EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SVG F2F Virtual Machines VM images, software run on VMS. 3 rd March 2015.

Slides:

Advertisements

Similar presentations

HEPiX Virtualisation Working Group Status, July 9 th 2010

Advertisements

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-InSPIRE The EGI Software Vulnerability Group (SVG) What is a Software Vulnerability?SVG membership and interaction with other groups Most people are.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Pakiti.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

European Grid Initiative Federated Cloud update Peter solagna Pre-GDB Workshop 10/11/

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.

Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Threat Risk Assessment Dr Linda Cornwall Rutherford Appleton.

Security Vulnerability Identification and Reduction Linda Cornwal, JRA1, Brno 20 th June 2005

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Evolution of AAI for e- infrastructures Peter Solagna Senior Operations Manager.

HEPiX Virtualisation Working Group Status, February 10 th 2010 April 21 st 2010 May 12 th 2010.

Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.

3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Draft Security Virtualisation Policy (for Romain Wartel – CERN) EGI Technical.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Policy Development in EGI.eu/EGI-InSPIRE Damir Marinovic (EGI.eu)

EGI-InSPIRE RI EGI Webinar EGI-InSPIRE RI Porting your application to the EGI Federated Cloud 17 Feb

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI CSIRT Procedure for Compromised Certificates and Central Security Emergency.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Operations Portal Development Update on Requirements Cyril L'Orphelin IN2P3/CNRS.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI VOMS Proxy Lifetime UCB 21 Aug 2012 David Kelsey STFC.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI UMD Roadmap Steven Newhouse 14/09/2010.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud and Software Vulnerabilities Linda Cornwall, STFC 20.

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI

EGI-InSPIRE RI SPG Tasks for Year 2011 Jan 2011 Kelsey/Security Policy Group1.

EGI-InSPIRE RI SPG Tasks for Year 2011 Jan 2011 Kelsey/Security Policy Group1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Funding Global Tasks.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE PY5 new activities Peter Solagna – EGI.eu.

Instituto de Biocomputación y Física de Sistemas Complejos Cloud resources and BIFI activities in JRA2 Reunión JRU Española.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Enabling SSO capabilities in the EGI Cloud services Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Questionnaires to Cloud technology providers and sites Linda Cornwall, STFC,

Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.

Logging and Monitoring. Motivation Attacks are common (see David's talk) – Sophisticated – hard to reveal, (still) quite limited in our environment –

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Technology Sustainability Discussion Points DCI Sustainability Meeting.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Resource allocation brainstorming space

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI /19/13 1 Use the AppDB as Virtual Appliance Marketplace Marios Chatziangelou,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI /09/14 1 Appliance lifecycle services Marios Chatziangelou, et al.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI /04/14 1 EGI Community Forum 2014 Federated Cloud image management Marios.

European Grid Initiative The EGI Federated Cloud as Educational and Training Infrastructure for Data Science Tiziana Ferrari/ EGI.eu.

Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 17 – IT Security.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI John Gordon EGI Virtualisation and Cloud Workshop Amsterdam 13 th May 2011.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI John Gordon EGI Virtualisation and Cloud Workshop Amsterdam 12 th May 2011.

HEPiX Virtualisation working group Andrea Chierici INFN-CNAF Workshop CCR 2010.

Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI SA1.2 Plans 2013 Security Operations David Kelsey (STFC) 26/02/2013 Operations.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI D4.4 and the EGI review Dr Linda Cornwall 19 th Sept 2011 D4.41.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Scientific Publications Repository

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Developing Horizon 2020 projects January 2014 EGI FedCloud F2F, Oxford.

Directory/Inventory – info sharing for security people

EGI Software Vulnerability Group (SVG) report to CSIRT F2F

Solutions for federated services management EGI

EGI Security Risk Assessment

Software Vulnerability Group Status update

David Kelsey (STFC-RAL)

CMGT/431 INFORMATION SYSTEMS SECURITY The Latest Version // uopcourse.com

CMGT 431 CMGT431 cmgt 431 cmgt431 Entire Course // uopstudy.com

Presentation transcript:

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SVG F2F Virtual Machines VM images, software run on VMS. 3 rd March 2015 SVG F2F1

EGI-InSPIRE RI Endorsed VMs The policy of only running endorsed VM images is an important part of incident prevention One of the things that makes the Fed Cloud different from other Clouds These VM images in the AppDB need to be maintained, software patches (e.g. Linux kernel vulnerabilities) applied in a timely manner 3 rd March 2015 EGI SVG F2F2

EGI-InSPIRE RI Vulnerabilities in AppDB VMs Would it be possible to monitor for Critical vulnerabilities in endorsed VMs in the AppDB? 3 rd March 2015 EGI SVG F2F3

EGI-InSPIRE RI Running VM images Need to think about patching of these – whether kernel vulnerabilities, other software vulnerabilities etc. Probably this is more of an operational security issue. 3 rd March 2015 EGI SVG F2F4

EGI-InSPIRE RI Contact details needed Need contact details for those responsible for VM images. Need contact details for those running VM images This is to inform people of at least Critical and high risk vulnerabilities. VO security contact list? plus VM image security contact list 3 rd March 2015 EGI SVG F2F5

EGI-InSPIRE RI For Vulnerabilities in e.g. Linux Where does the responsibility lie? Of course primarily with endorser How many linux flavours in endorsed VMs? Do we inform a mailing list of endorsers of ‘High’ and ‘Critical’ vulnerabilities? We also know less of the impact in Fed Cloud, depending on how VMs used. 3 rd March 2015 EGI SVG F2F6

EGI-InSPIRE RI AAI to connect to VMs One weakness is how VM operators allow others to connect Possibly FedCloud should have some recommended tools Carry out vulnerability assessment These tools properly maintained, vulnerability handling here. 3 rd March 2015 EGI SVG F2F7

EGI-InSPIRE RI Other software running on VMs Only act if there is a known problem Is a checklist useful for people setting up VMs? Best practice? Possibly a CSIRT rather than SVG function. E.g. VO specific. 3 rd March 2015 EGI SVG F2F8

EGI-InSPIRE RI VO and other user software on VMs Not everything can be tracked But it is important to be able to trace who is responsible for a running VM, Who is responsible for any software running on multiple VMs So if there is a problem (whether we are alerted to a vulnerability or potential incident) we can track who is responsible 3 rd March 2015 EGI SVG F2F9

EGI-InSPIRE RI rd March 2015 EGI SVG F2F10

EGI-InSPIRE RI rd March 2015 EGI SVG F2F11