Enabling Grids for E-sciencE www.eu-egee.org EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.

Slides:



Advertisements
Similar presentations
The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
Advertisements

Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
1 Deployment of an LCG Infrastructure in Australia How-To Setup the LCG Grid Middleware – A beginner's perspective Marco La Rosa
SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.
EGEE-II INFSO-RI Enabling Grids for E-sciencE AP ROC Min-Hong Tsai ASGC SA1 Transition Meeting May 8 th, 2008
INFSO-RI Enabling Grids for E-sciencE The US Federation Miron Livny Computer Sciences Department University of Wisconsin – Madison.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Configuring and Maintaining EGEE Production.
EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Security Update Mingchao Ma HEPSYSMAN - Security 1 st July 2009.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks ?? Athens, May 5-6th 2009 Community Support.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
GridPP Deployment & Operations GridPP has built a Computing Grid of more than 5,000 CPUs, with equipment based at many of the particle physics centres.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
EGEE-III INFSO-RI Enabling Grids for E-sciencE Training services offered by SZTAKI for EGEE and EGI Gergely Sipos MTA SZTAKI (Hungarian.
INFSO-RI Enabling Grids for E-sciencE SA1 and gLite: Test, Certification and Pre-production Nick Thackray SA1, CERN.
EGI – Security Training and Dissemination Mingchao Ma STFC – RAL, UK.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Next steps with EGEE Gergely Sipos
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-EGI Grid Operations Transition Maite.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks CERN status report SA3 All Hands Meeting.
MTA SZTAKI Hungarian Academy of Sciences Introduction to Grid portals Gergely Sipos
INFSO-RI Enabling Grids for E-sciencE Introduction to Grid Computing, EGEE and Bulgarian Grid Initiatives - Plovdiv,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks SA1: Grid Operations Maite Barroso (CERN)
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Dr Linda Cornwall CCLRC (RAL) FP6 Security workshop.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-III Proposal Draft Summary of activity.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Fergusson, Emidio Giorgio, Gergely.
EGEE-III-INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE-III All Activity Meeting Brussels,
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks The EGEE User Support Infrastructure Torsten.
EGEE-III INFSO-RI Enabling Grids for E-sciencE Antonio Retico CERN, Geneva 19 Jan 2009 PPS in EGEEIII: Some Points.
Glite. Architecture Applications have access both to Higher-level Grid Services and to Foundation Grid Middleware Higher-Level Grid Services are supposed.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Site Architecture Resource Center Deployment Considerations MIMOS EGEE Tutorial.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Operational Security Coordination Team Ian.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks ROC Security Contacts R. Rumler Lyon/Villeurbanne.
Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI Enabling Grids for E-sciencE An overview of EGEE operations & support procedures Jules Wolfrat SARA.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks User traceability and log analysis tools.
Last update 22/02/ :54 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD VO Registration procedure Presented by.
EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks UK-Ireland-France Regional Participation.
INFSO-RI Enabling Grids for E-sciencE Introduction to Grid Computing, EGEE and Bulgarian Grid Initiatives, Sofia, South.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Best Practice and Training Mingchao Ma Operation.
INFSO-RI Enabling Grids for E-sciencE gLite Test and Certification Effort Nick Thackray CERN.
Why a Commercial Provider should Join the Academic Cloud Federation David Blundell Managing Director 100 Percent IT Ltd Simple, Flexible, Reliable.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks NA5: Policy and International Cooperation.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
Breaking the frontiers of the Grid R. Graciani EGI TF 2012.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks NA5: Policy and International Cooperation.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks NA5: Policy and International Cooperation.
Bob Jones EGEE Technical Director
EGI – Round table discussion
JRA3 Introduction Åke Edlund EGEE Security Head
LCG Security Status and Issues
Ian Bird GDB Meeting CERN 9 September 2003
Global Banning List and Authorization Service
LCG/EGEE Incident Response Planning
Gonçalo Borges on behalf of LIP
gLite The EGEE Middleware Distribution
Presentation transcript:

Enabling Grids for E-sciencE EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009

Enabling Grids for E-sciencE Efforts Training and dissemination: –Estimated efforts: 35 PM Activity coordination –UK (3 PM) Training and dissemination contributions –APROC (4 PM) –ITALY (4 PM) –SWE (4 PM) –SEE (4 PM) –DECH (10 PM) –FRANCE (2 PM) Website, communication and outreach –RUSSIA (3 PM) 2

Enabling Grids for E-sciencE Overview Service Reference Cards –Security section Security training events/workshops –Security trainings at EGEE07, EGEE08 and EGEE09 –Security trainings at ROCs  France ROC  AP ROC  UKI ROC  DECH ROC Security and dissemination area on OSCT public website –Ongoing work Security RSS feed 3

Enabling Grids for E-sciencE Service Reference Cards –to gather useful general information and to provide links to detailed information for each service –Specifically have a “security information” section – –SEE ROC  glite-PX MyProxy server  glite-VOMS Virtual Organisation Membership System  glite-MON Monitoring System Collector Server –DECH ROC  glite-VOBOX Virtual Organisation Node  glite-FTS File Transfer Service  glite-LFC LCG File Catalog  lcg-CE LCG Computing Elements 4

