LCG/EGEE/OSG Security Incident Response Grid Operations workshop CERN, 2 November 2004 David Kelsey CCLRC/RAL, UK

Slides:



Advertisements
Similar presentations
Grid Security Policy GridPP18, Glasgow David Kelsey 21sr March 2007.
Advertisements

Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.
The LHC experiments AuthZ Interoperation requirements GGF16, Athens 16 February 2006 David Kelsey CCLRC/RAL, UK
Forschungszentrum Karlsruhe in der Helmholtz-Gemeinschaft Torsten Antoni – LCG Operations Workshop, CERN 02-04/11/04 Global Grid User Support - GGUS -
Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
Deployment Session David Kelsey GridPP13, Durham 5 Jul 2005
INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:
OSG Operations and Interoperations Rob Quick Open Science Grid Operations Center - Indiana University EGEE Operations Meeting Stockholm, Sweden - 14 June.
EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center
INFSO-RI Enabling Grids for E-sciencE EGEE/LCG Joint Security Policy Group David Kelsey, CCLRC/RAL, UK EGEE.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
23-Oct-03D.P.Kelsey, LCG Security Update, HEPiX1 LCG Security Update HEPiX-HEPNT, TRIUMF, 23 October 2003 David Kelsey CCLRC/RAL, UK
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Linda Cornwall CCLRC (RAL) FP6 Security workshop.
LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK
Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE Security Coordination Group Dr Linda Cornwall CCLRC (RAL) FP6 Security workshop.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Operational Security Coordination Team Ian.
Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005
Security Vulnerability Identification and Reduction Linda Cornwal, JRA1, Brno 20 th June 2005
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI Enabling Grids for E-sciencE An overview of EGEE operations & support procedures Jules Wolfrat SARA.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
EGEE is a project funded by the European Union under contract IST Roles & Responsibilities Ian Bird SA1 Manager Cork Meeting, April 2004.
EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Planning for LCG Emergencies HEPiX, Fall 2005 SLAC, 13 October 2005 David Kelsey CCLRC/RAL, UK
Operations model Maite Barroso, CERN On behalf of EGEE operations WLCG Service Workshop 11/02/2006.
26/01/2007Riccardo Brunetti OSCT Meeting1 Security at The IT-ROC Status and Plans.
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
LCG User, Site & VO Registration in EGEE/LCG Bob Cowles OSG Technical Meeting Dec 15-17, 2004 UCSD.
LCG Workshop User Support Working Group 2-4 November 2004 – n o 1 Some thoughts on planning and organization of User Support in LCG/EGEE Flavia Donno LCG.
EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Security aspects (based on Romain Wartel’s.
Grid Deployment Technical Working Groups: Middleware selection AAA,security Resource scheduling Operations User Support GDB Grid Deployment Resource planning,
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Bob Jones EGEE Technical Director
Regional Operations Centres Core infrastructure Centres
EGI – Round table discussion
David Kelsey CCLRC/RAL, UK
Open Science Grid Consortium Meeting
SA1 Execution Plan Status and Issues
LCG Security Status and Issues
Ian Bird GDB Meeting CERN 9 September 2003
Incident Response Plan for the Open Science Grid
Incident Response Plan for the Open Science Grid
LCG/EGEE Incident Response Planning
The CCIN2P3 and its role in EGEE/LCG
David Kelsey CCLRC/RAL, UK
LCG Operations Centres
Leigh Grundhoefer Indiana University
Presentation transcript:

LCG/EGEE/OSG Security Incident Response Grid Operations workshop CERN, 2 November 2004 David Kelsey CCLRC/RAL, UK

2-Nov-04David Kelsey, Security Incident Response2 Outline Security Incident Response today Open Science Grid work in this area –LCG/EGEE already agreed to base new procedures on this OSG work –Show (some) slides by Bob Cowles (SLAC) Talk given at HEPiX meeting (BNL, 22 Oct 04) LCG/EGEE –Operational Security Coordination Team –Show (some) slides by Ian Neilson (CERN) Talk given at EGEE ROC Managers mtg (5 Oct 04) Summary

2-Nov-04David Kelsey, Security Incident Response3 Incident Response Today (LCG/EGEE)

2-Nov-04David Kelsey, Security Incident Response4 LCG/EGEE Policy Security & Availability Policy Usage Rules Certification Authorities Audit Requirements GOC Guides Incident Response User Registration & VO Management Application Development & Network Admin Guide picture from Ian Neilson

2-Nov-04David Kelsey, Security Incident Response5 Incident response today (1) When sites join LCG/EGEE –Provide security contact names Including phone numbers –And a mail list for emergency contact LCG Audit Requirements See –Every site must keep (for at least 90 days) Jobmanager and/or gatekeeper logfiles Data transfer logs Batch system and process activity records –Need to be preserved over system re-installs –Logs also needed for accounting

