Sergiu April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair.

Slides:



Advertisements
Similar presentations
INDIANAUNIVERSITYINDIANAUNIVERSITY Global Federated Network Operations Structure (GFNOS) Jim Williams TransPAC2 Principal Investigator
Advertisements

FMS. 2 Fires Terrorism Internal Sabotage Natural Disasters System Failures Power Outages Pandemic Influenza COOP/ Disaster Recovery/ Emergency Preparedness.
Incident Response Managing Security at Microsoft Published: April 2004.
Planning for the Future Disaster Recovery Plan / Business Continuity Plan Jim Zukowski, Ed.D. Texas State Board of Dental Examiners 2006 Annual ConferenceAlexandria,
Online Submission and Management Information -- Authors
Building Capabilities for Incident Handling and Response
INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
Community Services Block Grant (CSBG) Program Federal Monitoring Update James Gray Program Specialist.
SAN DIEGO SUPERCOMPUTER CENTER Security and Grids Victor Hazlewood, CISSP Information Security Officer
Password District Data Breach Exercise [District Name] [Date] [Logo]
CVE , lessons learned and actions David Groep, Nov 7 nd, 2008.
SIRT Contact Orientation Security Incident Response Team Departmental Security Contacts April 16, 2004.
Network security policy: best practices
Developing a Security Policy Chapter 2. Learning Objectives Understand why a security policy is an important part of a firewall implementation Determine.
Community Engagement Partnerships: Data Collection 2010 Office of Academic Planning & Accountability 1 April 2010.
Presented DATE to GROUP NAME The Great Lakes Border Health Initiative.
Fermi Computer Incident Response Team Computer Security Awareness Day March 8, 2005 Michael Diesburg.
CyberSecurity Summit 2005 Teragrid Incident Response Overview December 13th, 2005 James Marsteller CISSP Information Security Officer Pittsburgh Supercomputing.
EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney
Lesson 8-Information Security Process. Overview Introducing information security process. Conducting an assessment. Developing a policy. Implementing.
1 Secure. Sensible. Smart. e-learning for those who care Hosted by: Dennis Kronebusch…. Overview and myCEU Tool.
What is Chapter Affairs? Global View and Support –Leadership Forum –Chapter Executive Workshop –Chapter Awards Program Liaison between Chapters and ACC.
INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
CILogon OSG CA Mine Altunay Jim Basney TAGPMA Meeting Pittsburgh May 27, 2015.
Keeping you Running Part I Experiences in Helping Local Governments Develop Cyber Security and Continuity Plans and Procedures Stan France & Mary Ball.
OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
FORESEC Academy FORESEC Academy Security Essentials (II)
Division of AIDS Data Interchange. Division of AIDS Data Interchange Agenda.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center
Introduction & Step 1 Presenter: Updated 6/21/2013.
Physical Inventory Project Overview 0 Physical Inventory Overview George Vrtiak Transformation Projects Team April 10, 2007.
Incident Management PCCYFS June 27, 2007 Incident Management for the Office of Children, Youth and Families.
Executive Summary Target Deployment – January 4, 2005 Actual Deployment – December 22, 2004.
August Mr. Mike Finley, CISSP Senior Security Engineer Computer Science Corporation.
September 12, 2004 Simplifying the Administration of HIPAA Security Angel Hoffman, RN, MSN Director, Corporate Compliance University of Pittsburgh Medical.
Lesson 9-Information Security Best Practices. Overview Understanding administrative security. Security project plans. Understanding technical security.
Federated Environments and Incident Response: The Worst of Both Worlds? A TeraGrid Perspective Jim Basney Senior Research Scientist National Center for.
COMP3615,5615 Capstone Projects Week Overview of the semester Website tour – XP and roles – Assessment – note especially the individual mark operating.
Incident Response Plan for the Open Science Grid Grid Operations Experience Workshop – HEPiX 22 Oct 2004 Bob Cowles – Work.
EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Knowing What You Missed Forensic Techniques for Investigating Network Traffic.
Rhonda Anderson, RHIA, President  …is a PROCESS, not a PROJECT 2.
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
1 Policy Types l Program l Issue Specific l System l Overall l Most Generic User Policies should be publicized l Internal Operations Policies should be.
CU – Boulder Security Incidents Jon Giltner. Our Challenge.
TeraGrid Operations Overview Mike Pingleton NCSA TeraGrid Operations December 2 nd, 2004.
1 Local Readiness Team Lead Meeting June 6, 2007.
REC support is. provided under cooperative agreement 90RC0025/01 from the Office of the National Coordinator for HIT, US Dept. of Health and Human Services.
Module 12: Responding to Security Incidents. Overview Introduction to Auditing and Incident Response Designing an Audit Policy Designing an Incident Response.
Transformation Accountability (TRAC) Center for Mental Health Services Version 10 October 2015 NOMs Client-level Measures for Programs Providing Direct.
Information Security In the Corporate World. About Me Graduated from Utica College with a degree in Economic Crime Investigation (ECI) in Spring 2005.
PRESENTED TO: ENERGY FACILITY CONTRACTORS GROUP SAFETY ANALYSIS WORKING GROUP SAFETY ANALYSIS WORKSHOP BY: CHRIS CHAVES NSR&D PROGRAM OFFICE OF NUCLEAR.
An Active Security Infrastructure for Grids Stuart Kenny*, Brian Coghlan Trinity College Dublin.
EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.
Planning for LCG Emergencies HEPiX, Fall 2005 SLAC, 13 October 2005 David Kelsey CCLRC/RAL, UK
School Name O rientation School Year Presented by Mrs.
Global Grid Forum GridForge GGF9 October 2003 Steve Crumb Global Grid Forum.
Contingency Management Indiana University of Pennsylvania John P. Draganosky.
Blackboard Learn 9.1 Communicating with Students © 2010 Blackboard Inc. All rights reserved.
15-Jun-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the LCG Security Group) CERN 15 June 2004 David Kelsey CCLRC/RAL, UK
Ticket Handling, Queue Management and QlikView Dashboard Workshop
Incident Response Plan for the Open Science Grid
Training for New District Test Coordinators
America’s First National Critical Infrastructure Exercise
HIDTA’s Overdose Detection Mapping Application Program
Federated Environments and Incident Response: The Worst of Both Worlds
Security week 1 Introductions Class website Syllabus review
Tom Barton (WG Chair) University of Chicago and Internet2
Presentation transcript:

Sergiu April 2006June 2006 Overview of TeraGrid Security Working Group Activities James Marsteller CISSP, Working Group Chair for Information Security Pittsburgh Supercomputing Center

Sergiu April 2006June 2006 Agenda TG Security WG Background Policy Development Incident Coordination and Response Current Projects

Sergiu TeraGrid Security WorkGroup Formed in January 2004 Eight Resource Providers + More Security WG Charter: –Development of Policies and procedures and guidelines –Provide security related advice/direction on TG projects –Coordinate Teragrid Incident Response team –Lead Risk Assessments

Sergiu TeraGrid Security WorkGroup Security WG Policies: –Security M.O.U. –CA Acceptance –Baseline Security Guidelines –Public Info Disclosure (Draft) User/Host/Job Names –Two Factor Auth (Draft) –Reporting Procedures (Draft) Procedures –Incident Response Playbook/Flowchart –Compromised Account Questionnaire –Security ‘Newbie’ guide

Sergiu April 2006June 2006 Teragrid Security Coordination Rapid, Secure, Coordinated Response and Information Sharing is Critical!

Sergiu TG Incident Response Weekly “Response” Calls 24 Hour Security “hotline” Incident Mailing List Encrypted Communications Coordinated Evidence Gathering Future Tasks: IR Tracking –TG NOC Ticket System, RT IR

Sergiu TG Incident Response Weekly IR Calls –*One of the Most Valuable Tools* –5 to 45 minutes in length –‘Closed’ Participant List –Share Latest Attack Vectors Vuls, worms, scans, other:p2p –Honeypots, Non-TG News –Update On Investigations

Sergiu TG Incident Response TG Security “hotline” –24/7 Reservation less Conference # –Any Site Can Initiate –Only Known To Response Personnel –800 Number & International Access

Sergiu TG Incident Response Response Playbook –Who/How To Contact Methodology Initial Responders Secondary Responders Help Desk Staff –How to Respond to Event –Reporting Guidelines: Press, Privacy, Funding sources (in progress)

Sergiu TG Incident Response Compromised Account Questionnaire –Do you use the password of the account at other TG sites or other general accounts (Hotmail, Amazon, Paypal, Ebay)? –What was the time of your last known login? Where was it from? –From what locations do you usually login (hostnames/IP)? –Which sites/machines have you used? –Which do you expect to use? –What locations (hosts) can we expect to you to login from?

Sergiu TG Incident Response Site Incident Response Report –How much time (in person-hours) did staff at your site spend dealing with the incident? –How were you notified? –What steps did you take to investigate at your site to determine if there was a compromised account or system? –What did you determine? –If there was a compromise: –What damage was done? –What steps did you take to respond/recover?

Sergiu Security WG Communications Mailing lists –Main TG Security WG List –IR Alert: Triggers Help Desk/Pagers/Cell Phones –Response: Announce weekly IR Calls/Notes TG Security Contact List –IR, General Security, NOC, Phone, and pagers

Sergiu Encrypted Communications PGP Key Signing Shared Password for Communications (Changes Frequently) Encrypted Website To Archive Critical Information Encrypted Communications Are VERY IMPORTANT!

Sergiu April 2006June 2006 Current Projects IGTF Efforts TAGPMA Participation –IGTF CAs: INFN (Italy) CA, Dutch Grid and NIKHEF CA, AIST (Japan) CA –CA Auditing Teragrid Risk Assessment Working with Law Enforcement IR Tracking Support for Science Gateways/Community Accounts

Sergiu TG Security Site: TG User Agreement: y.html y.html Passwords: htmlhttp:// 002.html My Useful Links