OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.

Slides:

Advertisements

Similar presentations

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.

Advertisements

OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.

SAIC-F QA Internal Process (DRAFT ) Sudha Chudamani QA Team, Frederick National Lab Jan 2, 2013.

Key Accomplishments and Work Plans OSG Security Team July 11, 2012.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.

OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.

OSG Area Coordinators Meeting Cross-ProjectArea Report Ruth Pordes 2/8/2011.

Key Project Drivers - FY11 Ruth Pordes, June 15th 2010.

OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.

OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.

OSG Operations Rob Quick July 10th, 2012 OSG Staff Retreat.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.

OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.

OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 06/25/2014.

Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.

May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,

OSG Security Kevin Hill. Goals Operational Security – Identify software vulnerabilities – observing the practices of our VOs and sites, and sending alerts.

Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:

Apr 30, 20081/11 VO Services Project – Stakeholders’ Meeting Gabriele Garzoglio VO Services Project Stakeholders’ Meeting Apr 30, 2008 Gabriele Garzoglio.

J OINING OSG Suchandra Thapa Computation Institute University of Chicago.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.

OSG Software and Operations Plans Rob Quick OSG Operations Coordinator Alain Roy OSG Software Coordinator.

OSG Project Manager Report for OSG Council Meeting OSG Project Manager Report for OSG Council Meeting October 14, 2008 Chander Sehgal.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

Production Coordination Staff Retreat July 21, 2010 Dan Fraser – Production Coordinator.

OSG Security Review Mine Altunay December 4, 2008.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch OSG Council August 23, 2012.

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 11/02/2011.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012.

OSG PKI Transition: Transition Phase Report Von Welch OSG PKI Transition Lead Indiana University Center for Applied Cybersecurity Research.

Grid Operations Lessons Learned Rob Quick Open Science Grid Operations Center - Indiana University.

Meeting Minutes and TODOs TG has no distributed monitoring. During incident response, use a manual twiki page to distribute information TG monitors the.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

9 Oct Overview Resource & Project Management Current Initiatives  Generate SOWs  8 written and 6 remain;  drafts will be complete next week 

G Z LIGO's Physics at the Information Frontier Grant and OSG: Update Warren Anderson for Patrick Brady (PIF PI) OSG Executive Board Meeting Caltech.

Status Organization Overview of Program of Work Education, Training It’s the People who make it happen & make it Work.

The OSG and Grid Operations Center Rob Quick Open Science Grid Operations Center - Indiana University ATLAS Tier 2-Tier 3 Meeting Bloomington, Indiana.

OSG Area Coordinators Meeting Operations Rob Quick 1/11/2012.

Production Oct 31, 2012 Dan Fraser. Current Production Focus Transition to RPMs 52(44) sites using RPM based installs 52(44) sites using RPM based installs.

OSG Area Report Production – Operations – Campus Grids Jan 11, 2011 Dan Fraser.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 4/11/2012.

Additional Services: Security and IPv6 David Kelsey STFC-RAL.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 02/13/2012.

Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,

OSG Area Report Production – Operations – Campus Grids June 19, 2012 Dan Fraser Rob Quick.

User Support of WLCG Storage Issues Rob Quick OSG Operations Coordinator WLCG Collaboration Meeting Imperial College, London July 7,

OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.

Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O.,

The Great Migration: From Pacman to RPMs Alain Roy OSG Software Coordinator.

OSG PKI Transition Mine Altunay OSG Security Officer

Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,

Ruth Pordes, March 2010 OSG Update – GDB Mar 17 th 2010 Operations Services 1 Ramping up for resumption of data taking. Watching every ticket carefully.

OSG Facility Miron Livny OSG Facility Coordinator and PI University of Wisconsin-Madison Open Science Grid Scientific Advisory Group Meeting June 12th.

Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.

New OSG Virtual Organization Security Training OSG Security Team.

15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK

Grid Colombia Workshop with OSG Week 2 Startup Rob Gardner University of Chicago October 26, 2009.

OSG PKI Transition: Status and Next Steps (and Lessons Learned) Von Welch OSG PKI Transition Lead Indiana University Center for Applied Cybersecurity Research.

