New OSG Virtual Organization Security Training OSG Security Team
OSG Security Team Goals Operational Security Identify software vulnerabilities observing the practices of our VOs and sites, and sending alerts when we detect abnormalities; performing fire drills to measure readiness and security awareness Interoperability with other grids Education security training of our members teaching best practices learning from our users about difficulties of security practices
What to do if you have a Security Incident Report to local Security Team + OSG GOC. n/IncidentDiscoveryReporting n/IncidentDiscoveryReporting Compromised credentials most common issue. Certificates revoked, CRL’s can take 6 hours or more to propagate. Also ban users via GUMS, SAZ, or gridmap files, as appropriate for the site.
Software vulnerabilities If a security related software vulnerability is discovered, report it to the OSG GOC, which will contact the Security and Software teams. Or send to SSL, Java, tomcat, most common suspects these days.
OSG Certificates OSG provides certificates signed by Digicert. Registration Agents (RAs) approve certs for individuals. Grid Admins (GAs) approve certs for hosts/services. SGPKITrustedAgent SGPKITrustedAgent urity/NewOSGPKI urity/NewOSGPKI
Fire Drills Selected sites are sent pseudo malicious jobs and asked to treat as a regular security incident. Upcoming drill will test jobs submitted via Glide-in WMS.
Tools Security team provides OSG CA cert bundles. Also looking at other security tools to provide. Open to suggestions for new tools!
Additional help If a VO needs additional help with managing their users, access control management and/or identity management, they can contact the OSG Security team. OSG Security team can either work on the problem with them or put them in touch with experts in this area depending on the VO’s needs. A guidance document that summarizes the trust relationship models that VOs can implement is available at docdb.opensciencegrid.org/cgi- bin/ShowDocument?docid=1199http://osg- docdb.opensciencegrid.org/cgi- bin/ShowDocument?docid=1199