security update n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
Security Update PowerPoint Presentation
Download Presentation
Security Update

Loading in 2 Seconds...

play fullscreen
1 / 21

Security Update - PowerPoint PPT Presentation


  • 194 Views
  • Uploaded on

Security Update. Mingchao Ma HEPSYSMAN - Security 1 st July 2009. Overview. Security service challenge 3 (SSC 3) Security incident handling procedure Security monitoring Security training and dissemination. SSC3. EGEE Tier1 sites have been tested twice by OSCT;

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'Security Update' - morley


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
security update

Security Update

Mingchao Ma

HEPSYSMAN - Security1st July 2009

overview
Overview
  • Security service challenge 3 (SSC 3)
  • Security incident handling procedure
  • Security monitoring
  • Security training and dissemination

Mingchao Ma, RAL

slide3
SSC3
  • EGEE Tier1 sites have been tested twice by OSCT;
  • Regional runs at Tier2 sites done by ROC security officers
    • UKI, SEE, Benelux and Italy completed
  • Regional run at OSG done
  • Regional run at NDGF planned

Mingchao Ma, RAL

ssc3 analysis
SSC3: Analysis
  • All sites (besides one) improved
  • Sites that scored good in the first run improved in the second run
  • Sites that did not score very well in the first run improved a lot
  • Most sites (besides one) enjoyed the opportunity to test their response capabilities and even reveal operational problems

Mingchao Ma, RAL

ssc plans
SSC - Plans
  • To run a modified SSC3
    • Ex: treat IP W.X.Y.Z as malicious
  • Storage SSC
    • Under discussion
    • Some concerns on the logging capabilities of Storage middleware
  • Re-run SSC3 on Tier2 sites

Mingchao Ma, RAL

incident handling
Incident Handling
  • Security Incident Response Policy
    • http://www.jspg.org/wiki/Security_Incident_Response_Policy (draft)
  • The revised EGEE incident handling procedure
    • In final stage
    • http://indico.cern.ch/materialDisplay.py?contribId=12&sessionId=1&materialId=0&confId=56981
    • Change of reporting channels
      • for reporting incident
      • for support
    • Specify timeframe of each steps
      • E.g. to report incident within 4 hours after detection
    • Templates for reporting a incident
  • Both GridPP and NGS incident procedures will be modified in line with EGEE incident procedure

Mingchao Ma, RAL

gridpp incident handling procedure
GridPP Incident Handling Procedure
  • Communication channel
    • Was
    • A list of security contact emails
    • Change to:

for incident alert/report/notification

for discussion/support

  • Feedback/Comments are welcome!

Mingchao Ma, RAL

ngs incident handle procedure
NGS Incident Handle Procedure
  • Communication channel
    • Was and
    • Change to:

for incident alert/report/notification

for discussion/support

  • Feedback/Comments are welcome!

Mingchao Ma, RAL

cross grid incident handling
Cross-Grid Incident Handling
  • GRID-SEC
    • A coordinated response to cross-grid security incidents, follows the NSP-SEC model,
    • http://cern.ch/grid-sec
    • A closed mailing list hosted by NCSA, USA
    • To strengthen communication between a small group of experts at connected academic grids
    • Maximum two representatives from the same Grid infrastructure
    • Currently include: OSG, TeraGrid, NDGF and EGEE

Mingchao Ma, RAL

cooperation between grid osct and nren csirts
Cooperation between Grid (OSCT) and NREN CSIRTs
  • Collected a list of NREN CSIRT contacts information
  • To participate NREN CSIRTs activities
  • To encourage the cooperation between ROC security contact and local NREN CSIRT team(s)
  • Also encourage the cooperation between site security contacts and their organization security/CSIRT teams
  • Consider to become a trusted introducer? (eg. EGEE OSCT)

Mingchao Ma, RAL

security monitoring
Security Monitoring
  • Some SAM security tests available
    • CRL and file permission checks
    • Results only available to security contacts
  • Port the test to the Nagios-based framework
    • ROC (or even project/VO) level Nagios will perform the test
    • Results must be encrypted, access policy defined
    • Focus on project/ROC level monitoring
    • More information can be found in https://twiki.cern.ch/twiki/pub/LCG/OSCT-EGEEIII-tasks/security-monitoring-v0.12.pdf
  • Further security probes to be developed
    • Call for Nagios-based security probe
  • Based on risk analysis and/or previous incidents

