Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "EGI Core activities:2013-bidding Security monitoring and security operations support tools"

From EGIWiki
Jump to navigation Jump to search
 
(14 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{TOC_right}}
{{Template:Op menubar}}{{Core_services_menubar}} {{TOC_right}}  
'''Go back to the [[Core_EGI_Activities|activity list]].'''
'''Go back to the [[EGI_Core_Activities_Bidding|EGI Core Activities Bidding page]].'''
 
 
'''Go back to the [[Core EGI Activities|Core EGI activity list]].'''  
 
* Service name: Security monitoring and security operations support tools
* Service name: Security monitoring and security operations support tools
* Service category: Operations
* Service category: Operations
Line 17: Line 21:


== Pakiti ==
== Pakiti ==
Pakiti is monitoring and notification service which is responsible of checking the patching status of systems. The results produced are available to the EGI Security dashboard for visualization.
Pakiti is monitoring and notification service which is responsible for checking the patching status of systems. The results produced are available to the EGI Security dashboard for visualization.


== Incident Reporting Tool =
== Incident Reporting Tool ==
RTIR for tracking of incident reporting activities.
RTIR for tracking of incident reporting activities.
== Tools for Security Service Challenge support ==
Security challenges are a mechanism to check the compliance of sites/NGIs/EGI with security procedures etc. Runs of Security Service Challenges need a set of tools that are used during various stages of the runs. The tools include a web portal used by the SSC operators to control the run, an extension of RTIR for evaluations of sites, and customized Pakiti used in SSC preparation phases.


== Coordination ==
== Coordination ==
Line 28: Line 35:
== Support ==
== Support ==
* Support to the users of the security monitoring tools, and to NGIs in operating a local instance of Pakiti
* Support to the users of the security monitoring tools, and to NGIs in operating a local instance of Pakiti
* to the operators of other depending systems
* Development and maintenance of guides and documentation for NGIs/sites about security monitoring with Nagios
* Development and maintenance of guides and documentation for NGIs/sites about security monitoring with Nagios


'''Support hours''': eight hours a day (9-17 CE(S)T), Monday to Friday – excluding public holidays of the hosting organization.
'''Support hours''': eight hours a day (for example 9-17 CE(S)T), Monday to Friday – excluding public holidays of the hosting organization.


== Operation ==
== Operation ==
Line 43: Line 51:
* proactive maintenance, improvement of the system
* proactive maintenance, improvement of the system
* requirements gathering
* requirements gathering
* Documentation


= Service level targets =
= Service level targets =
*Minimum availability/reliability: 99%/100%
*Minimum availability/reliability: 99%/99%
*Response to incident records in GGUS within support hours: [[FAQ_GGUS-PT-QoS-Levels#Medium_service| Medium]] (see https://wiki.egi.eu/wiki/FAQ_GGUS-PT-QoS-Levels#Medium_service)
*Response to incident records in GGUS within support hours: [[FAQ_GGUS-PT-QoS-Levels#Medium_service| Medium]] (see https://wiki.egi.eu/wiki/FAQ_GGUS-PT-QoS-Levels#Medium_service)

Latest revision as of 14:46, 6 June 2016

Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


EGI Core services menu: Services PHASE I Services PHASE II Services PHASE III Bids Payments Travel procedure Performance



Go back to the EGI Core Activities Bidding page.


Go back to the Core EGI activity list.

  • Service name: Security monitoring and security operations support tools
  • Service category: Operations
  • Service type: Coordination, operation and maintenance

Security monitoring and security operations support tools are part of the EGI Core Infrastructure Platform which supports the daily security operations of EGI.

Introduction

EGI is an interconnected federation where a single vulnerable place may have a huge impact on the whole infrastructure. In order to recognise the risks and to address potential vulnerabilities in a timely manner, the EGI Security Monitoring provides an oversight of the infrastructure from the security standpoint. Also, sites connected to EGI differ significantly in the level of security and detecting weaknesses exposed by the sites allows the EGI security operations to contact the sites before the issue leads to an incident. Information produced by security monitoring is also important during assessment of new risks and vulnerabilities since it enables to identify the scope and impact of a potential security incident.

Technical description

This service includes the following components.

Security Nagios

A Security Nagios service is provided to monitor a range of like CRLs, file system permissions, vulnerable file permissions etc. Ad-hoc probes need to be deployed to support incident management, to assess the vulnerability of the infrastructure with regards to specific security issues and for proactive security management. The results produced are available to the EGI Security dashboard for visualization.

Pakiti

Pakiti is monitoring and notification service which is responsible for checking the patching status of systems. The results produced are available to the EGI Security dashboard for visualization.

Incident Reporting Tool

RTIR for tracking of incident reporting activities.

Tools for Security Service Challenge support

Security challenges are a mechanism to check the compliance of sites/NGIs/EGI with security procedures etc. Runs of Security Service Challenges need a set of tools that are used during various stages of the runs. The tools include a web portal used by the SSC operators to control the run, an extension of RTIR for evaluations of sites, and customized Pakiti used in SSC preparation phases.

Coordination

This activity is responsible of the coordination of the system operation and upgrade activities with those partners that are in charge of operating other systems that depend on it. Coordination is needed with other security-related tasks, namely the Incident Response Task Force and Software Vulnerability Group. Reliable and quick support to them is needed (for instance to introduce new checks or process collected data).

Support

  • Support to the users of the security monitoring tools, and to NGIs in operating a local instance of Pakiti
  • to the operators of other depending systems
  • Development and maintenance of guides and documentation for NGIs/sites about security monitoring with Nagios

Support hours: eight hours a day (for example 9-17 CE(S)T), Monday to Friday – excluding public holidays of the hosting organization.

Operation

  • Daily running of the systems
  • Provisioning of a high availability configuration
  • A test infrastructure to verify interoperability and the impact of software upgrades on depending systems

Maintenance

This activity includes:

  • development of new probes (based on risk analysis and experience with previous incidents)
  • integration of security probes with standard Nagios
  • proactive maintenance, improvement of the system
  • requirements gathering
  • Documentation

Service level targets