9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK

Slides:



Advertisements
Similar presentations
Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.
Advertisements

USG INFORMATION SECURITY PROGRAM AUDIT: ACHIEVING SUCCESSFUL AUDIT OUTCOMES Cara King Senior IT Auditor, OIAC.
Contractor Safety Management
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
1 Issues in federated identity management Sandy Shaw EDINA IASSIST May 2005, Edinburgh.
Copyright JNT Association 20051OptionalCopyright JNT Association 2007 Overview of the UK Access Management Federation Josh Howlett.
Secure System Administration & Certification DITSCAP Manual (Chapter 6) Phase 4 Post Accreditation Stephen I. Khan Ted Chapman University of Tulsa Department.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
B O N N E V I L L E P O W E R A D M I N I S T R A T I O N 1 Network Operating Committee (NOC) June 12 th, 2014.
RomeWorkshop on eInfrastructures 9 December LCG Progress on Policies & Coming Challenges Ian Bird IT Division, CERN LCG and EGEE Rome 9 December.
Postgraduate Educational Course in radiation protection and the Safety of Radiation sources PGEC Part IV The International System of Radiation Protection.
WHO COURSE FOR THE CARs MONITORING AND AUDITING OF FOOD LAW COMPLIANCE AND ENFORCEMENT.
1 Updates to Texas Administrative Code 1TAC 206 Jeff Kline, Statewide Accessibility Coordinator Texas Department of Information Resources February 8, 2012.
Implementing the New Reliability Standards Status of Draft Cyber Security Standards CIP through CIP Larry Bugh ECAR Standard Drafting Team.
Federal Aviation Administration Federal Aviation Administration 1 Presentation to: Name: Date: Federal Aviation Administration AMHS Security Security Sub-Group.
Project Management Methodology Project Closing. Project closing stage Must be performed for all projects, successfully completed or shut off by management.
Oilpalm.wildasia.org RSPO SCC Standard Group Certification (Part 3) RSPO LEAD AUDITOR SERIES SCCS M2c May 2013.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
Certification and Accreditation CS Phase-1: Definition Atif Sultanuddin Raja Chawat Raja Chawat.
GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Health and Safety Policy
1 Texas Regional Entity 2008 Budget Update May 16, 2007.
JSPG: User-level Accounting Data Policy David Kelsey, CCLRC/RAL, UK LCG GDB Meeting, Rome, 5 April 2006.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
INFSO-RI Enabling Grids for E-sciencE EGEE/LCG Joint Security Policy Group David Kelsey, CCLRC/RAL, UK EGEE.
10-Jun-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 10 June 2003 David Kelsey CCLRC/RAL, UK
Security Policy Update LCG GDB Prague, 4 Apr 2007 David Kelsey CCLRC/RAL
13-Jul-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint LCG/EGEE Security Group) CERN 13 July 2004 David Kelsey CCLRC/RAL,
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
9-Sep-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) CERN, 9 September 2003 David Kelsey CCLRC/RAL, UK
8-Jul-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) RAL, 8 July 2003 David Kelsey CCLRC/RAL, UK
LCG/EGEE Security Operations HEPiX, Fall 2004 BNL, 22 October 2004 David Kelsey CCLRC/RAL, UK
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
Grid Operations Centre LCG SLAs and Site Audits Trevor Daniels, John Gordon GDB 8 Mar 2004.
Summary of AAAA Information David Kelsey Infrastructure Policy Group, Singapore, 15 Sep 2008.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Security Policy Update David Kelsey UK HEP Sysman, RAL 1 Jul 2011.
Security Operations David Kelsey GridPP Deployment Board 3 Mar 2005
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) WLCG GDB, CERN 10 Jul 2013.
Revised AQTF Standards for Registered Training Organisations Strengthening our commitment to quality - COAG February August 2006.
2-Sep-02D.P.Kelsey, WP6 CA, Budapest1 WP6 CA report Budapest 2 Sep 2002 David Kelsey CLRC/RAL, UK
SAM-101 Standards and Evaluation. SAM-102 On security evaluations Users of secure systems need assurance that products they use are secure Users can:
DTI Mission – 29 June LCG Security Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Article 28(2) USD Introduction. The Problem Fraud and Misuse scale Evolving risks Impact on end users –Direct financial impact –Direct inconvenience Indirect.
Chapter 8 Auditing in an E-commerce Environment
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Security Policy Update WLCG GDB CERN, 14 May 2008 David Kelsey STFC/RAL
EGI-InSPIRE RI EGI EGI-InSPIRE RI Service Operations Security Policy the new generalised site operations security policy.
EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SPG future work EGI Technical Forum Lyon, 21 Sep 2011 David Kelsey, STFC/RAL.
EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.
JSPG Update David Kelsey MWSG, Zurich 31 Mar 2009.
18-May-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) Barcelona 18 May 2004 David Kelsey CCLRC/RAL, UK
Security Policy Update WLCG GDB CERN, 8 Dec 2010 David Kelsey STFC/RAL david.kelsey AT stfc.ac.uk.
Planning for LCG Emergencies HEPiX, Fall 2005 SLAC, 13 October 2005 David Kelsey CCLRC/RAL, UK
INFSO-RI Enabling Grids for E-sciencE Joint Security Policy Group David Kelsey, CCLRC/RAL, UK 3 rd EGEE Project.
7-May-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Issues and Planning or Report from the Security Group CERN, 8 May 2003 David Kelsey CCLRC/RAL, UK.
Information Security tools for records managers Frank Rankin.
INFORMATION ASSURANCE POLICY. Information Assurance Information operations that protect and defend information and information systems by ensuring their.
Designing Identity Federation Policy, the right way Marina Vermezović, Academic Network of Serbia TNC2013 conference 4 May 2013.
Grid Security Policy: EGEE to EGI David Kelsey (RAL) 16 Sep 2009 JSPG meeting, DFN Berlin david.kelsey at stfc.ac.uk.
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Security Policy Update WLCG GDB CERN, 11 June 2008 David Kelsey STFC/RAL
Grid Operations Centre Progress to Aug 03
David Kelsey CCLRC/RAL, UK
David Kelsey CCLRC/RAL, UK
Update - Security Policies
HIPAA Security Standards Final Rule
Presentation transcript:

