EGI Core activities:2013-bidding Security monitoring and security operations support tools

From EGIWiki
Jump to: navigation, search
Main EGI.eu operations services Support Documentation Tools Activities Performance Technology Catch-all Services Resource Allocation Security


EGI Core services menu: Services PHASE I Services PHASE II Services PHASE III Bids Payments Travel procedure Performance


Contents


Go back to the EGI Core Activities Bidding page.


Go back to the Core EGI activity list.

Security monitoring and security operations support tools are part of the EGI Core Infrastructure Platform which supports the daily security operations of EGI.

Introduction

EGI is an interconnected federation where a single vulnerable place may have a huge impact on the whole infrastructure. In order to recognise the risks and to address potential vulnerabilities in a timely manner, the EGI Security Monitoring provides an oversight of the infrastructure from the security standpoint. Also, sites connected to EGI differ significantly in the level of security and detecting weaknesses exposed by the sites allows the EGI security operations to contact the sites before the issue leads to an incident. Information produced by security monitoring is also important during assessment of new risks and vulnerabilities since it enables to identify the scope and impact of a potential security incident.

Technical description

This service includes the following components.

Security Nagios

A Security Nagios service is provided to monitor a range of like CRLs, file system permissions, vulnerable file permissions etc. Ad-hoc probes need to be deployed to support incident management, to assess the vulnerability of the infrastructure with regards to specific security issues and for proactive security management. The results produced are available to the EGI Security dashboard for visualization.

Pakiti

Pakiti is monitoring and notification service which is responsible for checking the patching status of systems. The results produced are available to the EGI Security dashboard for visualization.

Incident Reporting Tool

RTIR for tracking of incident reporting activities.

Tools for Security Service Challenge support

Security challenges are a mechanism to check the compliance of sites/NGIs/EGI with security procedures etc. Runs of Security Service Challenges need a set of tools that are used during various stages of the runs. The tools include a web portal used by the SSC operators to control the run, an extension of RTIR for evaluations of sites, and customized Pakiti used in SSC preparation phases.

Coordination

This activity is responsible of the coordination of the system operation and upgrade activities with those partners that are in charge of operating other systems that depend on it. Coordination is needed with other security-related tasks, namely the Incident Response Task Force and Software Vulnerability Group. Reliable and quick support to them is needed (for instance to introduce new checks or process collected data).

Support

Support hours: eight hours a day (for example 9-17 CE(S)T), Monday to Friday – excluding public holidays of the hosting organization.

Operation

Maintenance

This activity includes:

Service level targets

Personal tools
Variants
Actions
Navigation
Toolbox
Print/export