2-Nov-04David Kelsey, Security Incident Response6 Incident response today (2) Agreement on Incident Response See What is an incident? –Investigation -> break in service –Misuse of remote Grid resources –Long-lived (>3 days) credentials stolen Sites must –Take local action to prevent disruption –Report to local security officers –Report to others via Grid CSIRT mail list

Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work supported by U. S. Department of Energy contract DE-AC02-76SF00515

2-Nov-048 Principles OSG is a project with little central control or resources – almost everything has to be done by the sites or the VOs Site security personnel will need to feel comfortable with grid use of resources –limited additional risks –local control over decisions

2-Nov-049 Centrally Provided List of site security points of contact Secure communications Incident Tracking system Functions of the Grid Operations Center (GOC) Coordinate with other GOCs

2-Nov-0410 Site Responsibilities – 1 Have a site incident response plan in place (logs, evidence) Report grid-related incidents (hi-priority list) Remove compromised servers Refer press contacts to OSG Public Relations

2-Nov-0411 Site Responsibilities – 2 Report follow-up to discussion list and Incident Tracking System Take appropriate care with sensitive material collected Provide appropriate law enforcement with materials for coordination, investigation and prosecution

2-Nov-0412 Incident Classification Potential to compromise grid infrastructure Potential to compromise grid service or VO Potential to compromise grid user

2-Nov-0413 Response Teams Self-organized body of volunteers Mailing list maintained by GOC Team organized for severe or complex incidents Team leader to coordinate efforts and maintain information flow with GOC and public relations

2-Nov-0414 Incident Handling – 1 Discovery and reporting –local procedures & GOC list notified Triage –verify incident and perform classification Containment –remove resources, services, users Initial notification –record known information in tracking system Analysis and Response

2-Nov-0415 Incident Handling – 2 Tracking and progress notification –updates on discussion list & tracking system Escalation –form IRT if complex or widespread Reporting –CERTs, law enforcement, other GOCs, etc. Public Relations Post-incident analysis

2-Nov-0416 Timeline Jun 04– Security TG formed Jul 04– IR Activity formed Sep 04– First draft of plan reviewed Oct 04– Coordinate with EGEE/LCG Nov 04– Present plan at 2 nd EGEE mtg Dec 04– Implementation Jan 05– Implementation & testing Feb 05– OSG-0; EGEE Review

2-Nov-0417 The Plan st.html click on Documents click on Search the database and read documents click on OSG Secuirty Incident Handling and Response

LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN (talk given 5 Oct 2004) (OSCT: Operational Security Coordination Team)

EGEE ARM-2 – 5 Oct Security Coordination Objectives Ownership of … Security incidents From notification to resolution Liaise with national/institute CERTs Middleware security problems Liaise with development & deployment groups Co-ordination of security monitoring Post-mortem analysis Access to team of experts Security Service Challenges - LCG

EGEE ARM-2 – 5 Oct Security Coordination - Channels OSCT ROC RC CIC/GOC CSIRT External GRID Media/Press PR EGEE operational channels still being established. Responsibilities and processes being defined.

EGEE ARM-2 – 5 Oct Security Coordination – Comms. Incident Reporting List Security Contacts Discussion List External contact Reporting Other grids MUST be Encrypted How is this achieved and managed? Tracking system MUST be secure Press and Public Relations

EGEE ARM-2 – 5 Oct Security Coordination - Issues Security Operations Centre: what is it for EGEE/LCG? Dont think we can have Central control So formulate activity as coordination team Security contacts lists need management Dead boxes, moderated boxes, etc etc Do we have appropriate contact: site security or local admin? Need to coordinate through Regional Operations Centres (ROC) Need to utilise services from Core Infrastructure Centres (CIC) Wherever possible - dont duplicate channels What is the relationships with LCG GOCs and EGEE CICs? –Are they the same? Are we communicating with local site security team or grid admin responsibles

EGEE ARM-2 – 5 Oct Operational Security – where to start? Start small and keep it simple. Define basic structures Where/how lists hosted Where/how problems tracked Who/where/how experts organised JSPG review and update policy documents ROCs to take over management of contacts lists Must integrate with site registration process Establish what level of support is behind site security entries Relationships with local/national CERT Validate/test entries Exercise channels and raise awareness by Security Challenges – next slide.. (Not shown here!)

2-Nov-04David Kelsey, Security Incident Response24 Summary There is much work ahead of us! We need to work together to define and maintain better incident response policies and procedures –Wherever possible should work towards common (or at least interoperable) procedures between Grid projects Our applications are global –Must add to existing CSIRT procedures Keep it simple to start with Much to discuss in the track on Operational Security (tomorrow) –And for discussion in the EGEE project conference (25 th Nov 2004)