EGEE ARM-2 – 5 Oct 2004 - 1 LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.

Slides:



Advertisements
Similar presentations
LCG/EGEE/OSG Security Incident Response Grid Operations workshop CERN, 2 November 2004 David Kelsey CCLRC/RAL, UK
Advertisements

Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
EGEE is a project funded by the European Union under contract IST SA1 and NA3 Alistair Mills Grid Deployment Group +41.
INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:
EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Enabling Grids for E-sciencE EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
LCG/EGEE Security Update HEPiX, Fall 2004 BNL, 18 October 2004 David Kelsey CCLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE EGEE/LCG Joint Security Policy Group David Kelsey, CCLRC/RAL, UK EGEE.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
GridPP Deployment & Operations GridPP has built a Computing Grid of more than 5,000 CPUs, with equipment based at many of the particle physics centres.
Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.
13-Jul-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint LCG/EGEE Security Group) CERN 13 July 2004 David Kelsey CCLRC/RAL,
EGEE is a project funded by the European Union under contract IST User support in EGEE Alistair Mills Torsten Antoni EGEE-3 Conference 20 April.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE EGEE training community.
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks SA1: Grid Operations Maite Barroso (CERN)
INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Dr Linda Cornwall CCLRC (RAL) FP6 Security workshop.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks The EGEE User Support Infrastructure Torsten.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
Opensciencegrid.org User Support in/and OSG Doug Olson, LBNL 2 nd EGEE/LCG Operations Workshop CNR, Bologna 25 May 2005.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Operational Security Coordination Team Ian.
Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005
Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI Enabling Grids for E-sciencE An overview of EGEE operations & support procedures Jules Wolfrat SARA.
Operations Working Group Summary Ian Bird CERN IT-GD 4 November 2004.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Last update 31/01/ :41 LCG 1 Maria Dimou Procedures for introducing new Virtual Organisations to EGEE NA4 Open Meeting Catania.
EGEE is a project funded by the European Union under contract IST Roles & Responsibilities Ian Bird SA1 Manager Cork Meeting, April 2004.
Security EGEE/SA1 ROC Managers ARM-3 meeting Lyon, 17 March 2005 David Kelsey CCLRC/RAL, UK
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.
Recent lessons learned: Operational Security David Kelsey CCLRC/RAL, UK GDB Meeting, BNL, 5 Sep 2006.
26/01/2007Riccardo Brunetti OSCT Meeting1 Security at The IT-ROC Status and Plans.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.
EGEE is a project funded by the European Union under contract IST New VO Integration Fabio Hernandez ROC Managers Workshop,
LCG Workshop User Support Working Group 2-4 November 2004 – n o 1 Some thoughts on planning and organization of User Support in LCG/EGEE Flavia Donno LCG.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
INFSO-RI Enabling Grids for E-sciencE Operational Security Coordination Team OSCT report EGEE-4, Pisa Ian Neilson, CERN.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
2007/07/04 Organisation and tasks of ROC France Pierre Girard Visit of Japanese grid site managers.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Bob Jones EGEE Technical Director
Regional Operations Centres Core infrastructure Centres
EGEE is a project funded by the European Union
David Kelsey CCLRC/RAL, UK
SA1 Execution Plan Status and Issues
LCG Security Status and Issues
David Kelsey CCLRC/RAL, UK
Ian Bird GDB Meeting CERN 9 September 2003
Incident Response Plan for the Open Science Grid
LCG/EGEE Incident Response Planning
The CCIN2P3 and its role in EGEE/LCG
Romain Wartel EGEE08 Conference, Istanbul, 23rd September 2008
David Kelsey CCLRC/RAL, UK
LCG Operations Workshop, e-IRG Workshop
EGEE: Grid Operations & Management
Leigh Grundhoefer Indiana University
Pierre Girard ATLAS Visit
Presentation transcript:

EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN

EGEE ARM-2 – 5 Oct Security Coordination Objectives Ownership of … Security incidents From notification to resolution Liaise with national/institute CERTs Middleware security problems Liaise with development & deployment groups Co-ordination of security monitoring Post-mortem analysis Access to team of experts Security Service Challenges - LCG