Software Tools Group & Release Process Alain Roy Mine Altunay.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI SA1.2 Plans 2013 Security Operations David Kelsey (STFC) 26/02/2013 Operations.

OSG Security Kevin Hill.

Open Science Grid Consortium Meeting

Leigh Grundhoefer Indiana University

Presentation transcript:

OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012

Key Initiatives CILogon Basic Transition – Working with FNAL and BNL to accept CILogon Basic Certs. No major hurdles with BNL. FNAL security officer accepted the change, but need official approval – Bigger challenge is to find VOs. Will propose to transition some VOs to CIlogon instead of Digicert. Otherwise, we have a problem finding users – User Support was helpful and identified a few scientists New work item: XSEDE-OSG Identity Proposal – Creating a proposal to collaborate some common work items between XSEDE and OSG.

Key Initiatives Enhancing Site Security – Pakiti service – Staff was on holiday for the month of July. Now the work is undergoing smoothly. No concerns about the packaging or meeting the deadline except that we must coordinate this well with VDT Team and Alain’s departure.

Concerns SHA-2 coordination – Security team is coordinating the GOC ITB, VO software and sites – Unplanned work item for the security team Digicert transition – Team contribution increases as the DigiCert deadlines approach Operational Projects depending on VDT effort – Need to finalize the CA update process for CA rpm bundles. – We need OSG VOs to update VOMS-Admin version due to a security vulnerability as well as new CA bundle compatibility. If the VOs prefer to have an update for their pacman installations, what should we do? should we push VOs to upgrade to rpm installations? – Pakiti packaging requirements. Kevin needs to communicate his requirements document to VDT Team. – SHA-2 transition regarding OSG software

WBS Ongoing Activities 1Incident response and vulnerability assessment Minimizing the end-end response time to an incident, 1 day for a severe incident, 1 week for a moderate incident, and 1 month for a low-risk incient. 2Troubleshooting; processing security tickets including user requests, change requests from stakeholders, technical problems Goal is to acknowledge tickets within one day of receipt. 3Maintaining security scripts (vdt-update-certs, vdt-ca-manage, cert-scripts, etc) Maintain and provide bug fixes according to the severity of bugs. For urgent problems, provide an update in one week; For moderate severity, provide an update in a month; For low risk problems, provide an update in 6 months. 4XSEDE Operational Security Interface Meet weekly 5Supporting OSG RA in processing certificate requests Each certificate request is resolved within one week; requests for GridAdmin and RA Agents are served within 3 days. 6Preparing CA releases (IGTF), modifying OSG software as the changes in releases require CA release for every two months 7Security Policy work with IGTF, TAGPMA, JSPG and EGI Meet with IGTF and TAGPMA twice a year. Attend JSPG and EGI meteings remotely and face-face once a year. Track security policy changes and report to OSG management. 8Security Test and Controls Execute all the controls included in the Security Plan and prepare a summary analysis. 9 Incident Drills and Training Drill Tier3 sites 10Weekly Security Team Meeting to review work items Coordinate weekly work it ems. 11Weekly reporting to OSG-Production Report important items that will affect production; incidents, vulnerabilities, changes to PKI infrastructure 12Monthly reporting to OSG-ET Meet with ET once a month to discuss work items 13Quarterly reporting to Area Coordinator meeting Meet with area coordinators to discuss work items.

Ongoing Work: Operational Security 1.Software Vulnerabilities/Incidents Serious Condor vulnerability is coming up. All Sites patched Voms-admin vulnerability. No other major vulnerability. Site patching levels 2.Operations SHA-2 Transition. Took over coordinating the changes across the GOC ITB, VO software, and Campus Grids. Phasing out the old layout. Becomes a bigger problem. VOMS are not up-to date. Transition to use EGI Pakiti central service Lengthened the RSV CA probe lifetime to 8 days

Ongoing Work: Operational Security Holding back the new CA release. Nothing urgent in terms of security. Want to complete the automation of rpm updates. We had RSV failures due to manual yum updates. Completed the Test and Controls. Following up with the recommended action items.