) | 4 |
| Emir Imamagic | Croatia NGI | ||
| Riccardo Brunetti | Italy NGI | INFN | |
| Guiseppe Misurelli | Italy NGI | INFN | |
| Dorine Fouossong | France NGI | ||
| Feyza Eryol | TR NGI | TUBITAK-ULAKBIM |