OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch OSG Council August 23, 2012.

Slides:



Advertisements
Similar presentations
Private Key Protection. Whats it about Without the private key, the certificate is useless One of two main purposes of cert: –Prove possession of private.
Advertisements

Information Technology Disaster Recovery Awareness Program.
Security Q&A OSG Site Administrators workshop Indianapolis August Doug Olson LBNL.
OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.
Business Continuity Mark Holloway Former Head of Change Management at Co-operative Food.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
DESIGNING A PUBLIC KEY INFRASTRUCTURE
Jan 2010 Current OSG Efforts and Status, Grid Deployment Board, Jan 12 th 2010 OSG has weekly Operations and Production Meetings including US ATLAS and.
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
Network security policy: best practices
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Key Accomplishments and Work Plans OSG Security Team July 11, 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.
OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.
OSG Operations Rob Quick July 10th, 2012 OSG Staff Retreat.
OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.
OSG Security Program Review OSG Security Team M. Altunay, FNAL, OSG Security Officer, D. Olson LBNL, Ron Cudzewicz FNAL J. Basney NCSA, Anand Padmanabhan.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 06/25/2014.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
OSG Security Kevin Hill. Goals Operational Security – Identify software vulnerabilities – observing the practices of our VOs and sites, and sending alerts.
Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
Engin Ali ARTAN Industrial Engineering
OSG Security Review Mine Altunay December 4, 2008.
Planning for security Microsoft View
Appendix C: Designing an Operations Framework to Manage Security.
Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
The RCMP Tech Crime Unit & Information Systems Security Presented to: ISSA January 26, 2005.
BGPSEC Router Key Roll-over draft-rogaglia-sidr-bgpsec-rollover-00 Roque Gagliano Keyur Patel Brian Weis.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.
Introduction to OSG Security Suchandra Thapa Computation Institute University of Chicago March 19, 20091GSAW 2009 Clemson.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 11/02/2011.
Mine Altunay July 30, 2007 Security and Privacy in OSG.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012.
OSG PKI Transition: Transition Phase Report Von Welch OSG PKI Transition Lead Indiana University Center for Applied Cybersecurity Research.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Security fundamentals Topic 5 Using a Public Key Infrastructure.
Grid Security and Identity Management Mine Altunay Security Officer, Open Science Grid, Fermilab.
 How well is your organisation prepared for internal or external emergency situations? ◦ Do you consult with relevant emergency agencies? ◦ Do you.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 4/11/2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 02/13/2012.
12-Jun-03D.P.Kelsey, CA meeting1 CA meeting Minimum Requirements CERN, 12 June 2003 David Kelsey CCLRC/RAL, UK
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI CSIRT Procedure for Compromised Certificates and Central Security Emergency.
Incident Response Christian Seifert IMT st October 2007.
OSG PKI Transition Impact on CMS. Impact on End User After March , DOEGrids CA will stop issuing or renewing certificates. If a user is entitled.
OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.
GGUS summary (3 weeks) VOUserTeamAlarmTotal ALICE7029 ATLAS CMS LHCb Totals
OSG PKI Transition Mine Altunay OSG Security Officer
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
A Survey of Certificate Management Processes and Procedures in OSG Gabriel Ghinita and Mine Altunay
Jens' obligatory soap box Can't be a PMA without a SoapBox A random collection of Soapy things Nicosia, Jan 2009.
Non Functional Testing. Contents Introduction – Security Testing Why Security Test ? Security Testing Basic Concepts Security requirements - Top 5 Non-Functional.
Certificate Security For Users Obtaining and Using Your Personal Certificate using the OSG PKI Kyle Gross – OSG Operations Support Lead Elizabeth Prout.
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
New OSG Virtual Organization Security Training OSG Security Team.
OSG PKI Transition: Status and Next Steps (and Lessons Learned) Von Welch OSG PKI Transition Lead Indiana University Center for Applied Cybersecurity Research.
GGUS New features and roadmap
Critical Security Controls
OSG Security Kevin Hill.
Managing Multi-user Databases
Incident response and intrusion detection
6. Application Software Security
Presentation transcript:

OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch OSG Council August 23, 2012

August 22, 2012OSG Council OSG PKI Failure Cases 4 Failure Types:  Back-End CA Compromise  OSG OIM Front-End Compromise  Back-End CA Loss of Availability  OSG OIM Front-End Loss of Availability Back-End CA and OIM Front-End Compromises have the highest impact. OIM Front-End compromise is more likely to happen than Back-End CA compromise. 2

