Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SEC05 Security Resource Centre Certification Procedure"

From EGIWiki
Jump to navigation Jump to search
Line 1: Line 1:
{{New-Egi-csirt-header}}
{{New-Egi-csirt-header}}  


{{Ops_procedures
{{Ops_procedures
Line 6: Line 6:
|Version = 1.1 - 30 September 2014
|Version = 1.1 - 30 September 2014
|Policy_name = EGI CSIRT
|Policy_name = EGI CSIRT
|Contact_group =  TBA
|Contact_group =  EGI CSIRT
|Procedure_statement = Operational security requirements to certify new Resource Centres (sites) in the EGI infrastructure. The steps also apply to re-certification of suspended Resource Centres (sites).
|Procedure_statement = Operational security requirements to certify new Resource Centres (sites) in the EGI infrastructure. The steps also apply to re-certification of suspended Resource Centres (sites).
}}
}}  


= Introduction =
= Introduction =


This step of the certification checks that the resources under certification do not contain known CRITICAL software vulnerabilities.
This step of the certification checks that the resources under certification do not contain known CRITICAL software vulnerabilities.  


= Overview  =
= Overview  =


This page provides instructions on how to enable security monitoring of a grid Resource Centre that is being certified for EGI as requested by the [[PROC09 Resource Centre Registration and Certification]] procedure. The monitoring is performed using the tools used by the EGI CSIRT and enabled upon request of Resource Centre.
This page provides instructions on how to enable security monitoring of Resource Centre that is being certified for EGI as requested by the [[PROC09 Resource Centre Registration and Certification]] procedure. The monitoring is performed using the tools used by the EGI CSIRT and enabled upon request of Resource Centre.  


N.B. The steps below are under development and may change until the process is discussed inside EGI CSIRT and with the EGI operations team. Also the process only applies to certification of grid Resource Centres and does not address certification of cloud providers.
N.B. The steps below are under development and may change until the process is discussed inside EGI CSIRT and with the EGI operations team. <br>


= Steps =
= Steps =


# A Resource Centre administrator asks the EGI CSIRT to enable monitoring of the site. It is done by opening a ticket in csirt queue of EGI RT or sending a mail to csirt@rt.egi.eu. The mail must contain the name of the Resource Centre and NGI and . The Centre must be configured to accept jobs from the ops VO ('''TBC''').
== HTC Resource Center ==
# EGI CSIRT will activate the monitoring of the site. After monitoring has been activated the EGI tools will start gathering data and will keep it for evaluation.
 
# The monitoring has to run for at least 3 consecutive calendar days. If no security alert is raised via the monitoring over that period, the EGI CSIRT will issue a positive assesment of the status upon request of the Operations Centre as per step 8 of the procedure ('''TBC''').
{| class="wikitable"
|-
! <br>
! Responsible
! Action
! Prerequisites, if any
|- valign="top"
| 1<br>
| RC<br>
|
'''Ask the EGI CSIRT to enable monitoring of the site.''' <br>
 
It is done by opening a ticket in ''"csirt" ''queue of [[Rt.egi.eu|EGI RT]] or sending a mail to csirt@rt.egi.eu. <br>
 
The mail must contain:<br>
 
*the name of the Resource Centre<br>
*NGI&nbsp;
 
| The Centre must be configured to accept jobs from the ops VO.
|- valign="top"
| 2
| EGI&nbsp;CSIRT  
|
'''Activate the monitoring of the site<br>'''
 
After monitoring has been activated the EGI tools will start gathering data and will keep it for evaluation.  
 
The monitoring has to run for at least 3 consecutive calendar days.
 
| <br>
|- valign="top"
| 3
| EGI&nbsp;CSIRT
| If no security alert is raised via the monitoring over 3 consecutive calendar days period, '''the EGI CSIRT will communicate back a positive assesment'''.
|
|}
 
== Cloud Resource Center  ==
 
{| class="wikitable"
|-
! <br>
! Responsible
! Action
! Prerequisites, if any
|- valign="top"
| 1<br>
| RC<br>
|
'''Fill the '''[https://www.surveymonkey.com/s/Cloud_Security_Assessment_for_Resource_Centres '''''EGI&nbsp;security survey''&nbsp;'''] and inform EGI Operations (operations@egi.eu)<br>
 
*The purpose of the survey is to assess that the technology used to provide cloud services fulfils the EGI security policies and procedures.
 
|
|- valign="top"
| 2
| EGI Operations  
|
'''Send filled in surver to EGI CSIRT'''
 
| <br>
|- valign="top"
| 3<br>
| EGI&nbsp;CSIRT<br>
|
'''Communicate back an assesment''' '''result'''.
 
In case of issues EGI CSIRT&nbsp;contact RC to better understand situation.
 
| <br>
|}

Revision as of 11:08, 6 November 2014

EGI-CSIRT web site EGI-CSIRT Public wiki EGI-CSIRT Contacts EGI-CSIRT Activities EGI-CSIRT Private wiki


Title Security Requirements for Resource Centre Registration and Certification
Document link [1]
Last modified 1.1 - 30 September 2014
Policy Group Acronym Provide the acronym of the group creating this procedure !
Policy Group Name EGI CSIRT
Contact Group EGI CSIRT
Document Status Provide status of the document! DRAFT(work in progress within the group) -> REVIEW( document under internal review managed by the group)-> APPROVED (document approved by the group)
Approved Date Provide date of the approval!
Procedure Statement Operational security requirements to certify new Resource Centres (sites) in the EGI infrastructure. The steps also apply to re-certification of suspended Resource Centres (sites).
Owner Owner of procedure


Introduction

This step of the certification checks that the resources under certification do not contain known CRITICAL software vulnerabilities.

Overview

This page provides instructions on how to enable security monitoring of Resource Centre that is being certified for EGI as requested by the PROC09 Resource Centre Registration and Certification procedure. The monitoring is performed using the tools used by the EGI CSIRT and enabled upon request of Resource Centre.

N.B. The steps below are under development and may change until the process is discussed inside EGI CSIRT and with the EGI operations team.

Steps

HTC Resource Center


 Responsible Action Prerequisites, if any
1
 RC

Ask the EGI CSIRT to enable monitoring of the site.

It is done by opening a ticket in "csirt" queue of EGI RT or sending a mail to csirt@rt.egi.eu.

The mail must contain:

  • the name of the Resource Centre
  • NGI 
 The Centre must be configured to accept jobs from the ops VO.
2 EGI CSIRT

Activate the monitoring of the site

After monitoring has been activated the EGI tools will start gathering data and will keep it for evaluation.

The monitoring has to run for at least 3 consecutive calendar days.


3 EGI CSIRT If no security alert is raised via the monitoring over 3 consecutive calendar days period, the EGI CSIRT will communicate back a positive assesment.

Cloud Resource Center


 Responsible Action Prerequisites, if any
1
 RC

Fill the EGI security survey  and inform EGI Operations (operations@egi.eu)

  • The purpose of the survey is to assess that the technology used to provide cloud services fulfils the EGI security policies and procedures.
2 EGI Operations

Send filled in surver to EGI CSIRT


3
 EGI CSIRT

Communicate back an assesment result.

In case of issues EGI CSIRT contact RC to better understand situation.


Retrieved from "https://wiki.egi.eu/w/index.php?title=SEC05_Security_Resource_Centre_Certification_Procedure&oldid=71311"