Difference between revisions of "SEC05 Security Resource Centre Certification Procedure"
Line 36: | Line 36: | ||
| RC<br> | | RC<br> | ||
| | | | ||
Make sure that the site is up to date with regard to security patches. In case of re-certification due to suspension following a critical vulnerability, make sure that the recommendations in the corresponding EGI SVG advisory have been followed. | |||
| | | | ||
|- valign="top" | |- valign="top" | ||
Line 45: | Line 45: | ||
| <br> | | <br> | ||
|- valign="top" | |- valign="top" | ||
| | | 3 | ||
| RC | |||
| | |||
Check on https://pakiti.egi.eu/host.php?h=${hostname} that the report was sent and that no critical vulnerability was found. If one is found, and is not mitigated, go back to step 1. | |||
| <br> | |||
|- valign="top" | |||
| 4 | |||
| RC | | RC | ||
| | | | ||
Notify the EGI CSIRT (if using GGUS simply add irtf <AT>mailman.egi.eu in Cc to the ticket. Otherwise send an email to abuse<AT> egi.eu with the OC in Cc). Explain in detail any mitigation deployed, if any. | |||
| <br> | | <br> | ||
|- valign="top" | |- valign="top" |
Revision as of 14:45, 22 August 2017
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
Documentation menu: | Home • | Manuals • | Procedures • | Training • | Other • | Contact ► | For: | VO managers • | Administrators |
Title | Security Resource Centre Certification Procedure |
Document link | https://wiki.egi.eu/wiki/SEC05_Security_Resource_Centre_Certification_Procedure |
Last modified | 1.2 - January 30th, 2017 |
Policy Group Acronym | CSIRT |
Policy Group Name | EGI CSIRT |
Contact Group | EGI CSIRT |
Document Status | Approved |
Approved Date | January 30th, 2017 |
Procedure Statement | Security Resource Centre Certification Procedure applies to Resource Centres under certification process and re-certification of suspended Resource Centres (sites). This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities. |
Owner | Owner of procedure |
Introduction
This page provides steps to certify Resource Centre from security point of view, as part of PROC09 Resource Centre Registration and Certification procedure. The monitoring is performed using the tools used by the EGI CSIRT and enabled upon request of Resource Centre.
This step of the security certification procedure checks that the resources under certification do not contain known CRITICAL software vulnerabilities.
Steps
HTC (Grid) Resource Center
Responsible | Action | Prerequisites, if any | |
---|---|---|---|
1 |
RC |
Make sure that the site is up to date with regard to security patches. In case of re-certification due to suspension following a critical vulnerability, make sure that the recommendations in the corresponding EGI SVG advisory have been followed. |
|
2 | RC |
Follow instructions on Pakiti client wiki: install and run the pakiti client on a random Worker Node. In case of re-certification due to suspension following a critical vulnerability, run Pakiti on the affected node(s). |
|
3 | RC |
Check on https://pakiti.egi.eu/host.php?h=${hostname} that the report was sent and that no critical vulnerability was found. If one is found, and is not mitigated, go back to step 1. |
|
4 | RC |
Notify the EGI CSIRT (if using GGUS simply add irtf <AT>mailman.egi.eu in Cc to the ticket. Otherwise send an email to abuse<AT> egi.eu with the OC in Cc). Explain in detail any mitigation deployed, if any. |
|
3 | EGI CSIRT | EGI CSIRT verifies the results and communicate back a positive assessment, PROC09 can continue |
Cloud Resource Center
Responsible | Action | Prerequisites, if any | |
---|---|---|---|
1 |
RC |
Fill the EGI security survey (using the editable pdf file) and and send it to the own Operations Centre
|
|
2 | OC |
Check the filled in survey and send it by email to EGI CSIRT (abuse <AT> egi.eu) |
|
3 |
EGI CSIRT |
the EGI CSIRT will communicate back an assessment result. In case of issues EGI CSIRT contact RC to better understand situation. |
Revision history
Version | Authors | Date | Comments |
---|---|---|---|
Alessandro Paolini | 2017-01-30 | Specified the email address for contacting the EGI CSIRT. | |
Alessandro Paolini | 2016-10-26 | modified the procedure for HTC RCs, as proposed by EGI CSIRT at the September 2016 OMB. | |
Alessandro Paolini | 2016-03-22 | modified the steps 1 and 2 for CLOUD RCs: the survey is sent to the NGI which forward it to EGI CSIRT |