EGI-InSPIRE:SA1.2-QR3

From EGIWiki
(Redirected from SA1.2-QR3)
Jump to: navigation, search
EGI Inspire Main page


Inspire reports menu: Home SA1 weekly Reports SA1 Task QR Reports NGI QR Reports NGI QR User support Reports


Contents


1. Task Meetings

Date (dd/mm/yyyy) Url Indico Agenda Title Outcome
18/11/2010 https://www.egi.eu/indico/conferenceDisplay.py?confId=218 EGI CSIRT team monthly meeting Review previous month activities and plan for the coming month
21/12/2010 https://www.egi.eu/indico/conferenceDisplay.py?confId=241 EGI CSIRT team monthly meeting Review previous month activities and plan for the coming month
20/01/2011 https://www.egi.eu/indico/conferenceDisplay.py?confId=298 EGI CSIRT team monthly meeting Review previous month activities and plan for the coming month

EGI CSIRT also has a weekly operational meeting on EVO. The minutes is recorded in EGI CSIRT private wiki (not publicly accessable)

2. Main Achievements

A CSIRT disclosure policy has been drafted and is available at EGI_CSIRT_Information_Disclosure_Policy_(draft)

A Critical Security operational procedure has been produced. This is a brief document describing the procedure for dealing with Critical Security Issues where action needs to be taken by a single site or multiple sites. Failure of sites to act on this or respond may lead to site suspension. Approval from the OMB is sought for this procedure. https://documents.egi.eu/secure/ShowDocument?docid=283

A more detailed Critical Vulnerability Handling procedure has also been drafted, this is a joint SVG/CSIRT document for handling Software vulnerabilities (whether in Grid middleware or other software) which have been assessed as critical.

A list of objectives of TSA1.2 in 2011 was produced, which is part of the overall SA1 2011 roadmap.

EGI SVG has handled 8 vulnerabilities reported through the vulnerability issue handling process, including 2 that require patches in Grid Middleware to resolve.

EGI CSIRT has handled one security incident and issued three security advisories on Linux vulnerabilities, of which one is critical two are high risk.

EGI CSIRT assissted all EGI sites to mitigate the critical vulnerability (CVE-2010-4170) within 7 days deadline, no site was suspended.


3. Issues and Mitigation

Issue Description Mitigation Description
Issue description Issue mitigation

4. Plans for the next period

New version of detailed Critical Vulnerability Handling procedure to match some details of the Critical Security operational procedure.

SVG will improve the handling of software vulnerabilities in the EGI RT to improve automation, including automatic reminders. Also define search criteria to provide input for SVG issue handling matrices, and better reporting of activities.

SVG will also start holding routine monthly SVG meetings, (by phone/evo) as planned in the SVG policy document.

An security assessment plan of Grid middleware is being drafted by EGI SVG and exteral partners, the plan will be finalised in next quarter.

A ticketing system for incident response (RTIR) is being setup and will be in operation in next quarter.

A EGI CSIRT face to face meeting is being planned, the provisional date is 6-7 April 2011.

Both teams will continue handling any security issue reported and ensure the EGI security

Personal tools
Namespaces
Variants
Actions
Navigation
Toolbox
Print/export