EGI Core activities:2013-bidding Security monitoring and security operations support tools
|Main||EGI.eu operations services||Support||Documentation||Tools||Activities||Performance||Technology||Catch-all Services||Resource Allocation||Security|
|EGI Core services menu:||Services PHASE I •||Services PHASE II •||Services PHASE III •||Bids •||Payments •||Travel procedure •||Performance|
Go back to the EGI Core Activities Bidding page.
Go back to the Core EGI activity list.
- Service name: Security monitoring and security operations support tools
- Service category: Operations
- Service type: Coordination, operation and maintenance
Security monitoring and security operations support tools are part of the EGI Core Infrastructure Platform which supports the daily security operations of EGI.
EGI is an interconnected federation where a single vulnerable place may have a huge impact on the whole infrastructure. In order to recognise the risks and to address potential vulnerabilities in a timely manner, the EGI Security Monitoring provides an oversight of the infrastructure from the security standpoint. Also, sites connected to EGI differ significantly in the level of security and detecting weaknesses exposed by the sites allows the EGI security operations to contact the sites before the issue leads to an incident. Information produced by security monitoring is also important during assessment of new risks and vulnerabilities since it enables to identify the scope and impact of a potential security incident.
This service includes the following components.
A Security Nagios service is provided to monitor a range of like CRLs, file system permissions, vulnerable file permissions etc. Ad-hoc probes need to be deployed to support incident management, to assess the vulnerability of the infrastructure with regards to specific security issues and for proactive security management. The results produced are available to the EGI Security dashboard for visualization.
Pakiti is monitoring and notification service which is responsible for checking the patching status of systems. The results produced are available to the EGI Security dashboard for visualization.
Incident Reporting Tool
RTIR for tracking of incident reporting activities.
Tools for Security Service Challenge support
Security challenges are a mechanism to check the compliance of sites/NGIs/EGI with security procedures etc. Runs of Security Service Challenges need a set of tools that are used during various stages of the runs. The tools include a web portal used by the SSC operators to control the run, an extension of RTIR for evaluations of sites, and customized Pakiti used in SSC preparation phases.
This activity is responsible of the coordination of the system operation and upgrade activities with those partners that are in charge of operating other systems that depend on it. Coordination is needed with other security-related tasks, namely the Incident Response Task Force and Software Vulnerability Group. Reliable and quick support to them is needed (for instance to introduce new checks or process collected data).
- Support to the users of the security monitoring tools, and to NGIs in operating a local instance of Pakiti
- to the operators of other depending systems
- Development and maintenance of guides and documentation for NGIs/sites about security monitoring with Nagios
Support hours: eight hours a day (for example 9-17 CE(S)T), Monday to Friday – excluding public holidays of the hosting organization.
- Daily running of the systems
- Provisioning of a high availability configuration
- A test infrastructure to verify interoperability and the impact of software upgrades on depending systems
This activity includes:
- development of new probes (based on risk analysis and experience with previous incidents)
- integration of security probes with standard Nagios
- proactive maintenance, improvement of the system
- requirements gathering
Service level targets
- Minimum availability/reliability: 99%/99%
- Response to incident records in GGUS within support hours: Medium (see https://wiki.egi.eu/wiki/FAQ_GGUS-PT-QoS-Levels#Medium_service)