Presentation is loading. Please wait.

Presentation is loading. Please wait.

PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May 2011- Montpellier.

Published byAnnabella Campbell Modified over 8 years ago

Similar presentations

Presentation on theme: "PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May 2011- Montpellier."— Presentation transcript:

1 PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May 2011- Montpellier

2 PRACE Security Forum Coordinates security activities 1.Define Policies and Procedures - to build “A trust model that allows smooth interoperation of the distributed PRACE services”; 2.Risk reviews - to define and maintain “An agreed list of software and protocols that are considered robust and secure enough to implement the minimal security requirements”; 3.Operational security 2

3 Policy and Procedures Building “A trust model that allows smooth interoperation of the distributed PRACE services” The development of a “Statement of minimal security requirements” through the definition of policy and procedure documents; AUP, user administration (AuthZ), incident response etc.; To define and implement an Audit procedure; Representation in EUGridPMA, OGF, EEF and collaboration with EGI SPG, SCI, etc. 3

4 Risk reviews Risk review procedure based on guidelines from the German BSI (Federal Office for Information Security), BSI-Standard 100- 2: Https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standar d_100-2_e_pdf.pdf?__blob=publicationFileHttps://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Publications/BSIStandards/standar d_100-2_e_pdf.pdf?__blob=publicationFile. Using the IT-Grundschutz Catalogues for threats and safeguards: https://www.bsi.bund.de/EN/Topics/ITGrundschutz/ITGrundschutzCatalogues/itgrundschutzc atalogues_node.html Specifically the “threats catalogue deliberate acts” Examples: Globus Online, UNICORE FTP, SHA-2 testing 4

5 5

6 Risk reviews (2) Collaboration with EGI, XSEDE, etc., would be beneficial if there is common interest for a (new) service e.g. Globus Online, where we exchanged information with XSEDE Together you can achieve more with the provider Efficient use of human resources Test results can be exchanged Exchange of review documents should be considered, even for services not used, because they may be used in collaborations of user communities. 6

7 Operational Security – PRACE CSIRT All sites must be represented in the CSIRT Site CSIRT information maintained on the wiki (names, phone numbers, e-mail addresses No well defined procedure if some incident happens Site with information about an incident (or thinks something is wrong) is responsible to take action, e.g. ask for a video/phone conference The EGI rules are adopted for the distribution of security related information (Amber, White, etc.). Also subscribers from EGI CSIRT on our list (Leif, Romain) 7

8 Operational Security High level of trust between sites that they behave well, e.g. patch policy, firewall set-up, local CSIRT, etc. Requirements must be better documented with increasing number of sites Implementation of audits? Security Challenges? 8

9 Collaboration Share information about policies and Procedures – SCI activity Risk reviews: work together if there is common interest Incident handling: further develop and test procedure 9

Download ppt "PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May 2011- Montpellier."

Similar presentations

Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:

Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
U.S. Department of the Interior U.S. Geological Survey The NGGDPP's Best Practices in Data Preservation Project Brian Buczkowski U.S. Geological Survey.

U.S. Department of the Interior U.S. Geological Survey The NGGDPP's Best Practices in Data Preservation Project Brian Buczkowski U.S. Geological Survey.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.

Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.
AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
Eliza de Guzman HTM 520 Health Information Exchange.

Eliza de Guzman HTM 520 Health Information Exchange.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
Analysis. Solution Requirements 1. Identify the functions and attributes of the website. 2. Write a problem statement. (What is the problem? What will.

Analysis. Solution Requirements 1. Identify the functions and attributes of the website. 2. Write a problem statement. (What is the problem? What will.
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

Similar presentations

Ads by Google