EGEE ARM-2 – 5 Oct Security Activities in EGEE JRA3JRA1 NA4 Middleware Security Group LCG/EGEE Joint Security Group NA4 Solutions/Recommendations Req. SA1 “Joint Security Group” defines policy and procedures For LCG/GDB and EGEE/SA1 (Cross Membership of OSG) CA Coordination From Dave Kelsey’s CHEP’04 Plenary Talk Security Activities in EGEE

EGEE ARM-2 – 5 Oct OSG - Security Incident Handling and Response Guide (draft) To guide the development and maintenance of a common capability for handling and response to cyber security incidents on Grids. The capability will be established through (1) common policies and processes, (2) common organizational structures, (3) cross-organizational relationships, (4) common communications methods, and (5) a modicum of centrally-provided services and processes.

EGEE ARM-2 – 5 Oct Policy – the Joint Security Group Security & Availability Policy Usage Rules Certification Authorities Audit Requirements GOC Guides Incident Response User Registration Application Development & Network Admin Guide (1) Common policies and processes

EGEE ARM-2 – 5 Oct Security Coordination - Groups Parties from OSG IR Security Operations Centre(s) (=?GOCs/CICs) Organize, coordinate, track, report Security contacts Defined for every grid participant: users and resources Incident Response & Technical Experts Managed list of available expertise Ad hoc Incident Response teams Formed on demand Security Operations Advisory group Advise development and practice of SOC (=JSG+?) X-SOC coordination SOCs participation/communication across grid boundaries (2) common organizational structures

EGEE ARM-2 – 5 Oct Security Coordination - Channels OSCT ROC RC CIC/GOC CSIRT “External” GRID Media/Press “PR” (3) cross-organizational relationships, EGEE operational channels still being established. Responsibilities and processes being defined.

EGEE ARM-2 – 5 Oct Security Coordination – Comms. Incident Reporting List Security Contacts Discussion List External contact Reporting Other grids MUST be Encrypted How is this achieved and managed? Tracking system MUST be secure Press and Public Relations (4) common communications methods

EGEE ARM-2 – 5 Oct Operational Security - Services List Management Alert/Discuss – ref: previous slide Multiple ad-hoc IR Teams Experts Ticket Tracking System Where do problems enter? – local contact Can this be part of support lists? Must be secure Public Relations Guidelines, practice statements Policy interface to JSG Evidence gathering/preservation – use local law enforcement OSCT must (help) define process behind all these services (5) a modicum of centrally-provided services and processes

EGEE ARM-2 – 5 Oct Security Coordination - Issues “Security Operations Centre”: what is it for EGEE/LCG? Don’t think we can have “Central” control So formulate activity as “coordination team” Security contacts lists need management Dead boxes, moderated boxes, etc etc Do we have appropriate contact: site security or local admin? Need to coordinate through Regional Operations Centres (ROC) Need to utilise services from Core Infrastructure Centres (CIC) Wherever possible - don’t duplicate channels What is the relationships with LCG GOCs and EGEE CICs? –Are they the same? Are we communicating with local site security team or grid ‘admin’ responsibles

EGEE ARM-2 – 5 Oct Operational Security – where to start? “Start small and keep it simple.” Define basic structures Where/how lists hosted Where/how problems tracked Who/where/how ‘experts’ organised JSG review and update policy documents ROCs to take over management of contacts lists Must integrate with site registration process Establish what level of support is behind site security entries Relationships with local/national CERT Validate/test entries Exercise channels and raise awareness by Security Challenges – next slide.

EGEE ARM-2 – 5 Oct Security Service Challenges Objectives Evaluate the effectiveness of current procedures by simulating a small and well defined set of security incidents. Use the experiences of a) in an iterative fashion (during the challenges) to update procedures. Formalise the understanding gained in a) & b) in updated incident response procedures. Provide feedback to middleware development and testing activities to inform the process of building security test components. Exercise response procedures in controlled manner Non-intrusive Compute resource usage trace to owner –Run a job to send an Storage resource trace to owner –Run a job to store a file Disruptive Disrupt a service and map the effects on the service and grid

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.