PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May 2011- Montpellier.

Slides:

Advertisements

Similar presentations

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

Advertisements

Federated Identity Management for Research Communities (FIM4R) David Kelsey (STFC-RAL) EGI TF, AAI workshop 19 Sep 2012.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014 and now abbreviated.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.

Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:

Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.

U.S. Department of the Interior U.S. Geological Survey The NGGDPP's Best Practices in Data Preservation Project Brian Buczkowski U.S. Geological Survey.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

Security Update WLCG GDB CERN, 12 June 2013 David Kelsey STFC/RAL.

AREVA T&D Security Focus Group - 09/14/091 Security Focus Group A Vendor & Customer Collaboration EMS Users Conference September 14, 2009 Rich White AREVA.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

Eliza de Guzman HTM 520 Health Information Exchange.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

Analysis. Solution Requirements 1. Identify the functions and attributes of the website. 2. Write a problem statement. (What is the problem? What will.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

Problem Solving – 4 Stages

EResearchers Requirements the IGTF model of interoperable global trust and with a view towards FIM4R AAI Workshop Presenter: David Groep, Nikhef.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGEE-III-INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-III All Activity Meeting Brussels,

Security and Assurance in IT organization Name: Mai Hoang Nguyen Class: INFO 609 Professor: T. Rohm.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

Identity Management in DEISA/PRACE Vincent RIBAILLIER, Federated Identity Workshop, CERN, June 9 th, 2011.

IOTA AP Towards Differentiated Identity Assurance David Groep, Nikhef supported by the Netherlands e-Infrastructure and SURFsara.

©Dr. Respickius Casmir Network Security Best Practices – Session 2 By Dr. Respickius Casmir.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.

Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.

INFSO-RI Enabling Grids for E-sciencE An overview of EGEE operations & support procedures Jules Wolfrat SARA.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Additional Services: Security and IPv6 David Kelsey STFC-RAL.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.

© 2015 Open Grid Forum ETSI CSC activities Wolfgang Ziegler Area Director Applications, OGF Fraunhofer Institute SCAI Open Grid Forum 44, May 21-22, 2015.

HIPAA Compliance Case Study: Establishing and Implementing a Program to Audit HIPAA Compliance Drew Hunt Network Security Analyst Valley Medical Center.

Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.

26/01/2007Riccardo Brunetti OSCT Meeting1 Security at The IT-ROC Status and Plans.

3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid

EMI INFSO-RI EMI 1, open source middleware and the road to sustainability Alberto Di Meglio (CERN) Project Director EGI User Forum EMI Technical.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Questionnaires to Cloud technology providers and sites Linda Cornwall, STFC,

XSEDE Operations 17 Sep 2013 Victor Hazlewood, EGI TF2013.

Scoping the Framework Guidelines on Interoperability Rules for European Gas Transmission Geert Van Hauwermeiren 20 th Madrid Forum, 26 Sept 2011.

Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.

Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.

15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK

Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.

PRACE user authentication and vetting Vincent RIBAILLIER, 29 th EUGridPMA meeting, Bucharest, September 9 th, 2013.

SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014.

PRACE tools and solutions for federated service management

WISE Information Security for Collaborating E-Infrastructures

Performing Risk Analysis and Testing: Outsource or In-house

Security Management Geant SIG-SIM – Alf Moens

WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.

David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017

Directory/Inventory – info sharing for security people

JRA3 Introduction Åke Edlund EGEE Security Head

European Middleware Initiative (EMI)

David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016

Chapter 9 Control, security and audit

Policy in harmony: our best practice

OIDC Federation for Infrastructures

David Kelsey (STFC-RAL)

Drew Hunt Network Security Analyst Valley Medical Center

WISE Information Security for collaborating e-Infrastructures David Kelsey (STFC-RAL, UK Research and Innovation) ISGC2019, Taipei, 2 April 2019 In collaboration.

Future GridPP Security

Presentation transcript:

PRACE security Jules Wolfrat, SURFsara, The Netherlands April 25, 2013, EGI CSIRT meeting, Linköping, Sweden 10 May Montpellier

PRACE Security Forum Coordinates security activities 1.Define Policies and Procedures - to build “A trust model that allows smooth interoperation of the distributed PRACE services”; 2.Risk reviews - to define and maintain “An agreed list of software and protocols that are considered robust and secure enough to implement the minimal security requirements”; 3.Operational security 2

Policy and Procedures Building “A trust model that allows smooth interoperation of the distributed PRACE services” The development of a “Statement of minimal security requirements” through the definition of policy and procedure documents; AUP, user administration (AuthZ), incident response etc.; To define and implement an Audit procedure; Representation in EUGridPMA, OGF, EEF and collaboration with EGI SPG, SCI, etc. 3

Risk reviews Risk review procedure based on guidelines from the German BSI (Federal Office for Information Security), BSI-Standard : d_100-2_e_pdf.pdf?__blob=publicationFileHttps:// d_100-2_e_pdf.pdf?__blob=publicationFile. Using the IT-Grundschutz Catalogues for threats and safeguards: atalogues_node.html Specifically the “threats catalogue deliberate acts” Examples: Globus Online, UNICORE FTP, SHA-2 testing 4

5

Risk reviews (2) Collaboration with EGI, XSEDE, etc., would be beneficial if there is common interest for a (new) service e.g. Globus Online, where we exchanged information with XSEDE Together you can achieve more with the provider Efficient use of human resources Test results can be exchanged Exchange of review documents should be considered, even for services not used, because they may be used in collaborations of user communities. 6

Operational Security – PRACE CSIRT All sites must be represented in the CSIRT Site CSIRT information maintained on the wiki (names, phone numbers, addresses No well defined procedure if some incident happens Site with information about an incident (or thinks something is wrong) is responsible to take action, e.g. ask for a video/phone conference The EGI rules are adopted for the distribution of security related information (Amber, White, etc.). Also subscribers from EGI CSIRT on our list (Leif, Romain) 7

Operational Security High level of trust between sites that they behave well, e.g. patch policy, firewall set-up, local CSIRT, etc. Requirements must be better documented with increasing number of sites Implementation of audits? Security Challenges? 8

Collaboration Share information about policies and Procedures – SCI activity Risk reviews: work together if there is common interest Incident handling: further develop and test procedure 9