August 22, 2012OSG Council Recovery Plans: Back-End CA Compromise 3 Day 1 Discovery Day 2 IR Team & Comm. Prevent Unauthorize d Access Impact: None Day 3 Remove the failing CA. Impact: Production stops Use other IGTF CAs (CERN, Fermi, NCSA, XSEDE, NERSC). Impact: Production at most at 50% of normally available CPU hours. Most productive sites and LHC users obtain certificates Day 5 Day 20 Establish a Temporary Non-IGTF CA Day 80 Establish an IGTF CA Propagate new DNs. Impact: Production restored to normal Day 82 Use the Non-IGTF CA. Impact: all Sites and users are in production. Not compatible with outside of the US

August 22, 2012OSG Council Low Likelihood with High Impact Production is most affected between Day 3 and Day 20. After Day 20, OSG establishes a Temporary Non- IGTF CA (a simple openSSL CA).  The Temporary CA brings production back close to regular levels, but WLCG interoperability will be impacted. Job and data transfer between Europe and OSG will be impacted. After Day 80, production goes back to normal  Either, compromised CA will get restored by DigiCert, which is very likely to happen  Or, OSG establish a new IGTF CA. 4 Recovery Plans: Back-End CA Compromise

August 22, 2012OSG Council Choices:  Accept to operate with a Temporary CA for two months.  (+) Production close to being normal.  (-) WLCG Interoperability gets hit.  (-) Council members may refuse to use an unaccredited CA.  OR, Prepare a back up IGTF CA.  (-) High cost for building and maintaining.  (+) Eliminates interoperability and un-accreditation problems. 5 Recovery Plans: Back-End CA Compromise

August 22, 2012OSG Council 6 Recovery Plans: OIM Front-End Compromise Day 1: Discovery Form IR Team Establish Comm. Impact: None Identify and disable the compromised Front-End accounts. Revoke and re- issue any certs previously issued by compromised RAs and GA accounts. Impact: No major impact on production. Temporary short-term loss of access for compromised certificates. Remaining RAs and GA will take the compromised agents workload. Week 4 If compromise spread too widely, treat this as a CA compromise. Revoke all existing certs and re-issue new certs with the same DN. If OSG Front-End is unusable, issue certs directly form Digicert MPKI. Impact: Temporary short-term loss of access for all users: at best a day, at worst two weeks of access loss for an individual user. Day 3 Patch the OSG Front-end. Re-instate access to all RAs and GAs. Impact: None on Production. Less work for uncompromised RA and GAs.

August 22, 2012OSG Council Higher likelihood of compromise. Worst-case Impact is almost equal to CA compromise  except the CA keys are uncompromised.  But, all certificates must be revoked and re-issued.  Production level drops for 2 weeks while revoking illicitly issued certs and re-issuing them. Precautions that can be taken now:  Assess security of the OIM Front-End against attacks  Document and Practice forensics and investigation activities for a Front-End compromise.  Ensure all OSG software can work directly against DigiCert web front-end 7 Recovery Plans: OIM Front-End Compromise

August 22, 2012OSG Council Recovery Plans: CA Service Loss Day 1: Service Loss Form IR Team Establish Comm. Impact: None Day 3 Make other IGTF CAs (CERN, Fermi, NCSA, XSEDE, NERSC) available to OSG Impact: New users and expiring certificates out of the production. The rest of OSG works normally Week 4 Establish a Non-IGTF CA Establish an IGTF CA Week 12 Week 2 Release a New CA Bundle, Ban Revoked certs Week 3 Direct users to non-IGTF CA. Impact: Less burden on IGTF CAs. Use the IGTF CA. Impact: Production back to normal. Unknown Direct users to IGTF CAs (CERN, Fermi, NCSA, XSEDE, NERSC). Impact: New users and expiring certificates join production. Extra work burden on external CAs

August 22, 2012OSG Council Moderate Likelihood with Moderate Impact Existing certs will continue to function. New users and expired certs will be impacted. Expiring certs can/should renew a month in advance. So production will truly get impacted after two months of service loss. If CA does not restore services, send users first to external IGTF CAs and then establish a Temporary non-IGTF CA 9 Recovery Plans: CA Service Loss

August 22, 2012OSG Council Recovery Plans: OIM Front-End Service Loss Day 1: Front-End Service Loss Form IR Team Establish Comm. Impact: None Directly Access DigiCert MPKI Impact: No impact on production. Extra burden on OSG staff to access DigiCert MPKI Week 4 Put Back-up OIM service in production. Impact: Production is restored back to normal Week 2 Week 3

August 22, 2012OSG Council Moderate Likelihood with Low Impact No impact on OSG Production. OSG staff can access DigiCert web front-end to issue, revoke, renew certs. More inconvenient for the OSG staff. The main front-end is at Indiana University Bloomington with a spare at IUPUI (Indianapolis) that can be switched to within 24 hours In the worst-case scenario, OSG will use DigiCert web front-end directly. 11 Recovery Plans: OIM Front-End Service Loss

August 22, 2012OSG Council Questions? 12

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.