Presentation is loading. Please wait.

Presentation is loading. Please wait.

Sergiu April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair.

Published bySimon Blair Modified over 8 years ago

Similar presentations

Presentation on theme: "Sergiu April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair."— Presentation transcript:

1 Sergiu Sanielevici(sergiu@psc.edu) April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair for Information Security Pittsburgh Supercomputing Center Jam@psc.edu

2 Sergiu Sanielevici(sergiu@psc.edu) April 2006June 2006 Agenda TG Security WG Background Policy Development Incident Coordination and Response Current Projects

3 Sergiu Sanielevici(sergiu@psc.edu) TeraGrid Security WorkGroup Formed in January 2004 Eight Resource Providers + More Security WG Charter: –Development of Policies and procedures and guidelines –Provide security related advice/direction on TG projects –Coordinate Teragrid Incident Response team –Lead Risk Assessments

4 Sergiu Sanielevici(sergiu@psc.edu) TeraGrid Security WorkGroup Security WG Policies: –Security M.O.U. –CA Acceptance –Baseline Security Guidelines –Public Info Disclosure (Draft) User/Host/Job Names –Two Factor Auth (Draft) –Reporting Procedures (Draft) Procedures –Incident Response Playbook/Flowchart –Compromised Account Questionnaire –Security ‘Newbie’ guide

5 Sergiu Sanielevici(sergiu@psc.edu) April 2006June 2006 Teragrid Security Coordination Rapid, Secure, Coordinated Response and Information Sharing is Critical!

6 Sergiu Sanielevici(sergiu@psc.edu) TG Incident Response Weekly “Response” Calls 24 Hour Security “hotline” Incident Mailing List Encrypted Communications Coordinated Evidence Gathering Future Tasks: IR Tracking –TG NOC Ticket System, RT IR

7 Sergiu Sanielevici(sergiu@psc.edu) TG Incident Response Weekly IR Calls –*One of the Most Valuable Tools* –5 to 45 minutes in length –‘Closed’ Participant List –Share Latest Attack Vectors Vuls, worms, scans, other:p2p –Honeypots, Non-TG News –Update On Investigations

8 Sergiu Sanielevici(sergiu@psc.edu) TG Incident Response TG Security “hotline” –24/7 Reservation less Conference # –Any Site Can Initiate –Only Known To Response Personnel –800 Number & International Access

9 Sergiu Sanielevici(sergiu@psc.edu) TG Incident Response Response Playbook –Who/How To Contact Methodology Initial Responders Secondary Responders Help Desk Staff –How to Respond to Event –Reporting Guidelines: Press, Privacy, Funding sources (in progress)

10 Sergiu Sanielevici(sergiu@psc.edu) TG Incident Response Compromised Account Questionnaire –Do you use the password of the account at other TG sites or other general accounts (Hotmail, Amazon, Paypal, Ebay)? –What was the time of your last known login? Where was it from? –From what locations do you usually login (hostnames/IP)? –Which sites/machines have you used? –Which do you expect to use? –What locations (hosts) can we expect to you to login from?

11 Sergiu Sanielevici(sergiu@psc.edu) TG Incident Response Site Incident Response Report –How much time (in person-hours) did staff at your site spend dealing with the incident? –How were you notified? –What steps did you take to investigate at your site to determine if there was a compromised account or system? –What did you determine? –If there was a compromise: –What damage was done? –What steps did you take to respond/recover?

12 Sergiu Sanielevici(sergiu@psc.edu) Security WG Communications Mailing lists –Main TG Security WG List –IR Alert: Triggers Help Desk/Pagers/Cell Phones –Response: Announce weekly IR Calls/Notes TG Security Contact List –IR, General Security, NOC, Phone, email and pagers

13 Sergiu Sanielevici(sergiu@psc.edu) Encrypted Communications PGP Key Signing Shared Password for Email Communications (Changes Frequently) Encrypted Website To Archive Critical Information Encrypted Communications Are VERY IMPORTANT!

14 Sergiu Sanielevici(sergiu@psc.edu) April 2006June 2006 Current Projects IGTF Efforts TAGPMA Participation –IGTF CAs: INFN (Italy) CA, Dutch Grid and NIKHEF CA, AIST (Japan) CA –CA Auditing Teragrid Risk Assessment Working with Law Enforcement IR Tracking Support for Science Gateways/Community Accounts

15 Sergiu Sanielevici(sergiu@psc.edu) TG Security Site: http://security.teragrid.orghttp://security.teragrid.org TG User Agreement: http://www.teragrid.org/userinfo/user_responsibilit y.html http://www.teragrid.org/userinfo/user_responsibilit y.html Passwords: http://www.us-cert.gov/cas/tips/ST04- 002.htmlhttp://www.us-cert.gov/cas/tips/ST04- 002.html My Email: jam@psc.edu Useful Links

Download ppt "Sergiu April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair."

Similar presentations

INDIANAUNIVERSITYINDIANAUNIVERSITY Global Federated Network Operations Structure (GFNOS) Jim Williams TransPAC2 Principal Investigator

INDIANAUNIVERSITYINDIANAUNIVERSITY Global Federated Network Operations Structure (GFNOS) Jim Williams TransPAC2 Principal Investigator
FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
Incident Response Managing Security at Microsoft Published: April 2004.

Incident Response Managing Security at Microsoft Published: April 2004.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,

Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
Online Submission and Management Information -- Authors

Online Submission and Management Information -- Authors
Building Capabilities for Incident Handling and Response

Building Capabilities for Incident Handling and Response
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Community Services Block Grant (CSBG) Program Federal Monitoring Update James Gray Program Specialist.

Community Services Block Grant (CSBG) Program Federal Monitoring Update James Gray Program Specialist.
SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer

SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer
Password District Data Breach Exercise [District Name] [Date] [Logo]

Password District Data Breach Exercise [District Name] [Date] [Logo]
CVE-2008-0166, lessons learned and actions David Groep, Nov 7 nd, 2008.

CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.

SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Network security policy: best practices

Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.

Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Community Engagement Partnerships: Data Collection 2010 Office of Academic Planning & Accountability 1 April 2010.

Community Engagement Partnerships: Data Collection 2010 Office of Academic Planning & Accountability 1 April 2010.
Presented DATE to GROUP NAME The Great Lakes Border Health Initiative.

Presented DATE to GROUP NAME The Great Lakes Border Health Initiative.
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.

Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
CyberSecurity Summit 2005 Teragrid Incident Response Overview December 13th, 2005 James Marsteller CISSP Information Security Officer Pittsburgh Supercomputing.

CyberSecurity Summit 2005 Teragrid Incident Response Overview December 13th, 2005 James Marsteller CISSP Information Security Officer Pittsburgh Supercomputing.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney

Similar presentations

Ads by Google