Mingchao Ma, RAL

patch monitoring pakiti
Patch Monitoring - Pakiti
  • The Pakiti software is freely available from sourceforge
    • www.sf.net/projects/pakiti
    • used by some sites/ROCs (RAL Tier1, NIKHEF, SEE ROC)‏
    • currently being re-designed, significant changes expected during this summer
  • Pakiti campaign
    • Many sites not applying security patches (vanilla SL3 distributions!), a wide range exploits exist in the wild
    • OSCT is establishing a Pakiti server to collect and evaluate information about the sites’patching status
    • we only use the “public” interface, by sending a job
    • any authorized user can do the same
  • The middle-term goal is to move the Pakiti framework to Nagios

Mingchao Ma, RAL

traceability of users
Traceability of users
  • Tools to analyze log files
    • Collecting information about actions of particular user
    • Focused on site-level, to be performed bysysadmins
    • Work in progress – some “filters” already available
  • Tools to analyze data from the L&B database
    • grid/VO level
    • Complete information about user’s activities on the grid
    • Intended for VO managers
    • Work planned, not started yet
  • More info at
    • http://indico.cern.ch/getFile.py/access?contribId=6&sessionId=4&resId=1&materialId=slides&confId=49905

Mingchao Ma, RAL

security training dissemination
Security Training & Dissemination
  • gLite Service reference cards
    • https://twiki.cern.ch/twiki/bin/view/EGEE/ServiceReferenceCards
  • gLite-AMGA - ARDA Metadata Catalog
  • glite-BDII - Berkeley Database Information Index
  • glite-CREAM_CE - gLite CREAM Computing Element
  • glite-DPM - Disk Pool Manager
  • glite-FTS - File Transfer Service
  • glite-LFC - LCG File Catalog
  • gLite-LB - Logging and Bookkeeping service
  • glite-MON - Monitoring System Collector Server
  • glite-PX - MyProxy server
  • glite-UI - User Interface
  • glite-VOBOX - Virtual Organisation Node
  • glite-VOMS - Virtual Organisation Membership System
  • gLite-WMS - Workload Management Service
  • glite-WN - Worker Node
  • lcg-CE - LCG Computing Elements
  • gLExec - gLExec (both for WN and CE)

Mingchao Ma, RAL

service reference cards
Service reference cards
  • Each service card has a “security information” section
    • Access control Mechanism description (authentication & authorization)
    • How to block/ban a user
    • Network Usage
    • Firewall configuration
    • Security recommendations
    • Security incompatibilities
    • List of externals (packages are NOT maintained by Red Hat or by gLite)
    • Other security relevant comments

Mingchao Ma, RAL

security trainings
Security Trainings
  • Target system managers and administrators, NOT end users;
  • No dedicated budget for security training;
    • Incorporate training into other conferences/events;
  • Past training events
    • EGEE’07, 1st -5th October 2007, Budapest
    • EGEE’08, 22nd -26th September 2008, Istanbul
    • Security training at Laboratory APC, France, 2nd -3rd April 2009
    • Security training at ISGC 2009, Taipei, 19th April 2009
  • Upcoming training events
    • Security workshop at RAL, UK, 1st July, 2009
    • GridKa School at Karlsruhe, Germany 31st Aug.- 4th Sep. 2009
    • EGEE’09, 21-25 September 2009, Barcelona
  • Some ROCs are planning trainings in their regions as well

Mingchao Ma, RAL

security page
Security Page
  • Still in very early stage, will be hosted at OSCT website
  • Topics cover
    • Security policies, procedures
    • Security monitoring
    • Middleware security
    • OS security
    • Network security
    • Trust (CA, PKI and IGTF)
    • Forensics
    • … …
  • TERENA training material

Mingchao Ma, RAL

question
Question?

Mingchao Ma, RAL