David Kelsey CCLRC/RAL, UK d.p.kelsey@rl.ac.uk EGEE/LCG Joint Security Group EGEE Middleware Security Group meeting CERN 17 June 2004 David Kelsey CCLRC/RAL, UK d.p.kelsey@rl.ac.uk 17-Jun-04 D.P.Kelsey, Joint Security Group

D.P.Kelsey, Joint Security Group Overview What is the Joint Security Group? Grid security warning (Draft) Guide to Application & Network Security EGEE Site Security requirements 17-Jun-04 D.P.Kelsey, Joint Security Group

The EGEE/LCG Joint Security Group Merger of old LCG Security Group (presented at MWSG1) and the new EGEE SA1 Site Security Group Agreed by EGEE SA1 leader and LCG GDB in May 2004 One group with two roles Advises the LCG GDB on security policy, operational and procedural issues. LCG GDB makes decisions for LCG Advises EGEE (SA1) on security policy etc for EGEE and input to EGEE MWSG No equivalent (yet?) of LCG GDB.. JSG is not responsible for security middleware and tools development, selection etc. (EGEE JRA3 and MWSG) EU pushing for common policy for the whole of EU eScience aim to make all of JSG policy documents “general” Establish strong links between JSG and OSG Security to encourage/facilitate global interoperability.  17-Jun-04 D.P.Kelsey, Joint Security Group

D.P.Kelsey, Joint Security Group Meetings, web etc. Recent Joint Security Group meetings 19 May & 4 June 2004 Next meeting: 1 July 2004 Agenda, presentations, minutes etc http://agenda.cern.ch/displayLevel.php?fid=68 Joint Security Group Web site http://proj-lcg-security.web.cern.ch 17-Jun-04 D.P.Kelsey, Joint Security Group

D.P.Kelsey, Joint Security Group LCG SEC Membership Experiment representatives/VO managers Alberto Masoni, ALICE Anders Waananen, ATLAS David Stickland, Greg Graham, CMS Joel Closier, LHCb Site Security Officers Denise Heagerty (CERN), Dane Skow (FNAL) Site/Resource Managers David Groep (NIKHEF) (&middleware expert) Dave Kelsey (RAL) - Chair Security middleware/tools experts Roberto Cecchini (INFN), Tanya Levshina (FNAL) CERN LCG team Ian Neilson (LCG Security Officer) Maria Dimou Non-LHC HEP experiments/Grids Bob Cowles (SLAC) 17-Jun-04 D.P.Kelsey, Joint Security Group

D.P.Kelsey, Joint Security Group JSG membership Need to expand to cover non-LCG sites and non-HEP applications E.g. Biomedical Volunteers? Suggestions? Mail list Change name? Open or closed? 17-Jun-04 D.P.Kelsey, Joint Security Group

D.P.Kelsey, Joint Security Group LCG Security warning Growing interest in Grid TeraGrid attack Article in New Scientist magazine (22 May) “Hacking the Grid” Talk at 2600 hacker conference (9-11 July) An attack is inevitable! All sites need to be aware Keep each other informed via the Security Contacts list Follow LCG Incident Response procedures Important role for GOC Warning sent to all security contacts on 10th June Planning to test security procedures (LCG service challenges) 17-Jun-04 D.P.Kelsey, Joint Security Group

Guide to LCG Application & Network Security The final document in the set of LCG policy and procedures V1.4 (7th June) now being discussed by LCG GDB Main author: Ian Neilson (LCG Security Officer) Aim It is a Guide and not Policy but GDB may insist that it is Policy Guide choices in design, planning and deployment of LCG Grid services Identify key areas of best practice BUT, it contains important recommendations for deploying a secure production Grid Important for GDB to approve the Guide 17-Jun-04 D.P.Kelsey, Joint Security Group

Guide: Application and Service Development LCG expects development processes that Support adequate and documented treatment of security E.g. Current misalignment IP connectivity from anywhere to anywhere Incoming: weakens site Outgoing: distributed DOS Current firewall requirements in Appendix B LCG Security Group considers these inappropriate for a production Grid Application developers MUST NOT rely on the current settings – not a minimal set 17-Jun-04 D.P.Kelsey, Joint Security Group

Some recommendations (development) Design and development process Coding practice Communications security Authentication Encryption Use existing protocols Functional security Authorization Degrade and fail gracefully Logging Avoid leakage of information 17-Jun-04 D.P.Kelsey, Joint Security Group

Application and Service Deployment LCG expects security instructions in documentation Evaluate risks Establish clear network access control policy Apply configuration management and automate Keep systems patched for security updates Configure and retain audit logs 17-Jun-04 D.P.Kelsey, Joint Security Group

EGEE Site Security Requirements Other important input (both on agenda page) Network & Applications Security Guide the GGF Site AAA requirements guide 17-Jun-04 D.P.Kelsey, Joint Security Group

“Top 10” security requirements (not in priority order) Sites in control of local security policy Audit/track at individual user level Sites control local AuthZ policy Authorize, limit or forbid IP connectivity Hooks/logging for intrusion detection Consistent and appropriate audit logs Development and deployment of secure middleware Able to cope with distributed AuthZ (user, VO, site) Shutdown and restart services gracefully Robust VO and user registration tools (procedures) See document on agenda page for more details 17-Jun-04 D.P.Kelsey, Joint Security Group

Some feedback from LCG sites Is there are plan to investigate/use SELinux? Or look at security features of Linux kernel 2.6? List of current LCG-2 security problems 17-Jun-04 D.P.Kelsey, Joint Security Group