What do ALL NGIs need to do? Requirements for operational security - - PowerPoint PPT Presentation

Enabling Grids for E-sciencE

What do ALL NGIs need to do?

Requirements for operational security

Sven Gabriel (Nikhef) EGEE Operational Security Coordination Team http://cern.ch/osct/

www.eu-egee.org

Information Society and media EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 1

Introduction/Outline

Enabling Grids for E-sciencE

• OSCT: Current set up
• OSCT: Current activity/daily business
• EGI-CSIRT: Planned Setup
• EGI-CSIRT: Requirements to NGIs (bare minimum!)
• EGI-CSIRT: NGI Security Officer activities (examples)
• Documents
• Dates

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 2

EGEE Security Groups

Enabling Grids for E-sciencE

• EGEE Security Coordination Group (SCG) coordinates

the overall security work.

• Middleware Security Group (MWSG) security architecture

(EGI: SSG).

• Joint Security Policy Group (JSPG) security policies. (EGI:

SPG)

• EGEE Security Middleware Development

(EGEE/JRA1/Security) gLite security development.

• Grid Security Vulnerability Group (GSVG) finding and

eliminating Grid security vulnerabilities. (EGI: SVG funding ?)

• EUGridPMA coordinating Grid authentication in e-Science.

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 3

OSCT Mission

Enabling Grids for E-sciencE

OSCT Mission: The EGEE Operational Security Coordination Team (OSCT) provides an operational response to security threats against the EGEE infrastructure. It mainly focuses on computer security incidents handling, by providing reporting channels, pan-regional coordination and support. It also deals with security monitoring on the Grid and provides best practice and advice to Grid system administrators. The OSCT is lead by the EGEE/LCG Security Officer and includes Security Contacts from each EGEE region. They are providing support for daily security operations as part of an

• n-duty rota.

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 4

OSCT Current Setup

Enabling Grids for E-sciencE EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 5

OSCT Activities, to be cont’d in EGI CSIRT

Enabling Grids for E-sciencE

• Computer security incidents handling (Duty-Contact on

rota basis):

• Security monitoring (SAM-Tests, Pakiti, ..., transition to EGI

unclear)

• Training/Dissemination: Collaboration with other CSIRTS,

Best practice, Security training (see also slide on Documents).

• Security Drills
• Incident Response Procedure

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 6

EGI CSIRT

Enabling Grids for E-sciencE EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 7

Requirements

Enabling Grids for E-sciencE

Administrative (NGI-Manager)

• Identify/appoint ”NGI Security Officer”, preferably in

coordination with the NREN CSIRT.

• Introduce/announce her/him to the Sites in the NGI and to

EGI CSIRT.

• Maintain/update related Information in the GOC-DB.
• NGI Security Officer should attend EGI CSIRT Face2Face

Meetings (approx 2/year)

• Provide regional (security) monitoring.

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 8

Requirements

Enabling Grids for E-sciencE EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 8

Requirements

Enabling Grids for E-sciencE

EGI Security: NGI-CSIRT Function NGI Security Officer (Minimum)

• Coordinate the security activities within the NGI.
• Act as a contact point for security issues in the NGI for the

rest of the infrastructure.

• Contribute to the EGI CSIRT.
• Participate in the EGI security groups as necessary.

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 8

NGI Security Officer add’l contributions

Enabling Grids for E-sciencE

• Make sure the communication channels to the site security

contacts work properly.

• Run/Maintain central services used for operational security

within the NGI.

• Run/support Security-Drills in the region.
• Participate in EGI CSIRT activities like:

– Training/Dissemination – Security Monitoring – Run/support Security-Drills in the region.

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 9

Add’l Documents and Links

Enabling Grids for E-sciencE

The currently approved policies/procedures for EGEE remain valid in EGI.

• http://cern.ch/osct (Policies, Incident-Response-Procedure,

Incident-Reporting, Dissemination, Monitoring, Security Drills)

• https://twiki.cern.ch/twiki/bin/view/LCG/OSCT
• further info will be on http://cern.ch/OSCT/EGI/

Incident reporting:

• OSCT: project-egee-osct@cern.ch
• project-egee-security-csirts@in2p3.fr
• project-egee-security-contacts@in2p3.fr

Vulnerability reporting:

• grid-vulnerability-report@cern.ch

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 10

Dates - Questions?

Enabling Grids for E-sciencE

All NGI-Security-Officers are invited to OSCT Face-Face-Meeting 22. - 23. March, Amsterdam. https://www.nikhef.nl/grid/meetings/osctf2f2010/

Questions?

EGEE-III INFSO-RI-222667 EGEE to EGI Transition Meeting: User Community & Operations , 1. - 3. March 2010 , Amsterdam - The Netherlands 11