|EGI Inspire Main page|
|Inspire reports menu:||Home •||SA1 weekly Reports •||SA1 Task QR Reports •||NGI QR Reports •||NGI QR User support Reports|
1. Task Meetings
|Date (dd/mm/yyyy)||Url Indico Agenda||Title||Outcome|
|18/11/2010||https://www.egi.eu/indico/conferenceDisplay.py?confId=218||EGI CSIRT team monthly meeting||Review previous month activities and plan for the coming month|
|21/12/2010||https://www.egi.eu/indico/conferenceDisplay.py?confId=241||EGI CSIRT team monthly meeting||Review previous month activities and plan for the coming month|
|20/01/2011||https://www.egi.eu/indico/conferenceDisplay.py?confId=298||EGI CSIRT team monthly meeting||Review previous month activities and plan for the coming month|
EGI CSIRT also has a weekly operational meeting on EVO. The minutes is recorded in EGI CSIRT private wiki (not publicly accessable)
2. Main Achievements
A CSIRT disclosure policy has been drafted and is available at EGI_CSIRT_Information_Disclosure_Policy_(draft)
A Critical Security operational procedure has been produced. This is a brief document describing the procedure for dealing with Critical Security Issues where action needs to be taken by a single site or multiple sites. Failure of sites to act on this or respond may lead to site suspension. Approval from the OMB is sought for this procedure. https://documents.egi.eu/secure/ShowDocument?docid=283
A more detailed Critical Vulnerability Handling procedure has also been drafted, this is a joint SVG/CSIRT document for handling Software vulnerabilities (whether in Grid middleware or other software) which have been assessed as critical.
A list of objectives of TSA1.2 in 2011 was produced, which is part of the overall SA1 2011 roadmap.
EGI SVG has handled 8 vulnerabilities reported through the vulnerability issue handling process, including 2 that require patches in Grid Middleware to resolve.
EGI CSIRT has handled one security incident and issued three security advisories on Linux vulnerabilities, of which one is critical two are high risk.
EGI CSIRT assissted all EGI sites to mitigate the critical vulnerability (CVE-2010-4170) within 7 days deadline, no site was suspended.
3. Issues and Mitigation
|Issue Description||Mitigation Description|
|Issue description||Issue mitigation|
4. Plans for the next period
New version of detailed Critical Vulnerability Handling procedure to match some details of the Critical Security operational procedure.
SVG will improve the handling of software vulnerabilities in the EGI RT to improve automation, including automatic reminders. Also define search criteria to provide input for SVG issue handling matrices, and better reporting of activities.
SVG will also start holding routine monthly SVG meetings, (by phone/evo) as planned in the SVG policy document.
An security assessment plan of Grid middleware is being drafted by EGI SVG and exteral partners, the plan will be finalised in next quarter.
A ticketing system for incident response (RTIR) is being setup and will be in operation in next quarter.
A EGI CSIRT face to face meeting is being planned, the provisional date is 6-7 April 2011.
Both teams will continue handling any security issue reported and ensure the EGI security