Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SEC05 Security Resource Centre Certification Procedure"

From EGIWiki
Jump to navigation Jump to search
(Deprecate page, content moved to EGIPP space in confluence)
Tag: Replaced
 
(16 intermediate revisions by 2 users not shown)
Line 4: Line 4:
[[Category:Operations Procedures]]
[[Category:Operations Procedures]]


{{Ops_procedures
{{DeprecatedAndMovedTo|new_location=https://confluence.egi.eu/display/EGIPP/SEC05+Security+Resource+Centre+Certification+Procedure}}
|Doc_title = Security Resource Centre Certification Procedure
|Doc_link = https://wiki.egi.eu/wiki/SEC05_Security_Resource_Centre_Certification_Procedure
|Version = 1.2 - January 30th, 2017
|Policy_acronym = CSIRT
|Policy_name = EGI CSIRT
|Contact_group =  EGI CSIRT
|Doc_status = Approved
|Approval_date= January 30th, 2017
|Procedure_statement = Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities. 
}}
 
= Introduction  =
 
<br>This page provides steps to certify Resource Centre from security point of view, as part of [[PROC09|PROC09 Resource Centre Registration and Certification]] procedure. The monitoring is performed using the tools used by the EGI CSIRT and enabled upon request of Resource Centre. <br>
 
This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities.
 
= Steps  =
 
== HTC (Grid) Resource Center  ==
 
{| class="wikitable"
|-
! <br>
! Responsible
! Action
! Prerequisites, if any
|- valign="top"
| 1<br>
| RC<br>
|
PREVIOUSLY: Follow  instructions  on [https://wiki.egi.eu/wiki/EGI_CSIRT:Pakiti_client Pakiti client wiki]: '''install and run pakiti client on random WN'''. In case of re-certification on node subject to suspension.
NOW: Make sure that the site is up to date with regard to security patches. In case of re-certification due to suspension following a critical vulnerability, make sure that the recommendations in the corresponding EGI SVG advisory have been followed.
|
|- valign="top"
| 2
| RC
|
Check results for the RC in question https://pakiti.egi.eu/. '''Notify EGI-CSIRT (abuse <AT> egi.eu) when the problem is solved'''.
| <br>
|- valign="top"
| 3
| EGI&nbsp;CSIRT
| '''EGI CSIRT verifies the results and communicate back a positive assessment''', [[PROC09]] can continue
|
|}
 
== Cloud Resource Center  ==
 
{| class="wikitable"
|-
! <br>
! Responsible
! Action
! Prerequisites, if any
|- valign="top"
| 1<br>
| RC<br>
|
'''Fill the '''[https://www.surveymonkey.com/r/Cloud_Security_Questionnaire_for_Resource_Centres '''''EGI&nbsp;security survey''&nbsp;'''] (using the editable pdf file) and and send it to the own Operations Centre<br>
 
*This survey contains the basic security related checks which must be carried out with Cloud Resource providers offering “Infrastructure-as-a-Service” clouds based on the execution of virtual machine images.
 
|
|- valign="top"
| 2
| OC
|
'''Check the filled in survey and send it by email to EGI CSIRT (abuse <AT> egi.eu)'''
 
| <br>
|- valign="top"
| 3<br>
| EGI&nbsp;CSIRT<br>
|
'''the EGI CSIRT will communicate back an assessment result'''.
 
In case of issues EGI CSIRT&nbsp;contact RC to better understand situation.
 
| <br>
|}
 
= Revision history  =
 
{| class="wikitable"
|-
! Version
! Authors
! Date
! Comments
|-
|
| Alessandro Paolini
| 2017-01-30
| Specified the email address for contacting the EGI CSIRT.
|-
|
| Alessandro Paolini
| 2016-10-26
| modified the procedure for HTC RCs, as proposed by EGI CSIRT at the [https://indico.egi.eu/indico/event/2810/ September 2016 OMB].
|-
|
| Alessandro Paolini
| 2016-03-22
| modified the steps 1 and 2 for CLOUD RCs: the survey is sent to the NGI which forward it to EGI CSIRT
|}

Latest revision as of 10:43, 10 December 2021