OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012.

Slides:



Advertisements
Similar presentations
OSG PKI RA Training Mine Altunay, Jim Basney OSG PKI Team October 1, 2012.
Advertisements

OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/02/2014.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
Active Security Infrastructure Stuart Kenny Trinity College Dublin.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Key Accomplishments and Work Plans OSG Security Team July 11, 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 01/29/2014.
OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.
OSG Area Coordinators Meeting Cross-ProjectArea Report Ruth Pordes 2/8/2011.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
OSG PKI Grid Admin (GA) Training Mine Altunay, Jim Basney OSG PKI Team October 8, 2012.
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
OSG Area Coordinators Meeting Operations Rob Quick 2/22/2012.
OSG Area Coordinators Meeting Security Team Report Kevin Hill 08/14/2013.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.
OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 12/21/2011.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 06/25/2014.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.
May 8, 20071/15 VO Services Project – Status Report Gabriele Garzoglio VO Services Project – Status Report Overview and Plans May 8, 2007 Computing Division,
OSG Security Kevin Hill. Goals Operational Security – Identify software vulnerabilities – observing the practices of our VOs and sites, and sending alerts.
Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
J OINING OSG Suchandra Thapa Computation Institute University of Chicago.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 04/3/2013.
Evolution of the Open Science Grid Authentication Model Kevin Hill Fermilab OSG Security Team.
OSG Security Review Mine Altunay December 4, 2008.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay OSG Security Officer.
Rob Quick OSG Operations Area Coordinator Manager High Throughput Computing Indiana University Integrating OSG Operational Services Rob Quick OSG Operations.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
OSG Cyber Security OSG Site Administrators workshop Indianapolis August Doug Olson LBNL Health.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch OSG Council August 23, 2012.
OSG PKI Contingency and Recovery Plans Mine Altunay, Von Welch October 16, 2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 11/02/2011.
Mine Altunay July 30, 2007 Security and Privacy in OSG.
Meeting Minutes and TODOs TG has no distributed monitoring. During incident response, use a manual twiki page to distribute information TG monitors the.
US LHC OSG Technology Roadmap May 4-5th, 2005 Welcome. Thank you to Deirdre for the arrangements.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
6/23/2005 R. GARDNER OSG Baseline Services 1 OSG Baseline Services In my talk I’d like to discuss two questions:  What capabilities are we aiming for.
G Z LIGO's Physics at the Information Frontier Grant and OSG: Update Warren Anderson for Patrick Brady (PIF PI) OSG Executive Board Meeting Caltech.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 4/11/2012.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 02/13/2012.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
Identity Management in Open Science Grid Identity Management in Open Science Grid Challenges, Needs, and Future Directions Mine Altunay, James Basney,
WLCG Operations Coordination report Maria Alandes, Andrea Sciabà IT-SDC On behalf of the WLCG Operations Coordination team GDB 9 th April 2014.
Opensciencegrid.org Operations Interfaces and Interactions Rob Quick, Indiana University July 21, 2005.
OSG Security: Updates on OSG CA & Federated Identities Mine Altunay, PhD OSG Security Team OSG AHM March 24, 2015.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
Open Science Grid Security Activities D. Olson, LBNL OSG Deputy Security Officer For the OSG Security Team: M. Altunay, FNAL, OSG Security Officer, D.O.,
OSG PKI Transition Mine Altunay OSG Security Officer
OSG Area Coordinators Meeting Security Team Report Mine Altunay 8/15/2012.
Ruth Pordes, March 2010 OSG Update – GDB Mar 17 th 2010 Operations Services 1 Ramping up for resumption of data taking. Watching every ticket carefully.
OSG Facility Miron Livny OSG Facility Coordinator and PI University of Wisconsin-Madison Open Science Grid Scientific Advisory Group Meeting June 12th.
OSG VO Security Policies and Requirements Mine Altunay OSG Security Team July 2007.
EGI-InSPIRE RI EGI (IGTF Liaison Function) EGI-InSPIRE RI IGTF & EUGridPMA status update SHA-2 – and more (David Groep,
News from EUGridPMA EGI OMB, 22 Jan 2013 David Kelsey (STFC) Using notes from David Groep 22/01/20131EUGridPMA News.
New OSG Virtual Organization Security Training OSG Security Team.
IGTF Risk Assessment Team 5/11/091.
Software Tools Group & Release Process Alain Roy Mine Altunay.
OSG Security Review Mine Altunay March 12, Jan Security Overview Current Initiatives  OSG Security roadmap  Technical and operational.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI SA1.2 Plans 2013 Security Operations David Kelsey (STFC) 26/02/2013 Operations.
OSG Security Kevin Hill.
Open Science Grid Consortium Meeting
Leigh Grundhoefer Indiana University
Prevention is better than Cure
Presentation transcript:

