OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.

Slides:



Advertisements
Similar presentations
ITIL: Service Transition
Advertisements

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
University of Palestine software engineering department Testing of Software Systems Fundamentals of testing instructor: Tasneem Darwish.
Key Accomplishments and Work Plans OSG Security Team July 11, 2012.
SCD FIFE Workshop - GlideinWMS Overview GlideinWMS Overview FIFE Workshop (June 04, 2013) - Parag Mhashilkar Why GlideinWMS? GlideinWMS Architecture Summary.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.
OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.
Key Project Drivers - FY11 Ruth Pordes, June 15th 2010.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.
OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.
OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 06/25/2014.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
J OINING OSG Suchandra Thapa Computation Institute University of Chicago.
Discussion Topics DOE Program Managers and OSG Executive Team 2 nd June 2011 Associate Executive Director Currently planning for FY12 XD XSEDE Starting.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
OSG Security Review Mine Altunay December 4, 2008.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
OSG Cyber Security OSG Site Administrators workshop Indianapolis August Doug Olson LBNL Health.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch OSG Council August 23, 2012.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 11/02/2011.
Mine Altunay July 30, 2007 Security and Privacy in OSG.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012.
LCG Pilot Jobs + glexec John Gordon, STFC-RAL GDB 7 November 2007.
Meeting Minutes and TODOs TG has no distributed monitoring. During incident response, use a manual twiki page to distribute information TG monitors the.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
GLIDEINWMS - PARAG MHASHILKAR Department Meeting, August 07, 2013.
Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.
Status Organization Overview of Program of Work Education, Training It’s the People who make it happen & make it Work.
System/SDWG Update Management Council Face-to-Face Flagstaff, AZ August 22-23, 2011 Sean Hardman.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 4/11/2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 02/13/2012.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,
Opensciencegrid.org Operations Interfaces and Interactions Rob Quick, Indiana University July 21, 2005.
OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud and Software Vulnerabilities Linda Cornwall, STFC 20.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O.,
OSG PKI Transition Mine Altunay OSG Security Officer
Trusted Virtual Machine Images the HEPiX Point of View Tony Cass October 21 st 2011.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
Parag Mhashilkar Computing Division, Fermilab.  Status  Effort Spent  Operations & Support  Phase II: Reasons for Closing the Project  Phase II:
Running User Jobs In the Grid without End User Certificates - Assessing Traceability Anand Padmanabhan CyberGIS Center for Advanced Digital and Spatial.
OSG Facility Miron Livny OSG Facility Coordinator and PI University of Wisconsin-Madison Open Science Grid Scientific Advisory Group Meeting June 12th.
OSG Security Review Mine Altunay March 12, Jan Security Overview Current Initiatives  OSG Security roadmap  Technical and operational.
Cloud Security Session: Introduction 25 Sep 2014Cloud Security, Kelsey1 David Kelsey (STFC-RAL) EGI-Geant Symposium Amsterdam 25 Sep 2014.
Ruth Pordes, March 2010 OSG Update – GDB May 12 th 2010 Operations Services 1 Periodic reliability problems with end to end publishing to WLCG BDII – as.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI SA1.2 Plans 2013 Security Operations David Kelsey (STFC) 26/02/2013 Operations.
Operations Interfaces and Interactions
Open Science Grid Consortium Meeting
IGTF Risk Assessment Team
Leigh Grundhoefer Indiana University
Presentation transcript:

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013

Key Initiatives Traceability for End User Jobs without Certificates – Created the user traceability requirements for OSG, accepted by ET – Installed a frontend for the security team use and examined traceability capabilities – Started working with OSG-XSEDE as the first VO to go through the assessment process. – Did a security exercise with OSG-XSEDE frontend. Positive outcome. Could trace a user uniquely back to a job on the worker node. As long as the worker node knows which process id they want to trace and the timeframe of the process, the glideinwms system is capable of finding the user uniquely. – Next steps: will repeat the security exercise with a site again. Questions: whether process id and timeframe are ok for tracing purposes. How difficult for the site to extract the info. What other information site would gather.

Key Initiatives Increasing CILogon Basic CA Adoption in OSG – U of Wisconsin and CILOgon Basic provides a simple one-stop command line solution to retrieve certificates. – Glow VO is quite interested in trying this out with fermilab resources – Security team got permission and set up a test machine for Glow VO to run jobs. – If Glow Vo decides to pursue this option, security team will help moving this change to Fermilab production resources. Identity Management Roadmap – Close to completion. Circling for review in a small group of area coordinators and other interested parties. New Work Item – Changed the VO registration process to include the security aspects. – Security team meets with new VOs upon joining OSG. – Give security training for new comers. Jlab and Glast are the first two VOs we are training

Oasis/CVMFS security assessment – The security assessment is completed. Assessment result was satisfactory. Will post to docdb and circulate to area coordinator and/or ET Enhancing Site Security – Pakiti service – Gave a demo session at AHM. – FermiGrid wanted to install the service for monitoring their services. In progress. – Actively seeking new users/sites

WBS Ongoing Activities 1Incident response and vulnerability assessment Minimizing the end-end response time to an incident, 1 day for a severe incident, 1 week for a moderate incident, and 1 month for a low-risk incient. 2Troubleshooting; processing security tickets including user requests, change requests from stakeholders, technical problems Goal is to acknowledge tickets within one day of receipt. 3Maintaining security scripts (vdt-update-certs, vdt-ca-manage, cert-scripts, etc) Maintain and provide bug fixes according to the severity of bugs. For urgent problems, provide an update in one week; For moderate severity, provide an update in a month; For low risk problems, provide an update in 6 months. 4XSEDE Operational Security Interface Meet weekly 5Supporting OSG RA in processing certificate requests Each certificate request is resolved within one week; requests for GridAdmin and RA Agents are served within 3 days. 6Preparing CA releases (IGTF), modifying OSG software as the changes in releases require CA release for every two months 7Security Policy work with IGTF, TAGPMA, JSPG and EGI Meet with IGTF and TAGPMA twice a year. Attend JSPG and EGI meteings remotely and face-face once a year. Track security policy changes and report to OSG management. 8Security Test and Controls Execute all the controls included in the Security Plan and prepare a summary analysis. 9 Incident Drills and Training Drill Tier3 sites 10Weekly Security Team Meeting to review work items Coordinate weekly work it ems. 11Weekly reporting to OSG-Production Report important items that will affect production; incidents, vulnerabilities, changes to PKI infrastructure 12Monthly reporting to OSG-ET Meet with ET once a month to discuss work items 13Quarterly reporting to Area Coordinator meeting Meet with area coordinators to discuss work items.

Operational Security 1.Completed the risk assessment of md5 and sha-1 user proxies(on both on osg 3.x and 1.2.xinstallation). No major concerns although recommends moving forward to sha-2 proxies. This is possible with latest grid-proxy-init and voms-proxy-init. 2.Identified and followed up with sites that had not updated their Condor installs to patch condor for security vulnerabilities 3.Fixed issues in debian cilogon basic ca package fixed.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.