Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scuola Grid - Martina Franca, Thursday 08 November 2007 - 1 Incident Response Guide Alfredo Pagano INFN – CNAF on.

Published byAllen Terry Modified over 8 years ago

Similar presentations

Presentation on theme: "Scuola Grid - Martina Franca, Thursday 08 November 2007 - 1 Incident Response Guide Alfredo Pagano INFN – CNAF on."— Presentation transcript:

1 www.ccr.infn.it http://grid.infn.it/ Scuola Grid - Martina Franca, Thursday 08 November 2007 - 1 Incident Response Guide Alfredo Pagano INFN – CNAF on behalf of CMT and Italian ROC

2 www.ccr.infn.it http://grid.infn.it/ Scuola Grid - Martina Franca, Thursday 08 November 2007 - 2 Operational Security Coordination Team LCG/EGEE Incident Response Procedure Document: https://edms.cern.ch/file/867454/LAST_RELEASED/EGEE_Incident_R esponse_Procedure.pdf Security

3 www.ccr.infn.it http://grid.infn.it/ Scuola Grid - Martina Franca, Thursday 08 November 2007 - 3 Introduction This procedure is provided for guidance only and is aimed at minimising the impact of security incidents, by encouraging post-mortem analysis and promoting cooperation between the sites. It is based on the EGEE Incident Response policy. –Have a look to:  https://edms.cern.ch/file/428035/LAST_RELEASED/Incident_Resp onse_Guide.pdf

4 www.ccr.infn.it http://grid.infn.it/ Scuola Grid - Martina Franca, Thursday 08 November 2007 - 4 Definition A security incident is the act of violating an explicit or implied security policy (ex: local security policy, EGEE Acceptable Use Policy) EGEE Acceptable Use Policy: –https://edms.cern.ch/file/428036/LAST_RELEASED/Grid_AUP.pdf

5 www.ccr.infn.it http://grid.infn.it/ Scuola Grid - Martina Franca, Thursday 08 November 2007 - 5 Incident response prodecure When a security incident is suspected, the following procedure should be used: 1. Contact immediately your local security team and your ROC Security Contact. 2. In case no support is shortly available, whenever feasible and if you are sufficiently familiar with the host/service to take responsibility for this action, try to contain the incident, for instance by unplugging the network cable connected to the host. Do NOT reboot or power off the host. 3. Assist your local security team and your ROC Security Contact to confirm and then announce the incident to all the sites via project-egee-securitycsirts@cern.ch 4. If appropriate: report a downtime for the affected hosts on the GOCDB send an EGEE broadcast announcing the downtime for the affected hosts Use "Security operations in progress" as the reason with no additional detail both for the broadcast and the GOCDB.

6 www.ccr.infn.it http://grid.infn.it/ Scuola Grid - Martina Franca, Thursday 08 November 2007 - 6 Incident response prodecure 5. Perform appropriate forensics and take necessary corrective actions If needed, seek for help from your local security team or from your ROC Security Contact or from project-egee-security-support@cern.ch If relevant, send additional reports containing suspicious patterns, files or evidence that may be of use to other Grid participants to project-egeesecurity- contacts@cern.ch. NEVER send potentially sensitive information (ex: hosts, IP addresses, usernames) without clearance from your local security team and/or your ROC Security Contact. 6. Coordinate with your local security team and your ROC Security Contact to send an incident closure report within 1 month following the incident, to all the sites via project- egee-security-contacts@cern.ch, including lessons learnt and resolution. 7- Restore the service, and if needed, send an EGEE broadcast, update the GOCDB, service documentation and procedures to prevent recurrence as necessary.

Download ppt "Scuola Grid - Martina Franca, Thursday 08 November 2007 - 1 Incident Response Guide Alfredo Pagano INFN – CNAF on."

Similar presentations

Last update 01/06/2014 03:23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures https://edms.cern.ch/document/503198/

Last update 01/06/ :23 LCG 1Maria Dimou- cern-it-gd Maria Dimou IT/GD Site Registration policy & procedures
RBA Securitisation System Technical Delivery Forum Thursday, 29 January 2015 RBA Securitisation System.

RBA Securitisation System Technical Delivery Forum Thursday, 29 January 2015 RBA Securitisation System.
WELCOME MANAGING ATTENDANCE GOVERNOR / PRINCIPAL TRAINING MARCH 2012.

WELCOME MANAGING ATTENDANCE GOVERNOR / PRINCIPAL TRAINING MARCH 2012.
INFSO-RI-508833 Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK

INFSO-RI Enabling Grids for E-sciencE Update on LCG/EGEE Security Policy and Procedures David Kelsey, CCLRC/RAL, UK
1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.
Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.

Business Continuity Check List PageOne. - Why Does Your Business Need A Continuity Checklist? Should the unexpected occur, your business will be able.
Problem Management SDG teamIT Problem Management Process 2009 Client Services Authors: M. Begley & R. Crompton, Client Services.

Problem Management SDG teamIT Problem Management Process 2009 Client Services Authors: M. Begley & R. Crompton, Client Services.
Incident Response Updated 03/20/2015

Incident Response Updated 03/20/2015
A Task for NRENs: Application Support and Services UbuntuNet-Connect 2008, Lilongwe, Malawi 11th November 2008 Gerti Foest, DFN-Verein.

A Task for NRENs: Application Support and Services UbuntuNet-Connect 2008, Lilongwe, Malawi 11th November 2008 Gerti Foest, DFN-Verein.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
INFSO-RI-508833 Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:

Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:
HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.

HQ Expectations of DOE Site IRBs Reporting Unanticipated Problems and Review/Approval of Projects that Use Personally Identifiable Information Libby White.
Intern 2 Learn Program Overview. Intern 2 Learn What is Intern 2 Learn ? Intern 2 Learn is an undergraduate, student employment program designed to: Provide.

Intern 2 Learn Program Overview. Intern 2 Learn What is Intern 2 Learn ? Intern 2 Learn is an undergraduate, student employment program designed to: Provide.
EARTO – working group on quality issues – 2 nd session 20.6.2011 Anneli Karttunen, Quality Manager VTT Technical Research Centre of Finland This presentation.

EARTO – working group on quality issues – 2 nd session Anneli Karttunen, Quality Manager VTT Technical Research Centre of Finland This presentation.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
1 LHC-OPN 2008, Madrid, 10-11 th March. Bruno Hoeft, Aurelie Reymund GridKa – DE-KIT procedurs Bruno Hoeft LHC-OPN Meeting 10. – 11. 03. 08.

1 LHC-OPN 2008, Madrid, th March. Bruno Hoeft, Aurelie Reymund GridKa – DE-KIT procedurs Bruno Hoeft LHC-OPN Meeting 10. –

Similar presentations

Ads by Google