OSG Area Coordinators Meeting Security Team Report Mine Altunay 6/6/2012

WBS Ongoing Activities 1Incident response and vulnerability assessment Minimizing the end-end response time to an incident, 1 day for a severe incident, 1 week for a moderate incident, and 1 month for a low-risk incient. 2Troubleshooting; processing security tickets including user requests, change requests from stakeholders, technical problems Goal is to acknowledge tickets within one day of receipt. 3Maintaining security scripts (vdt-update-certs, vdt-ca-manage, cert-scripts, etc) Maintain and provide bug fixes according to the severity of bugs. For urgent problems, provide an update in one week; For moderate severity, provide an update in a month; For low risk problems, provide an update in 6 months. 4Supporting OSG RA in processing certificate requests Each certificate request is resolved within one week; requests for GridAdmin and RA Agents are served within 3 days. 5Preparing CA releases (IGTF), modifying OSG software as the changes in releases require CA release for every two months 6Security Policy work with IGTF, TAGPMA, JSPG and EGI Meet with IGTF and TAGPMA twice a year. Attend JSPG and EGI meteings remotely and face-face once a year. Track security policy changes and report to OSG management. 7Security Test and Controls Execute all the controls included in the Security Plan and prepare a summary analysis. 8Weekly Security Team Meeting to review work items Coordinate weekly work items. 9Weekly reporting to OSG-Production Report important items that will affect production; incidents, vulnerabilities, changes to PKI infrastructure 10Monthly reporting to OSG-ET Meet with ET once a month to discuss work items 11Quarterly reporting to Area Coordinator meeting Meet with area coordinators to discuss work items.

Ongoing Work: Operational Security 1.Software Vulnerabilities/Incidents – No incident at OSG. EGI reported a DDoS attack using EGI resources. The attacker used the grid resources to attack a third party victim. Sent out an announcement; cautionary steps to prevent this. – Software vulnerabilities: 12 vulnerabilities have been assessed, including, gridFTP, Hadoop, mysql, openSSL, Voms, Mac Java, Kernel, Tomcat vulnerabilities. – 4 security announcements sent since 4/11/2012 (last security report) – An incident drill with Tier 3s, 7 out of 11 sites participated. First half was drilled in May. The second half is drilled this week. Report will be sent to ET.

1. XESEDE operational interface: Calling into weekly Incident Response calls and biweekly Security Operations calls. 2. Stakeholder requests: FermiCloud stakeholder request. Identify pilot jobs and ensure that they invoke glexec 4. New request for investigation sent to DOEgrids CA. Generating CRLs seem to take longer than what CP/CPS allows. 5. Two items – CA release process update. OLD location of GOC CA rpm cache turned off. – New project: We had an earlier project to make our software compatible with CA bundle layouts designed for SHA-2. We have been releasing CA bundles with both old layouts (sha-1) and new layouts (sha-2). We start a project plan to phase out the old bundles from production. Ongoing Work: Operational Security

5. 3 IGTF releases since April. 6. IGTF All Hands and Security Policy Group Meetings in May. 7. Security test and Controls: Started in May. 60% completed. It will be finished before mid-July. Ongoing Work: Operational Security

4Security 4.1Identity Management Basney, Altunay Work Plan agreed by OSG Management and Security team Basney, Altunay8/1/11 9/15/1 1Completed Integrate a UCSD VO with CILogon CA to utilize local resources Basney, Altunay 8/15/1 1 9/30/1 1Completed Integrate a VO with Cilogon CA which can submit jobs to OSG resources Basney, Altunay 9/16/1 1 12/30/ 11Completed 4.2Conduct Security Controls and Tests Altunay, Slagell Execute the security controls in OSG Security Plan Altunay, Slagell5/1/127/1/ Prepare a report on findings from the Security Controls Altunay, Slagell7/1/12 7/22/ Evaluate and update CA release process Altunay, Roy, Quick 12/21/ 11 2/29/1 2 ***new*** Completed 4.5 Provide DES VO with guidance over Security Policies and ProceduresAltunay 1/12/1 2 2/31/2 012 ***new*** Completed WBS Items

4.4. is completed on time. As reported in Ongoing Activities. Phasing out old CA bundle layouts will proceed the item 4.4. WBS Items

Any Other Issues Kevin Hill officially transitioned to security team on June 1 st. Marco ramped down to zero. Vacations coming up for July. – Kevin will be on vacation almost all of July.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.