Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid Computing OSCT EGEE 08 Conference

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 2 Current Status Many Security materials How to find clear information easily OSCTISSeG Wiki LCG securityIGTF GSVG How to train site managers or new comers (ex: good tutorial) Do we have good materials are covered with grid security

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 3 How should we do - Identify what security training/dissemination material is available to the sites on the various EGEE websites and Wikis - Identify the most important security risks for the EGEE infrastructure - Review the material as appropriate, identify unnecessary information and possible missing parts - Propose a strategy for the material dissemination, in order to deliver relevant security information to the sites - Put information on OSCT public website

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 4 Conception

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 5 Diagram

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 6 Trust Site manager Trust Authentication Authorization PKI Certificate Account management VO management Access right management

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 7 Policies Site manager Policy Security Policy Risk Assessment Policy Incident Response Policy

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 8 Network Access Control Site manager Network Configuration Firewall TCP Wrapper M/W port Tool Nmap, Nessus, Netstat, iptables Maintenance Disabling and uninstalling unneeded services Control network bandwidth Secure communication Spam filter tool Network Traffic Attack methods XSS SQL Injection

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 9 Monitoring Site manager Monitoring Software Maintenance Security patch Maintenance Service status Backup CRLs/CAs SW alteration Physical Maintenance HD failure Network failure Electrical failure Air conditioning failure Tool Nagios SAM Pakiti

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 10 Operating System Site manager OS Password Management Good Password SSH key Patch Management Update Log Management central log server Disk Management The permission of File / Directory Anti-Virus IDS( Intrusion Detection System)

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 11 Middleware Site manager M / W Maintenance security patch Host certificate System backup Update CRL and CA rpm Configuration Port / Service Host certificate User mapping (UID/GID)

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 12 Forensics Site manager Forensics Execution Check the system and related log file Anti-Virus Toolkits Collect problematic Log files Inform related members refer to the incident response procedure Avoid more disaster Prevention How to prevent the same problem to happen again

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 13 Procedure Site manager Procedure Incident Response Procedure How to block users How to identify VO users Risk assessment Procedure Access control Procedure Strong password Modification How to control user jobs System documents

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 14 Audit Site manager Audit Provide the Checklist - Users - System Admin - Developers - Managers

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 15 EGEE III Training and Dissemination Site manager Forensics Procedure Audit Trust M / W OS Monitor Network Policy Useful

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 16 Future Plan OSCT website (~ Nov) –Provide clear information to users –Find information easily –Use OSCT web pages effectively and friendly Available information –What is missing –What should be added –What should be removed Training and dissemination –Workshop, tutorial –How to improve the security course Contributions: (Thanks) APROC (4 PM), ITALY (4 PM), SWE (4 PM), DECH (3 PM), FRANCE (2 PM)

Enabling Grids for E-sciencE Training and Dissemination Jinny Chien, ASGC 17 Question ?