OSG Security Review Mine Altunay June 19, 2008

June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS and 2.3.)  OSG Registration Policy and Requirements from members (WBS 2.3.1)  VO, and Site requirements, collected policies?  OSG Core Assets/Software in VDT Stack (WBS 2.1.7)  OSG security Officer’s duty wrt VDT’s consumers  DOEGrids RA workflow – introducing requested notifications (WBS 2.2)  VO incident response teams (WBS and 2.1.2)  Command Line Security Management Tools (WBS 2.1.1)  Banning tool requirements. With CDIGS. (WBS 2.1.9)  Including OSG Staff contact info into OIM (WNBS and 2.1.2)  Grid Tactical Plan (FNAL) and MOU with VO services/Privilege Project (WBS 2.1.9)  ST&E control deadlines are approaching (WBS 2.1.1) Accomplishments Since Last Report (some in progress)  Items completed from the roadmap (WBS 2.1.4)  Proxy Clean-Up for Jobs – completed. A bug in Globus is found  Proxy clean-up for storage is under investigation  Incident Response procedure – first draft completed  Security plan revision against NIST guidelines – completed (WBS 2.1.4)  Privacy Policy has been discussed at the board, comments are being addressed (WBS 2.3)  For implementation, I will ask Suchandra’s help  JSPG meeting, 4 policies are approved and comments sent to WLCG (WBS 2.3, 2.3.2, 2.3.1)

June 19, 2008  Forensics/Auditing tool Splunk (WBS )  Initial coding for testing completed  Data transfer from Gratia to Splunk is being worked on  NSF report to Large facilities  User’s meeting at BNL. Invited Security contacts with Jemise. Good participation and raised awareness Vulnerabilities/incidents  Debian openSSL problem  Report completed. Post-mortem actions: IGTF incident response procedures, LIGO’s openSSH library error mode  RPath problem: fix has been released.  Report is in progress. Post-mortem actions: Comm problems with EGEE. Announcement sent to Linux comm. Discussing SELinux and VDT. Changing VDT build practice to prevent this from happening again  IGTF distribution problem:  Newly accredited CAs and site policies. Still in discussion  INFN root exploit – joint report with EGEE is completed and sent to facility  The team is discussing the post-mortem actions listed 3

June 19, 2008 Security Overview Issues / Concerns  Effort: incident and vulnerability response and discussion takes a considerable amount of time from other work. Pending initiatives  Confusion over VDT/OSG relationship  Specific to past months : increasing time spent on fermi lab duties. Lay-offs and other procedures  Cooperation with other area coordinators: OSG 1.0 stalled many initiatives due to lack of effort 4

June 19, 2008 Initiatives/Concerns from the Last Report Initiatives  OSG Security roadmap  Technical and operational needs for long and short term (WBS 2.1.4)  Incident Mitigation Plans (WBS 2.3)  AuthN needs: GSI auth problems, CRLs, proxy clean up and VOMS-GUMS authN (WBS and and )  AuthZ needs: Banning tool, Uniform FQAN, MyProxy, AC validation (a request doc is written with Privilege project) (WBS and and )  More fire drills and site education (WBS 2.1)  Forensics -- splunk, incident training  Certify tool  Policy work  JSPG and OSG policies – incident response policy has priority (WBS and 2.3.)  Revising old security plan against NIST guidelines (WBS 2.1.4)  Risk assessment (WBS 2.1.4, 2.3) Issues / Concerns  Effort– Jim and Ron already started – very helpful  Incident sharing and privacy concerns, latest incident at INFN  Lack of security education, and incidents  We need more fire drills and discuss OSG responsibilities  Lack of attendance at security meetings – our facility team Color code: Completed, Work has started, No work 5