1 / 17

Task TSA1.3 - Authentication Services and Policies Acheivements

Task TSA1.3 - Authentication Services and Policies Acheivements. Jacques Alves da Silva (for Vinod Rebello) Universidade Federal Fluminense (Brazil) EELA 2 SA-1 Kick-off Meeting CEFET, Rio de Janeiro, Brazil, 17-18.09.2008. Apologies. Task Leader of Task TSA1.3 is Vinod Rebello (UFF)

tavia
Download Presentation

Task TSA1.3 - Authentication Services and Policies Acheivements

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Task TSA1.3 - Authentication Services and PoliciesAcheivements Jacques Alves da Silva (for Vinod Rebello) Universidade Federal Fluminense (Brazil) EELA 2 SA-1 Kick-off Meeting CEFET, Rio de Janeiro, Brazil, 17-18.09.2008

  2. Apologies Task Leader of Task TSA1.3 is Vinod Rebello (UFF) As chair of the International Grid Trust Federation (IGTF) and The Americas Grid Policy Management Authority (TAGPMA), is currently attending Open Grid Forum (OGF 24) and the APGridPMA meeting in Singapore; Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  3. Objectives (1) – CA Operations Help Latin American and Caribbean countries maintain IGTF Compliant Grid Certification Authorities and achieve maturity Operational since EELA Argentina Brazil Chile Mexico Latin American and Caribbean Catch-all Establish new national Grid CAs in Latin American countries (EELA-2 requirements: at least one) Candidates Colombia Peru Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  4. Objectives (2) – Security Coordinate all security related activities in SA1 establish security policies and protocols for their posterior implementation in partners coordinate the security response teams deployed locally at Resource Centres and Certificate Authorities Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  5. CA Status – Argentina Operated by UNLP (Universidad Nacional de La Plata) – http://www.pkiunlpgrid.unlp.edu.ar/ Has issued 27 certificates 1 RA Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  6. CA Status – Brazil Operated by UFF (Universidade Federal Fluminense) – http://brgridca.ic.uff.br Issued 491 certificates amongst 20 institutions/departments Currently 4 RAs – widespread use of catchall RA based on notary+video conferencing (scheme first proposed by UFF BrGrid CA) Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  7. CA Status – Chile Operated by REUNA (Red Universitaria Nacional) – http://reuna-ca.reuna.cl Issued 45 certificates to 6 institutions Have 6 RAs, other REUNA affiliates to follow Non consortium members use REUNA as their RA Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  8. CA Status – Mexico Operated by UNAM (Universidad Nacional Autónoma de México) –https://ca.unamgrid.unam.mx/grid/ Had staffing problems Recently appointed new CA staff Has issued 37 certificates 1 RA Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  9. CA Status – LAC Catchall Operated by UFF (Universidade Federal Fluminense) – http://lacgridca.ic.uff.br Has issued 36 certificates to users in Colombia, Peru and Cuba 2 RAs Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  10. CA Status – Venezuela Operated by ULA (Universidad de Los Andes) – https://ra.cecalc.ula.ve/pub Pending final approval by TAGPMA Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  11. CA Status – Colombia To be operated by UNIANDES (Universidad de los Andes) Due to staffing limitations, propose to start work in 2009 Will however follow the previously proposed EELA-2 transition plan for new CAs and setup an RA for the LACGrid CA RA Manager has already been nominated Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  12. CA Status – Peru To be operated by SENAMHI (Servicio Nacional de Meteorología e Hidrología) Installed UFF LACGrid RA as phase 1 of transition Have submitted a CP/CPS for revision to Task Leader Next step is to make a request to join TAGPMA Submit CP/CPS for approval CA manager has been appointed Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  13. Task Status (1) Documentation Submitted Task deliverable – CA selection report RA Operation Manual for Phase 1 of proposal to set up national CA – become an RA of LAC catchall CA. TAGPMA participation – chairing fortnightly VC Debian OpenSSL vulnerability (CVE-2008-0166) All EELA CAs had to verify quickly if any certificate they had issued suffered from this vulnerability Identified incident response weaknesses in many CAs Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  14. Task Status (2) Setting up and training a Computer Security Incident Response Team (CSIRT) Adapting focus to include CA operations as well Analysis of available documentation Objectives – elaborate Security related Policies and Procedures Documents All sites must have an approved Institutional Security Policy – what policy is appropriate for grid environments? Developing a software security suite to provide round-the-clock surveillance of grid and CA resources. Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  15. CSIRT Documentation Incident Handling NIST SP 800-61 - Computer Security Incident Handling Guide http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800-61rev1.pdf Building an Incident Response Program To Suit Your Business http://www.sans.org/reading_room/whitepapers/incident/627.php LCG/EGEE Grid Security Incident Response Handbook http://www.gridpp.ac.uk/wiki/Incident_Response_Handbook Organizational Models for Computer Security Incident Response Teams http://www.sei.cmu.edu/publications/documents/03.reports/03hb001.html CSIRT Starter Kit http://www.terena.nl/activities/tf-csirt/starter-kit.html Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  16. Summary Existing EELA CAs continue operational Two countries without national CAs are beginning the process Task Deliverable submitted to EU Active participation in TAGPMA, IGTF activities CSIRT being formed Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

  17. Thank You Vinod Rebello vinod@ic.uff.br Questions? Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008

More Related