Enabling Grids for E-sciencE Service Reference Cards –FR ROC  gLite-AMGA ARDA Metadata Catalog  gLite-UI User Interface –SWE ROC  gLite-WMS Workload Management Service  gLite-LB Logging and Bookkeeping service  glite-BDII Berkeley Database Information Index –IT ROC  glite-WN Worker Node  glite-CREAM_CE gLite CREAM Computing Element –CERN ROC  glite-DPM Disk Pool Manager –Oscar Koeroo  glExec 5

Enabling Grids for E-sciencE Training Events Security training session at EGEE 07 – Training topics: –Introduction: Grid and security –Grid systems installation and configuration –Centralized logging –Protecting administrative credentials –Testing and monitoring Grid systems –Incident response (policies and procedures) 6

Enabling Grids for E-sciencE Training Events Joint security training session at EGEE08 – Training topics: –Introduction: Grid and security –Middleware security overview and pattern matching –Security recommendations: lcg-CE –Security recommendations: CREAM CE –Security recommendations: WMS –Security recommendations: LB –Security recommendations: SE –Handling security incidents: procedures and recommendations 7

Enabling Grids for E-sciencE Training Events Joint Security training session at EGEE09 – Training topics –Managing grid security incidents –Security Monitoring, Pakiti and Nagio-based monitoring –Command line security tools: introduction and job-lookup-by- subject –Command line security tools: testing client connection –Authorization Service, Argus command line tools and Central banning –User traceability and log analysis 8

Enabling Grids for E-sciencE Training Workshops at ROCs France ROC AP ROC UKI ROC DECH ROC 9

Enabling Grids for E-sciencE French grid security workshop Duration: 2 days Participants: –Site security contacts  From production sites and sites under certification –Organisational security contacts  Secretariat-General for National Defence (government institution)  Security officers from the institutions participating in the French JRU  Security contacts from the French NREN (RENATER)  Grid security contact from one industrial site –26 people in total (plus the person responsible for the technical organisation) Contributions came from: –French OSCT members –Site security contacts –Institutional security contact 5

Enabling Grids for E-sciencE Topics EuGridPMA Overview of security related bodies of EGEE and their roles More detailed: Role of OSCT and OSCT-DC Security Service Challenges how-to and results Sources of information about grid security –Policies, which ones, where to find them, how to change them –Hints, where they are and where they come from –Handling a security incident on a CE (and how to crack a CE ;-) ) –Incident handling procedure in general and existing communication channels Self audit Discussion about SLAs Security handling by example: three different organisations presented their ways Discussion on cooperation models in the future NGI

Enabling Grids for E-sciencE Perspective Specific grid security training event or workshop not planned for the near future –Nevertheless, a repetition would be necessary from time to time for the newcomers Instead, integration of grid security topics into other events –Example: French EGEE to NGI transition conference in October

Enabling Grids for E-sciencE Training Workshop at AP ROC Security Training Workshop –Half day security training workshop on 19 th April; –The International Symposium on Grid Computing (ISGC) 2009, Taipei,Taiwan – Grid/EGEE_Tutorialhttp://www2.twgrid.org/APTeam/index.php/2009_ISGC_EUAsia Grid/EGEE_Tutorial Topics:  Security Policy;  Grid Security and Incident Handling;  Middleware Security;  Security Service Challenge 3 at AP ROC; 13

Enabling Grids for E-sciencE Training Workshop at UKI ROC One day UK Security Training Workshop (one day) –Incorporated into HEPSYSMAN workshop; – Topics –SSC3 case study –TCD security monitoring tool –OxCERT –Update on Security Policy –Security on storage element –Update on Security activities in EGEE, GridPP and NGS –JANET CSIRT Invited UK JANET CSIRT and Oxford University CSIRT; Discussion on incident handling and cooperation among Grid CSIRT, NREN’s CSIRT and University CSIRT 14

Enabling Grids for E-sciencE Training Workshop at DECH ROC Half day security training workshop –GridKa-School 2009, organized by members of GridKa/OSCT – Topics –Grid Security Workshop for Administrators and Developers –Security Services Uni Bonn –Security Services TU Dortmund –Grid-CERT (DFN-CERT) Future planned activity: –Presentation about EGEE Incident Response Procedures and Security Service Challenges with anonymized results from ROC DECH at D-Grid security workshop,14./15. Oct

Enabling Grids for E-sciencE Online Repository A security area on OSCT website Still working in process 16 Revision : Web Structure Site manager Conception Application Security Physical Security Forensics Monitoring News Document

Enabling Grids for E-sciencE 17

Enabling Grids for E-sciencE Prototype 18

Enabling Grids for E-sciencE RSS Feed RSS feed for the security-related guidelines and best practices. – See security RSS feed guide to learn about the feed and how to integrate it into your own site – 19

Enabling Grids for E-sciencE From EGEE to EGI 20

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.