Future GridPP Security

Slides:



Advertisements
Similar presentations
INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
Advertisements

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Additional Services: Security and IPv6 David Kelsey STFC-RAL.
Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.
EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.
3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid
Ian Collier, STFC, Romain Wartel, CERN Maintaining Traceability in an Evolving Distributed Computing Environment Introduction Security.
EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI
INFSO-RI Enabling Grids for E-sciencE Operational Security Coordination Team OSCT report EGEE-4, Pisa Ian Neilson, CERN.
Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.
Operations Coordination Team Maria Girone, CERN IT-ES GDB, 11 July 2012.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI SA1.2 Plans 2013 Security Operations David Kelsey (STFC) 26/02/2013 Operations.
SCI & Sirtfi David Kelsey (STFC-RAL) EGI Conference, Lisbon 19 May 2015.
Stages of Research and Development
Supervisor’s Guide for Employees in Professional Series
WISE Information Security for Collaborating E-Infrastructures
Bob Jones EGEE Technical Director
WISE 2016 WISE: a global trust community where security experts share information and work together, creating collaboration among different e- infrastructures.
David Kelsey STFC-RAL 4th WISE workshop, Nikhef 27 March 2017
James Casey, CERN IT-GD WLCG Workshop 1st September, 2007
Office 365 Security Assessment Workshop
Minnesota Alliance With Youth
Southampton City Council School School Improvement Service
WIGOS Data Quality Monitoring System (WDQMS)
Road Manager Module National Heavy Vehicle Regulator
Overview of MAAP Accreditation
Ian Bird GDB Meeting CERN 9 September 2003
David Kelsey STFC-RAL 2nd WISE workshop, XSEDE16, Miami 18 July 2016
Are you ready for a federated security incident?
UK Status and Plans Scientific Computing Forum 27th Oct 2017
Continuous Improvement through Accreditation AdvancED ESA Accreditation MAISA Conference January 27, 2016.
Update on FIM4R David Kelsey
Our Vision Our vision is to be recognised nationally and internationally as a leader in qualification, assessment and verification.
Incident Response for Federated Identities
Employee Engagement Survey Education Session #3
Minimal Level of Assurance (LoA)
Overview – Guide to Developing Safety Improvement Plan
An Overview of the Minnesota Afterschool Accreditation Program (MAAP)
Overview – Guide to Developing Safety Improvement Plan
Policy in harmony: our best practice
Successful Project Management
Middle States Update to President’s Cabinet October 8, 2018
Meeting summary Licia Florio
Updated (VO) Community Security Policies
Update - Security Policies
Supporting communities with harmonized policy
David Kelsey (STFC-RAL)
Road Manager Module National Heavy Vehicle Regulator
S3P Agri-Food Working Committee Meeting
The Hub Innovation Program Evaluation Plan
Welcome to Your New Position As An Instructor
Organization Design Project support overview Presenter's Name
Investing in Data Management Capabilities
Network meeting 30th November Assessment, tracking and
FrAmework for Multi-agency Environments
WISE Information Security for collaborating e-Infrastructures David Kelsey (STFC-RAL, UK Research and Innovation) ISGC2019, Taipei, 2 April 2019 In collaboration.
Tom Barton (WG Chair) University of Chicago and Internet2
Building a minimum viable Security Operations Centre
Federated Incident Response
Presentation transcript:

Future GridPP Security David Crooks (STFC UKRI) GridPP42 25 April 2019

GridPP42 Future GridPP Security Post SSC Ongoing evaluation of SSC results Can already make some plans Present here for discussion and hopefully agree way forward GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Site requirements Some things made clear (which we knew anyway…) Sites are typically staffing limited, regardless of size of site But, most especially where we have limited FTEs GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Site requirements Security asks things of sites Both via policy, but in particular as a healthy community What do we need from sites? GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Site requirements Components involved with incident response Communication User suspension Containment Tracking activity Forensics Reinstall Lessons learned and final report GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Site requirements Components involved with incident response Communication User suspension Containment Tracking activity Forensics Reinstall Lessons learned and final report GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Site requirements From an operational security standpoint, we need to be clear about what we ask sites for If we require action, need to be clear about what this is. Base requirements Respond to emails Ensure that central suspension system is in place and effective GridPP42 Future GridPP Security

GridPP42 Future GridPP Security How do we achieve this? Feedback from SSC I’ve spoken to several people already Seek to talk to all sites in person (either here or by coming for a visit) If I haven’t, please get in touch as I want to give everyone a chance to give feedback! GridPP42 Future GridPP Security

