26/01/2007Riccardo Brunetti OSCT Meeting1 Security at The IT-ROC Status and Plans.

Slides:

Advertisements

Similar presentations

Presented by Nikita Shah 5th IT ( )

Advertisements

Die Kooperation von Forschungszentrum Karlsruhe GmbH und Universität Karlsruhe (TH) Tools used for operations at GridKa Angela Poschlad, SCC.

ServiceDesk Plus Product Overview Presented by ManageEngine 1.

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

Network Security Testing Techniques Presented By:- Sachin Vador.

Building a Campus Dshield Randy Marchany IT Security Lab VA Tech Blacksburg, VA 24060

Network security policy: best practices

Presented by INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used?

University of Missouri System 1 Security – Defending your Customers from Themselves StateNets Annual Meeting February, 2004.

Sharepoint Portal Server Basics. Introduction Sharepoint server belongs to Microsoft family of servers Integrated suite of server capabilities Hosted.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:

CSU - DCE Internet Security... Privacy Overview - Fort Collins, CO Copyright © XTR Systems, LLC Setting Up & Using a Site Security Policy Instructor:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Overview of day-to-day operations Suzanne Poulat.

Monitoring in EGEE EGEE/SEEGRID Summer School 2006, Budapest Judit Novak, CERN Piotr Nyczyk, CERN Valentin Vidic, CERN/RBI.

KAPLAN SCHOOL OF INFORMATION SYSTEMS AND TECHNOLOGY Unit 4 IT 484 Networking Security Course Name – IT Networking Security 1203C Term Instructor.

7400 Samsung Confidential & Proprietary Information Copyright 2006, All Rights Reserved. -0/17- OfficeServ 7400 Enterprise IP Solutions Quick Install Guide.

Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.

Note1 (Admi1) Overview of administering security.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

Ph No: Mob: , plot No-27, NGGO's Colony, Pattabhi reddy gardens, Visakhapatnam-07 Oracle.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.

EGI – Security Training and Dissemination Mingchao Ma STFC – RAL, UK.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

GGUS at PEB – –- page 1 LCG Klaus-Peter Mickel, GridKa Karlsruhe LCG-PEB-Meeting ( ) The Global Grid User Support Model (Report of GDB.

LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK

15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,

Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.

INTRUSION DETECTION SYSYTEM. CONTENT Basically this presentation contains, What is TripWire? How does TripWire work? Where is TripWire used? Tripwire.

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

1 Updating the ESnet Site Coordinator Model (Presented to SLCCC, June, 2004) Joe Burrescia Mike Collins William E. Johnston DRAFT FOR COMMENT 7/19/04.

IT Priorities Minimize CAPEX Maximize employee productivity Grow the business Add new compute resources real- time to support growth Meet compliance requirements.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks The EGEE User Support Infrastructure Torsten.

© ITT Educational Services, Inc. All rights reserved. IS3230 Access Security Unit 6 Implementing Infrastructure Controls.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Operational Security Coordination Team Ian.

Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks ROC Security Contacts R. Rumler Lyon/Villeurbanne.

Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

AEGIS Academic and Educational Grid Initiative of Serbia Antun Balaz (NGI_AEGIS Technical Manager) Dusan Vudragovic (NGI_AEGIS Deputy.

Last update 22/02/ :54 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VO Registration procedure Presented by.

EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.

 Full scale audit of all their current network environment  Examination of the current security policy and physical security  Full scale audits will.

A Service-Based SLA Model HEPIX -- CERN May 6, 2008 Tony Chan -- BNL.

Planning for LCG Emergencies HEPiX, Fall 2005 SLAC, 13 October 2005 David Kelsey CCLRC/RAL, UK

Recent lessons learned: Operational Security David Kelsey CCLRC/RAL, UK GDB Meeting, BNL, 5 Sep 2006.

Operations model Maite Barroso, CERN On behalf of EGEE operations WLCG Service Workshop 11/02/2006.

Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks What all NGIs need to do: Helpdesk / User.

ASHRAY PATEL Securing Public Web Servers. Roadmap Web server security problems Steps to secure public web servers Securing web servers and contents Implementing.

Information Technology Acceptable Use An Overview CSTMC All Staff Meeting February 10, 2014.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks The Dashboard for Operations Cyril L’Orphelin.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks CYFRONET site report Marcin Radecki CYFRONET.

EGEE is a project funded by the European Union under contract IST ROC-IT User Support in the EGEE infrastructure Riccardo Brunetti INFN-Torino.

Scuola Grid - Martina Franca, Thursday 08 November Il Sistema di Supporto INFNGrid & GGUS ( Global Grid User.

