|EGI Inspire Main page|
|Inspire reports menu:||Home •||SA1 weekly Reports •||SA1 Task QR Reports •||NGI QR Reports •||NGI QR User support Reports|
1. Task Meetings
|Date (dd/mm/yyyy)||Url Indico Agenda||Title||Outcome|
|16/05/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1669||EGI SVG Monthly meeting||Review activities of the previous month and plan for the coming month|
|16/05/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1668||EGI CSIRT team Monthly meeting||Review activities of the previous month and plan for the coming month|
|20/06/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1725||EGI SVG Monthly meeting||Review activities of the previous month and plan for the coming month|
|27/06/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1733||EGI CSIRT team monthly meeting||Review activities of the previous month and plan for the coming month|
|18/07/2013||https://www.egi.eu/indico/conferenceDisplay.py?confId=1774||EGI CSIRT team monthly meeting||Review activities of the previous month and plan for the coming month|
|Weekly Video conference meetings (every Monday)||Minutes recorded in EGI CSIRT private wiki (not publicly accessible)||IRTF weekly meeting||Operational security issues are reviewed weekly|
2. Main Achievements
The work of the EGI CSIRT (TSA1.2), as ever, is split into several sub-groups, each of which is reported on here. The whole team continues to meet monthly by video conference.
In operational security in EGI, this was a quiet quarter in the sense that no security incidents were reported or handled. The IRTF continued to track new security vulnerabilities in operating systems and other non-Grid software. Two "critical" advisories were issued to all site security contacts during the quarter. One of these, a Linux kernel vulnerability CVE-2013-2094, resulted in a large amount of work for the CSIRT in monitoring and handling the requirement for sites to install patches or to deploy suitable mitigations within the defined time.
For the Security Service Challenge (SSC) activity, the final report from the SSC of 11 sites in the UK NGI was produced. The German NGI will run the next SSC. Extensions have been made to the SSC framework for NGI runs in particular to add the functionality needed to do concurrent runs in different NGIs. This has been done in parallel with preparations for the NGI-DE-SSC run. Plans for training other NGIs to run their own SSC will be given at the EGI Technical Forum in September.
The security monitoring sub-group was very busy developing probes to track all SVG and CSIRT alerts and advisories as required, in particular for CVE-2013-2094. A pilot of site-wide monitoring was deployed at the KIT site, where the Pakiti client was installed on all the worker nodes to report to the EGI Pakiti server. We plan to extend the pilot to other sites over the next months. A workflow to handle security issues in GGUS has been drafted and discussed internally in the team. After minor changes it will be passed on to the GGUS team so a joint discussion could be organized at EGI TF. Training has been planned for the EGI Technical Forum in security logging and auditing.
The Software Vulnerability Group (SVG) continued to handle all reported vulnerabilities. During the quarter, 11 new vulnerabilities were handled, including 4 from the ongoing vulnerability assessment of CREAM. One SVG advisory was issued. The final report on the security assessment of the gLite WMS is still awaited and the assessment of CREAM continues.
Activity on security training and dissemination included a successful one-day security forensics training session given at RAL in the UK. Plans were made for several security training sessions at the September EGI Technical Forum. An EGI Security update session has been planned for presentation at the Technical Forum, covering all aspects of operational security. A member of the team presented the EGI-CSIRT at the Academic Track at the FIRST meeting in Bangkok. Two members of the EGI CSIRT were in the winning team of the Team Cymru Challenge at FIRST.
Progress was made on several security procedures during the quarter. Work continues on the EGI CSIRT procedure for compromised certificates and emergency suspension. A nearly final draft has been completed but still some things to clarify. The CSIRT team identified the need for easy access to VO security contact information, and a vo-security-contacts mail list. A brief document was prepared describing the requirements for this. The team has been carrying out a major re-organization of the communications and information access levels in EGI-CSIRT.
The CSIRT team helped prepare for the EGI-InSPIRE EU review and several members attended. As input to this a brief document "Security threat risk assessment, further information" was prepared. This included information on activities being carried out to reduce the impact of some of the higher risk threats.
Work continued on the Central Emergency Suspension Project. Progress has been made on the Argus server deployment scenario. NGI-level Argus servers will be difficult to be used as a replacement for a site-level Argus service so we will advise each site to run an Argus server or equivalent.
3. Issues and Mitigation
|Issue Description||Mitigation Description|
4. Plans for the next period
During the next quarter, the EGI CSIRT team will continue to work on all if its current activities in the same sub-groups. Apart from the usual ongoing regular operational duties, the following items are mentioned.
For IRTF, planning will continue for incident handling beyond the end of EGI-InSPIRE. A joint meeting between EGI CSIRT and security staff from PRACE and EUDAT is planned for October. Future cooperation on security operations will be one of the topics to be discussed there.
For the Security Drills team, the German NGI SSC will be performed. Training will be given at the EGI Technical Forum to help other NGIs prepare for and operate their own SSC.
For the monitoring team, further testing of site-wide monitoring will be performed, working towards a full-blown proposal to EGI for deployment. Work will continue on Pakiti to support this. Collaboration with the dashboard developers will work towards the provision of better reports on security issues to sites, operations and management.
The SVG will consider how to improve distribution/version handling and tracking. Revision of the vulnerability issue handling document will take place now that the post-EMI/IGE situation is clearer, and will take account of other changes that are happening. The SVG will act on the reports on the WMS and CREAM security assessments when these become available.
The Emergency Suspension document will be finalised and OMB approval will be sought. First implementation of the suspension ARGUS system will either be deployed and tested or planned for the following quarter.
Members of the team will attend the EGI Technical Forum in Madrid to give various security training courses and to present at and run the planned EGI security sessions. Plans will be made for future training and dissemination.
Work will continue on forming a better understanding of the requirements for security in federated clouds, taking forward a suitable use case and deployment of monitoring and logging in the virtualised environment.