|EGI Inspire Main page|
|Inspire reports menu:||Home •||SA1 weekly Reports •||SA1 Task QR Reports •||NGI QR Reports •||NGI QR User support Reports|
1. Task Meetings
|Date (dd/mm/yyyy)||Url Indico Agenda||Title||Outcome|
|21/02/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1337||EGI SVG Monthly meeting||Review activities of the previous month and plan for the coming month|
|21/02/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1336||EGI CSIRT team Monthly meeting||Review activities of the previous month and plan for the coming month|
|22/03/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1370||EGI SVG Monthly meeting||Review activities of the previous month and plan for the coming month|
|26/03/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1371||EGI CSIRT team monthly meeting||Review activities of the previous month and plan for the coming month|
|18/04/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1415||EGI SVG Monthly meeting||Review activities of the previous month and plan for the coming month|
|24-25/04/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1432||EGI CSIRT team face to face meeting (Linkoping, Sweden)||Review all activities, discuss current issues, collaborate with PRACE and EUDAT and plan for the coming months|
|Weekly Video conference meetings (every Monday)||Minutes recorded in EGI CSIRT private wiki (not publicly accessible)||IRTF weekly meeting||Operational security issues are reviewed weekly|
2. Main Achievements
The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continued to meet monthly by video conference and we held our six-monthly face to face meeting in Linkoping, Sweden on 24/25 April. At that meeting we discussed the changes in procedures and approach required for dealing with security in a federated Cloud environment. Traceability continues to be of utmost importance and logging and monitoring will also be essential. We agreed that we need to start by considering some simple use cases and we identified the need to work with the EGI federated Cloud team. We invited representatives from both PRACE and EUDAT to our face to face meeting. This was very useful not only for sharing information but we also all see great benefits in working closer together in the future as we move towards a sustainable security team beyond the current projects. It was agreed that a joint EGI/PRACE/EUDAT security workshop in the autumn of 2013 would be very useful. Planning for this has started.
In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. This did however enable the Incident Response Task Force (IRTF) to work on other longer term issues. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Three "high-risk" advisories were issued to all site security contacts during the quarter.
For the Security Service Challenge (SSC) activity, improvements were made to the RT/RTIR ticketing system and the reporting modules. This work did not happen in time to produce the final report for the recent SSC6 run which will now be done next quarter. Plans were also made for two NGI SSC runs. An SSC of 11 sites in the UK NGI was successfully carried out in March. All sites performed well and detailed feedback is under preparation. The German NGI will run the next SSC.
The security monitoring sub-group was active during the quarter but with reduced effort. A new release of Pakiti was made during the quarter. Developments were also made to security monitoring to track all SVG and CSIRT alerts and advisories as required and for the retirement of EMI 1 middleware and services by the end of April 2013. The members of the activity based in the Czech NGI have been working on a new method for analysing centrally stored security audit logs using cloud services. This was presented at the ISGC 2013 conference in Taipei. It is a very useful approach for the future monitoring. More work has also been done on the possible methods for achieving the security monitoring of all worker nodes in a site.
Progress was made on several security procedures during the quarter. A new release of the EGI CSIRT operational procedure for compromised certificates was produced and discussed at the OMB. The OMB has recently approved a new policy statement (from the Security Policy Group) on the need for sites and service operators to deploy a central security emergency suspension mechanism. This will allow the CSIRT to quickly suspend a credential involved in an ongoing security incident. An initial draft of the related procedure was produced and discussed at the EGI CSIRT face to face meeting (24/25 April). The technical implementation of this will be done later this year.
The Software Vulnerability Group (SVG) continues to handle all reported vulnerabilities. This quarter a revised handling procedure for use after both EMI and IGE have ended was prepared. This was presented at the EGI Community Forum. During the quarter, 12 new vulnerabilities were handled. Five SVG advisories were issued. The security assessment of the gLite WMS was completed and the final report on this is expected soon. The assessment of CREAM is underway and will hopefully be completed soon.
There was a lot of activity on security training and dissemination. A successful one-day security forensics training session was given in Taipei just before the ISGC2013 conference in Taipei (17 March 2013). A talk on the EGI CSIRT was also presented at ISGC 2013. Several SA1.2 staff attended the EGI Community Forum to facilitate discussions on security issues. Two posters were presented at the Community Forum (Security best practice and incident/vulnerability reporting) and a talk on SVG after EMI/IGE was also given.
3. Issues and Mitigation
|Issue Description||Mitigation Description|
4. Plans for the next period
During the next quarter, the EGI CSIRT team will continue to work on all the current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items for QR13 are extracted from the SA1.2 plans for 2013.
For the Security Drills team, the final report of SSC6 will be produced and feedback given to participants. The German NGI SSC will be performed and one or more other NGI runs will be prepared.
For the monitoring team, a pilot implementation of site-wide monitoring will be deployed. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.
The SVG will act on the report on the WMS security assessment expected during the quarter and also on CREAM when this is available. The handling of vulnerabilities after the end of EMI and IGE will be tested and improvements will be made to the procedure if needed.
Security training courses will be given in several places including a meeting of the UK NGI site administrators. Plans will be made for training and dissemination at the EGI Technical Forum in September.
Work will also start on forming a better understanding of the requirements for security in federated clouds, starting with the selection of a suitable use case and deployment of monitoring and logging in the virtualised environment.