OSG Security Kevin Hill.

Slides:

Advertisements

Similar presentations

Role Based VO Authorization Services Ian Fisk Gabriele Carcassi July 20, 2005.

Advertisements

OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.

Andrew McNab - EDG Access Control - 14 Jan 2003 EU DataGrid security with GSI and Globus Andrew McNab University of Manchester

OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Security Mechanisms The European DataGrid Project Team

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Getting grid-enabled Steps involved: personal grid certificate  Request a certificate from:

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

Key Accomplishments and Work Plans OSG Security Team July 11, 2012.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.

CLICK ONTO THE SHARYLAND WEB PAGE   Find and select the Sign-In tab located at top right.

OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.

CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.

OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.

OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 06/25/2014.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

OSG Security Kevin Hill. Goals Operational Security – Identify software vulnerabilities – observing the practices of our VOs and sites, and sending alerts.

Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:

G RID M IDDLEWARE AND S ECURITY Suchandra Thapa Computation Institute University of Chicago.

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.

OSG Security Review Mine Altunay December 4, 2008.

Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch OSG Council August 23, 2012.

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 11/02/2011.

Mine Altunay July 30, 2007 Security and Privacy in OSG.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012.

LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK

Meeting Minutes and TODOs TG has no distributed monitoring. During incident response, use a manual twiki page to distribute information TG monitors the.

Overview of Privilege Project at Fermilab (compilation of multiple talks and documents written by various authors) Tanya Levshina.

Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.

G Z LIGO's Physics at the Information Frontier Grant and OSG: Update Warren Anderson for Patrick Brady (PIF PI) OSG Executive Board Meeting Caltech.

OSG RA, DOEGrids CA features Doug Olson, LBNL August 2006.

DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.

Auditing Project Architecture VERY HIGH LEVEL Tanya Levshina.

Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 4/11/2012.

Open Science Grid Build a Grid Session Siddhartha E.S University of Florida.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 02/13/2012.

EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.

12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK

The GRIDS Center, part of the NSF Middleware Initiative Grid Security Overview presented by Von Welch National Center for Supercomputing.

LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI CSIRT Procedure for Compromised Certificates and Central Security Emergency.

EGI-InSPIRE RI Grid Training for Power Users EGI-InSPIRE N G I A E G I S Grid Training for Power Users Institute of Physics Belgrade.

OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.

Fermilab / FermiGrid / FermiCloud Security Update Work supported by the U.S. Department of Energy under contract No. DE-AC02-07CH11359 Keith Chadwick Grid.

Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O.,

Security Bob Cowles

OSG PKI Transition Mine Altunay OSG Security Officer

OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.

OSG VO Security Policies and Requirements Mine Altunay OSG Security Team July 2007.

Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.

New OSG Virtual Organization Security Training OSG Security Team.

15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK

OSG Security Review Mine Altunay March 12, Jan Security Overview Current Initiatives  OSG Security roadmap  Technical and operational.

David Kelsey CCLRC/RAL, UK

Incident Response Plan for the Open Science Grid

f f FermiGrid – Site AuthoriZation (SAZ) Service

CRC exercises Not happy with the way the document for testbed architecture is progressing More a collection of contributions from the mware groups rather.

Update on EDG Security (VOMS)

Leigh Grundhoefer Indiana University

The GENIUS Security Services

Presentation transcript:

OSG Security Kevin Hill

Goals Operational Security interoperability with other grids Identify software vulnerabilities observing the practices of our VOs and sites, and sending alerts when we detect abnormalities; performing fire drills to measure readiness and security awareness interoperability with other grids education: security training of our members; teaching best practices, and learning from our users about difficulties of security practices

Security Incidents Report to local Security Team + OSG GOC. https://twiki.grid.iu.edu/bin/view/Documentation/IncidentDiscoveryReporting Compromised credentials most common issue. Certificates revoked, CRL’s can take 6 hours or more to propagate. Also ban users via GUMS, SAZ, or gridmap files, as appropriate for the site.

Software vulnerability If security vulnerability discovered, report to OSG GOC, which will contact Security and Software teams. https://ticket.opensciencegrid.org Or send email to goc@opensciencegrid.org Java, tomcat, most common suspects these days.

OSG Certificates OSG provides certificates signed by Digicert. Registration Agents (RAs) approve certs for individuals. Grid Admins (GAs) approve certs for hosts/services. https://twiki.grid.iu.edu/bin/view/Operations/OSGPKITrustedAgent https://www.opensciencegrid.org/bin/view/Security/NewOSGPKI

Fire Drills Selected sites are sent pseudo malicious jobs and asked to treat as a regular security incident. Upcoming drill will test jobs submitted via Glide-in WMS.

Tools Security team provides OSG CA cert bundles. Also looking at other security tools to provide. PackagedPakiti software vulnerability database for distribution for sites own use. Open to suggestions for new tools!

Additional help If a VO needs additional help with managing their users, access control management and/or identity management, they can contact the OSG Security team. OSG Security team can either work on the problem with them or put them in touch with experts in this area depending on the VO’s needs. A guidance document that summarizes the trust relationship models that VOs can implement is available at http://osg-docdb.opensciencegrid.org/cgi-bin/ShowDocument?docid=1199