9-Oct-03D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK

9-Oct-03D.P.Kelsey, LCG-GDB-Security2 Overview Just one topic LCG Security and Availability Policy –Draft 3 presented at 9 th Sep 03 GDB –Aiming for approval at this meeting This draft (V4b) produced on 30 th Sep Security Group meetings (also working on risk analysis) –10 th September 2003 –24 th September

9-Oct-03D.P.Kelsey, LCG-GDB-Security3 Changes since last GDB “LCG Security and Availability Policy” –Trevor Daniels (GOC task force) is main author –In collaboration with Security Group Incorporated comments made last month by GDB –Ownership –Role of home employing institute –No personnel screening Lots of minor changes –To make document clearer –Changed document template to LCG SEC format Also distributed V4b to Site Security contacts –but no feedback to date

9-Oct-03D.P.Kelsey, LCG-GDB-Security4 Section 1: Objectives and Scope Objectives –Agreed set of statements –Attitude of the project towards security and availability –Authority for defined actions –Responsibilities on individuals and bodies Promote the LHC science mission Control of resources and protection from abuse Minimise disruption to science Obligations to other network (inter- and intra- nets) users Broad scope: not just hacking Maximise availability and integrity of services and data Resources, Users, Administrators, Developers (systems and applications), and VOs Does NOT override local policies Procedures, rules, guides etc contained in separate documents

9-Oct-03D.P.Kelsey, LCG-GDB-Security5 Section 1: Ownership, maintenance and review The Policy is –Prepared and maintained by Security Group and GOC –Approved by GDB –Formally owned and adopted as policy by SC2 Technical docs implementing or expounding policy –Procedures, guides, rules, … –Owned by the Security Group and GOC timely and competent changes GDB approval for initial docs and significant revisions –Must address the objectives of the policy Review the top-level policy at least every 2 years –Ratification by SC2 via GDB if major changes required

9-Oct-03D.P.Kelsey, LCG-GDB-Security6 Section 2: LCG services and resources Definition of … Resources –Equipment, software, data Services –Defined by GOC web-site –example list defined

9-Oct-03D.P.Kelsey, LCG-GDB-Security7 Section 3: Roles and Responsibilities LCG Organisation VOs –Acts with LCG Organisation, sites and home institutes of users Sites Resource Administrators Users Developers GOC Some examples here. Details in associated documents

9-Oct-03D.P.Kelsey, LCG-GDB-Security8 Section 4: Physical security Expected to be covered by site local policy and practices –Should aim to reduce the risks Should be consistent with the SLA defined by the resource administrator

9-Oct-03D.P.Kelsey, LCG-GDB-Security9 Section 5: Network security Covered by local site policy –Should aim to reduce risks Again consistent with SLA LCG policy to reduce the risk exposed by applications which need to communicate across the Internet, BUT Firewalls required to allow transit of inbound and outbound packets to/from some port numbers

9-Oct-03D.P.Kelsey, LCG-GDB-Security10 Section 6: Access Control Global components of the common grid security infrastructure must be deployed by all sites and resources Additional local components allowed Resource providers and Users must comply with all relevant associated documents

9-Oct-03D.P.Kelsey, LCG-GDB-Security11 Section 7: Compliance Require Site self-audit at least every 2 years –Check policy (and associated procedures and practices) is being followed Independent audit (by or for GOC) allowed if –Self audit not performed –Not following policy –At random Audit summaries to be published (by GOC) Emergency exceptions allowed –Time-limited, authorised and GOC informed

9-Oct-03D.P.Kelsey, LCG-GDB-Security12 Section 8: Sanctions Sanctions defined for failure to comply Sites or admins –remove services Users, Admins, Developers –remove right of access –May have activities reported to home institute or to law enforcement agencies –Appropriate body will decide course of action Responsibility of the VO to define the body VOs –Remove right of access for them and all their users

9-Oct-03D.P.Kelsey, LCG-GDB-Security13 Section 9: Associated documents User Registration and VO Management (exists) Rules for use of LCG-1 (exists) Procedures for Resource Administrators Approval of LCG CA’s (exists) Guide for network administrators Procedures for site self-audit SLA Guide Incident Response (exists) Audit Requirements (exists)

9-Oct-03D.P.Kelsey, LCG-GDB-Security14 Issues since 30 th Sep We use the term GOC in the singular –Means the GOC “service” i.e. several GOC’s Assumes that sites join LCG –How can we cope with other Grids offering resources, but not part of LCG? We need to require they agree to our policy

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.