15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK

Some Great Open Source Intrusion Detection Systems (IDSs)

Il Sistema di Supporto INFNGrid & GGUS (Global Grid User Support )

Regional Operations Centres Core infrastructure Centres

Incident Response Plan for the Open Science Grid

Brief overview on GridICE and Ticketing System

LCG/EGEE Incident Response Planning

Data Compromises: A Tax Practitioners “Nightmare”

TRIP WIRE INTRUSION DETECTION SYSYTEM Presented by.

Presentation transcript:

26/01/2007Riccardo Brunetti OSCT Meeting1 Security at The IT-ROC Status and Plans

26/01/2007Riccardo Brunetti OSCT Meeting2 IT-ROC IT-ROC includes many computing sites (40) belonging to different organizations (INFN,ENEA,CNR...). 1 T1 9 T2 30 Sites A (too) small working group exists for security-related activities and coordination Up to now, each site carried on its own activity independently.

26/01/2007Riccardo Brunetti OSCT Meeting3 Results of a small survey on IT-ROC sites: Almost 100% of the sites use some kind of firewall to limit network access to the grid resources. Generally at the level of the site router (access to the LAN) Almost 100% of the sites monitor their grid resources Nagios, Ganglia Very few sites use some kind of IDS or file integrity checkers to detect possible incidents. Very few sites have a backup policy for grid-related data. √ Configurations, User data (UI)… × Log files Few sites use an automatic upgrade system.

26/01/2007Riccardo Brunetti OSCT Meeting4 Interfacing with Existing policies. IT-ROC Grid sites are generally hosted by some research institutions that have already some guidelines in matter of security. The networking infrastructure itself is managed by the GARR consortium which has its own AUP, CSIRT and incident response rules. What the IT-ROC security group tries to do is also to provide a “liaison” between the different entities.

26/01/2007Riccardo Brunetti OSCT Meeting5 GARR-CERT The GARR-CERT is the group responsible to manage the security incidents in the Italian research network infrastructure It classifies the incidents and alerts the local contacts (APM) Max. response time from 1 hour to 3 days (DoS attacks – mail relay) In case of no response the site/machine is filtered out on the GARR network routers It maintains a db of all the incidents and security alerts It provides support for the problems resolution.

26/01/2007Riccardo Brunetti OSCT Meeting6 Support and Incident Reporting An internal mailing list has been set up for discussion and incident reporting. Members of this mailing list are the ROC Security Officers. Site Security Contacts can post on it Wiki pages with information concerning LCG/EGEE policy documents and contacts have been prepared. A list of Site Security Contacts is maintained and is available to all the site administrators and users registered to the IT-ROC web portal.

26/01/2007Riccardo Brunetti OSCT Meeting7 WIKI pages it.cnaf.infn.it/checklist/modules/dokuwiki/doku.php?id=cmt:security_coordination

26/01/2007Riccardo Brunetti OSCT Meeting8 WIKI pages it.cnaf.infn.it/checklist/modules/dokuwiki/doku.php?id=cmt:security_coordination

26/01/2007Riccardo Brunetti OSCT Meeting9 Incident Reporting Escalation (from site to LCG/EGEE) The Site Security Contact sends an to the grid- security mailing list. (The incident could also have been notified by the GARR-CERT to the site) The risk is evaluated and ROC Security Officer escalates the incident to The Site Security Contact eventually notifies the incident also to GARR-CERT (if not known). The ROC Security Officers follow the incident and ensure that all the needed actions are taken (ban a user, remove sites from bdii ecc..). They also keep informed about actions taken by the GARR-CERT

26/01/2007Riccardo Brunetti OSCT Meeting10 Incident Reporting Escalation (from LCG/EGEE to Site) The ROC Security Officers receive notification through GGUS. The ROC Security Officers escalate the incident to the appropriate Site Security Contact (using mail contact and/or ticketing system) and this last eventually informs the GARR-CERT The ROC Security Officers follow the incident and report back to ggus and/or LCG security mailing lists.

26/01/2007Riccardo Brunetti OSCT Meeting11 What we plan to do Set up a working group with the mandate to collect experiences and propose some basic operational practices and/or requirements. We want to start from what has already been done at the sites. Use of IDS and File Integrity Checkers (interesting work on hidden IDS using virtualization) Backup and auditing Firewalling

26/01/2007Riccardo Brunetti OSCT Meeting12 Prepare a template document to be periodically prepared by site administrators containing the security plans for their site. Contacts and responsibilities Risk analysis Physical/Network access to grid farms Management of user’s data and personal information Backup and recovery policies What we plan to do