150 likes | 158 Views
LCG/EGEE Operational Security Coordination. Ian Neilson Grid Deployment Group CERN. Operational Security Coordination Team. OSCT - What is expected? Grid Security incident handling Cannot handle centrally – why? No central operational authority The scale of the grid Regional barriers
E N D
LCG/EGEE Operational Security Coordination Ian Neilson Grid Deployment Group CERN EGEE Den Haag 25 Nov 2004 - 1
Operational Security Coordination Team • OSCT - What is expected? • Grid Security incident handling • Cannot handle centrally – why? • No central operational authority • The scale of the grid • Regional barriers • Hence: COORDINATION Team • Facilitate effective response • Arrange necessary services • ‘Manage’ incident follow-up • Support for improving security • Information and awareness • Publish security advice • Point of contact • Liaise with development & deployment groups • Assist deployment of security monitoring tools • Service Challenges • Make sure processes work • ? EGEE Den Haag 25 Nov 2004 - 2
OSCT Security Activities in EGEE Security Activities in EGEE From Dave Kelsey’s CHEP’04 Plenary Talk CA Coordination NA4 NA4 NA4 NA4 Solutions/Recommendations Req. JRA3 JRA1 Req. Req. Req. Joint Security Policy Group Middleware Security Group EGEE/LCG Joint Security Group Req. “Joint Security Group” defines policy and procedures For LCG/GDB and EGEE/SA1 (Cross Membership of OSG) Req. SA1 EGEE Den Haag 25 Nov 2004 - 3
CSIRT Media/Press “PR” CIC/GOC “External” GRID OSCT RC ROC Security Coordination - Channels EGEE operational channels still being established. Responsibilities and processes being defined. EGEE Den Haag 25 Nov 2004 - 4
Operational Security Coordination • Who is the OSCT? • So far - • Ian Neilson • 11 * ROC contact(s) • Not much discussion so far • ROC managers meeting • LCG Workshop • This meeting….. • Who else? • Other collaborating grids • CERTS • Anybody who will contribute! EGEE Den Haag 25 Nov 2004 - 5
Operational Security Coordination Team • Incident Handling • Proposal: Adopt Guidelines from OSG [Bob Cowles] • Early milestones • Proposal: Contact data management by ROCs via GOCdb • What has to happen? • Controlled site registration process [see SA1/JSPG session this morning] • Some GOC technical: • DB Authorization model / Mailing list generation … • Process to validate and maintain? • Timeline • Data managed in DB – Feb? • Full process – April? EGEE Den Haag 25 Nov 2004 - 6
Operational Security Coordination • Early milestones • Proposal: Working group to manage “Security Pages” • Issues • Where to host (LCG, GOC, CIC … pages)? • Create content • Commitment + process to maintain • Timeline • Start now, 6 months ‘reasonably comprehensive site’ • Proposal: Working Group on Security Monitoring & Tools • Issues • What is necessary, what is available? • How is it used • Publish on “Security Pages” • Timeline • Start now, 12 months ??90% sites covered ‘in some way’ EGEE Den Haag 25 Nov 2004 - 7
And now….OSG Incident Handling Guide EGEE Den Haag 25 Nov 2004 - 8
Operational Security Coordination Team • OSG - Security Incident Handling and Response Guide • To guide the development and maintenance of a common capability for handling and response to cyber security incidents on Grids. • The capability will be established through • (1) common policies and processes, • (2) common organizational structures, • (3) cross-organizational relationships, • (4) common communications methods, and • (5) a modicum of centrally-provided services and processes. EGEE Den Haag 25 Nov 2004 - 9
Operational Security Coordination • Further Incident Handling Issues • Ticket Tracking • Do we need this? • Appropriate contact levels • Site security officer or responsible grid admin? • Post-mortem analysis • Site information handling policies • Public/Press Relations • Ad-hoc team building • Building process, communications • Relationship to NRENS/CSIRTS • They have experience • Existing communications channels • They may have authority • Relationship with other Grid projects • Information sharing policies EGEE Den Haag 25 Nov 2004 - 10
Operational Security Coordination • Security Service Challenges • Objectives (https://edms.cern.ch/document/478367) • a) Evaluate the effectiveness of current procedures by simulating a small and well defined set of security incidents. • b) Use the experiences of a) in an iterative fashion (during the challenges) to update procedures. • c) Formalise the understanding gained in a) & b) in updated incident response procedures. • d) Provide feedback to middleware development and testing activities to inform the process of building security test components. EGEE Den Haag 25 Nov 2004 - 11
Operational Security Coordination Team • Service Challenges • Announced Fire Drills • Check processes are understood • Check the information is available • Check processes work • Controlled improvement cycle • Initial plans: 2 VERY simple exercises • Can we trace a job through the system? • Submit a job that sends an email (or something like) • Report as ‘incident’ • Trace who, where, what route? • Can we do the same for a file? EGEE Den Haag 25 Nov 2004 - 12
Operational Security Coordination Team • Service Challenges • Proposal: • Dry run feasibility • Create guidelines, ?tools and plan • ROCs/OSCT coordinate exec across sites • Feedback to security pages • Timeline • Dry run start now • Work through ROCS – Feb • ROCS work through sites – May • Future • Unannounced fire drills • Disruptive testing • The real thing EGEE Den Haag 25 Nov 2004 - 13
Operational Security Coordination • Summary - 1 • “Start small and keep it simple.” • Define basic structures • JSPG review and update policy documents • ROCs to take over management of contacts lists • Must integrate with site registration process • Establish what level of support is behind site security entries • Relationships with local/national CERT • Validate/test entries • Exercise channels and raise awareness by Security Challenges EGEE Den Haag 25 Nov 2004 - 14
Operational Security Coordination • Summary – 2 • Proposal: Adopt Guidelines from OSG • Proposal: Contact data management by ROCs via GOCdb • Proposal: Working group to manage “Security Pages” • Proposal: Working Group on Security Monitoring & Tools • Ongoing Service Challenges • OSCT workshop • Early Spring ’05? EGEE Den Haag 25 Nov 2004 - 15