Presentation is loading. Please wait.

Presentation is loading. Please wait.

GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Published byMyles Phillips Modified over 8 years ago

Similar presentations

Presentation on theme: "GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN."— Presentation transcript:

1 GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN

2 GGF12 – 20 Sept 2004 - 2 Background LCG – Large Hadron Collider (LHC) Computing Grid Computing environment for the 4 LHC experiments ALICE, ATLAS, CMS, LHCb LHC operation in 2007 Required 12-14 PetaBytes/year, equivalent 70,000 PCs compute * LCG1/2003 * LCG2/2003-4 * EGEE 70+ sites in Europe, USA, Asia, S. America …… 7000+ CPUs 6000GB+ Storage Software certification, testing, deployment group Distributed GOCs UK http://goc.grid-support.ac.uk/gridsite/gocmain/monitoring/ Taiwan http://goc.grid.sinica.edu.tw/goc/ www.cern.ch/lcg

3 GGF12 – 20 Sept 2004 - 3 Grid monitoring

4 GGF12 – 20 Sept 2004 - 4 EGEE - Enabling Grids for E-science in Europe 12 federations with 70 partner institutions 2 year + 2 project Operate a service grid facility for e-science Initial built on LCG2 infrastructure Re-engineer a robust middleware layer glite Attract new users Research and Industry Broader focus than HEP: Biomedical, Earth Science …….. www.cern.ch/egee

5 GGF12 – 20 Sept 2004 - 5 Policy – the Joint Security Group Security & Availability Policy Usage Rules Certification Authorities Audit Requirements GOC Guides Incident Response User Registration Application Development & Network Admin Guide http://cern.ch/proj-lcg-security/documents.html

6 GGF12 – 20 Sept 2004 - 6 Incident Response Policy Agreement on Incident Response June 2003 for LCG1 What is an incident? Security investigation causing service interruption Suspected misuse of resources beyond site “Reasonable possibility” of stolen credentials Not to expire or be revoked within 3 days Classifications Identity theft Suspected / Probable / Confirmed Actions Misuse / Enforcement / Restoration / Escalation

7 GGF12 – 20 Sept 2004 - 7 Incident Response - Communications Site enrolment collects 2 entries per site Registration questionnaire Site Contacts mail list Closed list of named individuals email, telephone CSIRT list mail List-of-lists (Open) 1 entry per site Updated list circulated to contacts list as sites enrol Pointers to policy documents for responsibilities Channels Users - local site contacts (& GOC) Contacts - discussion and information exchange CSIRT - incident notification, update Roll-out- system administrators

8 GGF12 – 20 Sept 2004 - 8 Incident Response – management issues LCG “community” known at CERN, EGEE community is broader User enrolment is well controlled, site enrolment is not Incomplete questionnaires Personal instead of list List instead of personal Undeliverable addresses Delayed delivery Moderated delivery Enrolment information not circulated SPAM, SPAM, SPAM, SPAM Lists need active management! Can we “see” all the sites? CERN/GOC view VO “private” information systems

9 GGF12 – 20 Sept 2004 - 9 Incident response – operational issues Recognising and reporting  What is a local CSIRT? Scale of coverage 24x7 site/campus network operations team Department Security Officer LCG system administrator Who is a security contact? as above Intersection with local CSIRT procedures Local quarantine and analysis Keeping emergency channels clear Discussions, cross-postings

10 GGF12 – 20 Sept 2004 - 10 Incident response – near-term JSG, EGEE MWSG/JRA3, OSG, …… Site and VO registration policy and process Control gathering, distribution and management of data Sites need to understand requirements and responsibilities Coverage, access, audit Needs to be actively managed (? Self managed) Operational Security Co-ordination Team (OSCT) Ownership of security incidents From notification to resolution Liaise with national/institute CERTs Ownership of known problems Liaise with development & deployment groups Co-ordination of monitoring Post-mortem analysis Team of experts

11 GGF12 – 20 Sept 2004 - 11 Security Co-ordination How does OSCT map onto EGEE operations structures? Resource Centres (lots) Regional Operations Centres - ROC (~9) Core Infrastructure Centres - CIC (~5) Operations Management Centre - OMC (1) Co-ordination with Open Science Grid ……… Adopt same co-ordinating model

12 GGF12 – 20 Sept 2004 - 12 2004 Security Service Challenges Objectives Evaluate the effectiveness of current procedures by simulating a small and well defined set of security incidents. Use the experiences of a) in an iterative fashion (during the challenges) to update procedures. Formalise the understanding gained in a) & b) in updated incident response procedures. Provide feedback to middleware development and testing activities to inform the process of building security test components. Exercise response procedures in controlled manner Non-intrusive Compute resource usage trace to owner –Run a job to send an email Storage resource trace to owner –Run a job to store a file Disruptive Disrupt a service and map the effects on the service and grid

13 GGF12 – 20 Sept 2004 - 13 LCG/EGEE Incident Response Thank You Thank you to UK PPARC

Download ppt "GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN."

Similar presentations

LCG/EGEE/OSG Security Incident Response Grid Operations workshop CERN, 2 November 2004 David Kelsey CCLRC/RAL, UK

LCG/EGEE/OSG Security Incident Response Grid Operations workshop CERN, 2 November 2004 David Kelsey CCLRC/RAL, UK
Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Torsten Antoni – LCG Operations Workshop, CERN 02-04/11/04 Global Grid User Support - GGUS -

Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Torsten Antoni – LCG Operations Workshop, CERN 02-04/11/04 Global Grid User Support - GGUS -
Last update 01/06/2014 03:23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures https://edms.cern.ch/document/503198/

Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org The EGEE project Fabrizio Gagliardi Project Director EGEE CERN, Switzerland Research Infrastructures.

INFSO-RI Enabling Grids for E-sciencE The EGEE project Fabrizio Gagliardi Project Director EGEE CERN, Switzerland Research Infrastructures.
 Contributing >30% of throughput to ATLAS and CMS in Worldwide LHC Computing Grid  Reliant on production and advanced networking from ESNET, LHCNET and.

 Contributing >30% of throughput to ATLAS and CMS in Worldwide LHC Computing Grid  Reliant on production and advanced networking from ESNET, LHCNET and.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.

INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.

LCG Milestones for Deployment, Fabric, & Grid Technology Ian Bird LCG Deployment Area Manager PEB 3-Dec-2002.
RomeWorkshop on eInfrastructures 9 December 2003 - 1 LCG Progress on Policies & Coming Challenges Ian Bird IT Division, CERN LCG and EGEE Rome 9 December.

RomeWorkshop on eInfrastructures 9 December LCG Progress on Policies & Coming Challenges Ian Bird IT Division, CERN LCG and EGEE Rome 9 December.
Deployment Session David Kelsey GridPP13, Durham 5 Jul 2005

Deployment Session David Kelsey GridPP13, Durham 5 Jul 2005
INFSO-RI-508833 Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:

Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Enabling Grids for E-sciencE www.eu-egee.org EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.

Enabling Grids for E-sciencE EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK

LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK
3 June 2004GridPP10Slide 1 GridPP Dissemination Sarah Pearce Dissemination Officer

3 June 2004GridPP10Slide 1 GridPP Dissemination Sarah Pearce Dissemination Officer
Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.

Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.
INFSO-RI-508833 Enabling Grids for E-sciencE EGEE/LCG Joint Security Policy Group David Kelsey, CCLRC/RAL, UK EGEE.

INFSO-RI Enabling Grids for E-sciencE EGEE/LCG Joint Security Policy Group David Kelsey, CCLRC/RAL, UK EGEE.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Similar presentations

Ads by Google