INFSO-RI-508833

Enabling Grids for E-sciencE

www.eu-egee.org

Operational Security

OSCT

JSPG March 2006

Ian Neilson, CERN.

To change: View -> Header and Footer 2

Enabling Grids for E-sciencE

INFSO-RI-508833

OSCT

• Activity Areas– Security Service Challenge

Pal Anderssen

– Security Monitoring Romain Wartel

– Incident Response Ian Neilson

To change: View -> Header and Footer 3

Enabling Grids for E-sciencE

INFSO-RI-508833

Incident Response Planning

• At Pisa(Oct 2005) -– Proposed: Incident Response Handbook

Make procedures out of policy• Quicker to update than policy

• Lighter process than SSC Framework for planning activity

– 4 Sections/Activities Quick Start

• The basic process Grid resources

• References for contacts and administrators Services Reference

• Threat and impact by service Playbook

• Worked examples

To change: View -> Header and Footer 4

Enabling Grids for E-sciencE

INFSO-RI-508833

Incident Response Planning

• Issues raised (Pisa)– “Not clear there is effort available now”

Clear there is not!

– OSCT/IR Integration with operational procedures CIC, GGUS procedures still evolving

– Relations/communications with peering grid projects– NREN CSIRTS

NRENS and Grids workshops

• Handbook– Almost no feedback

What there was rather negative/off mark

– “Playbook” twiki senarios - 2 of 6 https://twiki.cern.ch/twiki/bin/view/LCG/IR

To change: View -> Header and Footer 5

Enabling Grids for E-sciencE

INFSO-RI-508833

EGEE-II SA1 structure

To change: View -> Header and Footer 6

Enabling Grids for E-sciencE

INFSO-RI-508833

EGEE-II

• Security Coordination Group (SCG)– “Security tasks are thus spread over several activities that are

coordinated via a cross-activity Security Coordination Group (SCG). The SCG members are drawn from SA1, JRA1 and JRA2 and the group is responsible for overall security coordination. The SCG is chaired by a Security Head, organisationally part of the Quality Assurance Activity JRA2.”

• OPERATIONS COORDINATION CENTRE (OCC)– “The OCC coordinates the SA1 activity and its tasks and has the

mandate to distribute tasks to the ROCs as necessary. Its responsibilities include:

…. Coordinate the operational security activity; ….”

To change: View -> Header and Footer 7

Enabling Grids for E-sciencE

INFSO-RI-508833

EGEE-II

• ROC-centric– “The mandatory set of ROC responsibilities is the following:

….. Responsible for ensuring that operational problems in the region or in

resource centres in the region are resolved and followed-up. The ROC owns the operational problems and is responsible for them;

….. Coordinate Grid security in the region; provide incident response teams

(with members from the sites); …..”

• Other security ROC activities -– Coordinate the Joint Security Policy Group;

Will be provided by UK/I (CCLRC);

– Security vulnerability and risk analysis. This is a new task that will verify the security of middleware being deployed.

This includes coordinating code reviews, providing information on best practices for developers, etc;

Will be provided by UK/I (CCLRC);

To change: View -> Header and Footer 8

Enabling Grids for E-sciencE

INFSO-RI-508833

EGEE-II

“It is time and effort consuming to work through with each site incident scenarios, but this cost outweighs the potential real cost of a significant incident. Nevertheless investment must be made to handle this. This is also extremely important in the longer term, and for industrial take up - EGEE must be able to show that it is conforming to cuurent, and building future best practices.”

To change: View -> Header and Footer 9

Enabling Grids for E-sciencE

INFSO-RI-508833

Deliverables and Milestones