|EGI Inspire Main page|
|Inspire reports menu:||Home •||SA1 weekly Reports •||SA1 Task QR Reports •||NGI QR Reports •||NGI QR User support Reports|
1. Task Meetings
|Date (dd/mm/yyyy)||Url Indico Agenda||Title||Outcome|
|18/08/2011||https://www.egi.eu/indico/conferenceDisplay.py?confId=572||EGI CSIRT team monthly meeting||Review previous month activities and plan for the coming month
|19/09/2011||https://www.egi.eu/indico/conferenceDisplay.py?confId=611||EGI CSIRT team monthly meeting, face to face meeting at EGITF 2011, Lyon||Review previous month activities and plan for the coming month|
|20/09/2011||https://www.egi.eu/indico/contributionDisplay.py?contribId=8&confId=452||EGI SVG face to face meeting at EGITF 2011, Lyon||Review previous month activities and plan for the coming month|
|21/09/2011||https://www.egi.eu/indico/contributionDisplay.py?contribId=7&confId=452||EGI SVG open session at EGITF 2011, Lyon||updates on vulnerability issue handling and update on Vulnerability Assessment|
|20/10/2011||https://www.egi.eu/indico/conferenceDisplay.py?confId=610||EGI CSIRT team monthly meeting||Review previous month activities and plan for the coming month|
EGI CSIRT also has a weekly operation meeting on EVO. The minutes is recorded in EGI CSIRT private wiki (not publicly accessable)
2. Main Achievements
Milestone MS412 was approved and now is on EGI document database. EGI CSIRT security incident handling procedure is updated and placed in the permanent location. EGI CSIRT IRTF has handled three security incident, of which one was multiple site incident. Two are still being investigated.
EGI CSIRT Security Service Challenge 5 is featured in medias such as ISGTW: http://www.isgtw.org/feature/48-hour-grid-security-challenge and the coming EGI-Newsletter. A presentation about SSC5 was also given at GDB: http://indico.cern.ch/conferenceDisplay.py?confId=106648. Security Service Challenge5 site reports are still in progress, it is delayed due to more development work of report generator is needed. The SSC5 monitoring framework was used to monitor the leaked proxy.
Security dashboard is integrated with the EGI operations portal and put into the production (https://operations-portal.egi.eu/csiDashboard). The EGI CSIRT is tidying the information in the dashboard so it can be used by sites and NGIs. A few issues were identified and corrected and several Nagios probes have been updated during this process. An abstract on EGI security monitoring has been submitted for ISGC2012.
EGI CSIRT organized security training at EGITF 2011 (https://www.egi.eu/indico/sessionDisplay.py?sessionId=57&confId=452#20110922 and https://www.egi.eu/indico/sessionDisplay.py?sessionId=57&confId=452#20110923). The training has been well received.
EGI SVG vulnerability issue handling is updated and placed in the permanent location. SVG issue handling are EGI SVG agreed a procedure with gLite people who maintain repositories and releases for ensuring vulnerabilities continue to be fixed until the end of security support for gLite 3.1 and gLite 3.2. Six issues were reported to EGI SVG during the quarter, including 2 that were duplicates of others reported. One SVG advisory was issued during this quarter.
First Draft of D4.4, the EGI Security Risk Assessment, has been written by Linda Cornwall. This includes a plan for a high level security assessment of EGI which will be carried out in the coming months. Some members of the team for carrying out the assessment have already volunteered.
3. Issues and Mitigation
|Issue Description||Mitigation Description|
|The problem of proxy certificate life-time and CRL propagation||Discussed at SCG meeting. It will also be discussed at TCB.|
4. Plans for the next period
EGI SVG will continue improving co-ordination of fixing and release of advisories, with EMI and EGI DMSU, to ensure advisories issued when software is released. EGI CSIRT will continue improving Security Dashboard and address any identified issue. EGI CSIRT Will exploit the possibility to integrate Security Dashboard with a ticket handling system and define an alert handling workflow. A procedure for handling compromised certificates (short lived proxies or long lived certificates) will also be working on. The Security Service Challenge NGI run is planned to start at Spanish NGI in November 2011.