GridPP42 Future GridPP Security How do we achieve this? Communications Security-discussion was extremely useful Other channels (mattermost team?) GridPP42 Future GridPP Security

GridPP42 Future GridPP Security How do we achieve this? Documentation Started a round of revisions with Job Tracing page This needs additions (pilot jobs!) Continue to build this out, based on… GridPP42 Future GridPP Security

GridPP42 Future GridPP Security How do we achieve this? Training HEPSYSMAN Security Day Individual site training? GridPP42 Future GridPP Security

GridPP42 Future GridPP Security How do we achieve this? Test framework Break components of incident response into different parts Communication chain Tracking activity Test these individually, on a per site basis Written component? Tabletop exercises? GridPP42 Future GridPP Security

GridPP42 Future GridPP Security How do we achieve this? GridPP security tools Proposing to use SCD Cloud to host a set of tools/test scripts/etc. Allow access for development by Security Team Common home/ACLs/development area Start with simple tests, but have common area for progress GridPP42 Future GridPP Security

GridPP42 Future GridPP Security How do we achieve this? End result Consider we may have SSC every ~2 years Develop plan of GridPP documentation, training and testing in preparation SSC (for us) should be execution of well understood techniques GridPP42 Future GridPP Security

HEPSYSMAN Security Day First iteration of training, following hiatus last year Morning: Review of basic procedures – what we ask of sites Technical review of SSC lessons learned Security tools – following Technical Meeting earlier in the year Afternoon: Forensics training Daniel Kouril (EGI CSIRT/CESNET) Hoping to have guided analysis of SSC payload GridPP42 Future GridPP Security

GridPP42 Future GridPP Security EGI Conference Two security sessions + talks SSC Overview SSC Forensics training GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Next 6 months Run some test jobs at sites to practice tracing jobs Start with most common submission methods And those particular to us (GridPP DIRAC) Much of this experience we have already – this is an opportunity to practice SSC feedback – effectively performing gap analysis of procedural requirements Ultimately best done through experience GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Security Team Plan for security team to help with testing and training Focus the mandate of the team following our recent experience Grow our numbers a little GridPP42 Future GridPP Security

Wider topics

GridPP42 Future GridPP Security Security Operations SOC Workshop in February Co-located with policy meeting and EGI CSIRT F2F Good attendance SOC WG Initial Model Projects ongoing/starting up at Nikhef and on SCD Cloud to test deployment Identify MISP as a priority to enable access to intelligence GridPP42 Future GridPP Security

Security Operations

GridPP42 Future GridPP Security Security Operations Threat Intelligence Making this available to share IoCs related to WLCG related incidents WLCG CERN MISP TLP: AMBER as well as TLP: GREEN and WHITE SIRTFI IdPs https://technical.edugain.org/entities (within eduGAIN) If your site is not on the list, recommend following up with your institutional provider 4 GridPP sites 557 entities across 28 federations Used PocketSOC demonstrator to ingest traffic from malware analysis Trigger alerts using real MISP event GridPP42 Future GridPP Security

GridPP42 Future GridPP Security Combined Assurance GridPP42 Future GridPP Security

Combined assurance Impact for LIGO SKA 29 Aug 2018 GridPP42, April 2019

GridPP42 Future GridPP Security WISE Wise Information Security for collaborating eInfrastructures https://wise-community.org Active Working Groups: Updating the SCI framework (SCI-WG) Risk Assessment WISE (RAW-WG) Working Groups being created: Incident Response & Threat Intelligence Working Group (IRTI-WG) Security Communications Challenge Coordination Working Group (SCCC-WG) Security for High Speed Transmissions Working Group (S4HST-WG) GridPP42 Future GridPP Security

SIG-ISM/WISE meeting, Lithuania Recent joint GEANT SIG-ISM/WISE meeting in Kaunas, Lithuania 16-18 April 2019 Linda Cornwall and David Crooks attended Joint discussions on areas of shared interest Coordination of security communications challenges Shared interest in SOC development – GEANT security working group task on Security Operations Centres Risk Assessment GridPP42 Future GridPP Security

GridPP42 Future GridPP Security IRIS Proposal submitted for trust framework and incident response cooperation framework for IRIS Presenting at upcoming TWG Dave Kelsey, Ian Neilson and myself GridPP42 Future GridPP Security

Conclusions SSC was invaluable Wider collaboration Highlights needs for sites and community Gives context to existing plans Wider collaboration Security necessarily exists as a collaborative effort across many communities Leading and participating in efforts across infrastructures Sharing intelligence within appropriate groups is key element 29 Aug 2018 GridPP42, April 2019

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.