Presentation is loading. Please wait.

Presentation is loading. Please wait.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SVG F2F Virtual Machines VM images, software run on VMS. 3 rd March 2015.

Published byChastity Payne Modified over 8 years ago

Similar presentations

Presentation on theme: "EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SVG F2F Virtual Machines VM images, software run on VMS. 3 rd March 2015."— Presentation transcript:

1 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI SVG F2F Virtual Machines VM images, software run on VMS. 3 rd March 2015 SVG F2F1

2 www.egi.eu EGI-InSPIRE RI-261323 Endorsed VMs The policy of only running endorsed VM images is an important part of incident prevention One of the things that makes the Fed Cloud different from other Clouds These VM images in the AppDB need to be maintained, software patches (e.g. Linux kernel vulnerabilities) applied in a timely manner 3 rd March 2015 EGI SVG F2F2

3 www.egi.eu EGI-InSPIRE RI-261323 Vulnerabilities in AppDB VMs Would it be possible to monitor for Critical vulnerabilities in endorsed VMs in the AppDB? 3 rd March 2015 EGI SVG F2F3

4 www.egi.eu EGI-InSPIRE RI-261323 Running VM images Need to think about patching of these – whether kernel vulnerabilities, other software vulnerabilities etc. Probably this is more of an operational security issue. 3 rd March 2015 EGI SVG F2F4

5 www.egi.eu EGI-InSPIRE RI-261323 Contact details needed Need contact details for those responsible for VM images. Need contact details for those running VM images This is to inform people of at least Critical and high risk vulnerabilities. VO security contact e-mail list? plus VM image security contact list 3 rd March 2015 EGI SVG F2F5

6 www.egi.eu EGI-InSPIRE RI-261323 For Vulnerabilities in e.g. Linux Where does the responsibility lie? Of course primarily with endorser How many linux flavours in endorsed VMs? Do we inform a mailing list of endorsers of ‘High’ and ‘Critical’ vulnerabilities? We also know less of the impact in Fed Cloud, depending on how VMs used. 3 rd March 2015 EGI SVG F2F6

7 www.egi.eu EGI-InSPIRE RI-261323 AAI to connect to VMs One weakness is how VM operators allow others to connect Possibly FedCloud should have some recommended tools Carry out vulnerability assessment These tools properly maintained, vulnerability handling here. 3 rd March 2015 EGI SVG F2F7

8 www.egi.eu EGI-InSPIRE RI-261323 Other software running on VMs Only act if there is a known problem Is a checklist useful for people setting up VMs? Best practice? Possibly a CSIRT rather than SVG function. E.g. VO specific. 3 rd March 2015 EGI SVG F2F8

9 www.egi.eu EGI-InSPIRE RI-261323 VO and other user software on VMs Not everything can be tracked But it is important to be able to trace who is responsible for a running VM, Who is responsible for any software running on multiple VMs So if there is a problem (whether we are alerted to a vulnerability or potential incident) we can track who is responsible 3 rd March 2015 EGI SVG F2F9

10 www.egi.eu EGI-InSPIRE RI-261323 3 rd March 2015 EGI SVG F2F10

11 www.egi.eu EGI-InSPIRE RI-261323 3 rd March 2015 EGI SVG F2F11

Download ppt "EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI SVG F2F Virtual Machines VM images, software run on VMS. 3 rd March 2015."

Similar presentations

HEPiX Virtualisation Working Group Status, July 9 th 2010

HEPiX Virtualisation Working Group Status, July 9 th 2010
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI - Identity Management Steven Newhouse Director, EGI.eu Federated Identity.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Security Policy Group Summary EGI TF David Kelsey 6/28/2015 1.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Security Policy Group Summary EGI TF David Kelsey 6/28/
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI The EGI Software Vulnerability Group and EMI Dr Linda Cornwall, STFC, Rutherford.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
EGI-InSPIRE The EGI Software Vulnerability Group (SVG) What is a Software Vulnerability?SVG membership and interaction with other groups Most people are.

EGI-InSPIRE The EGI Software Vulnerability Group (SVG) What is a Software Vulnerability?SVG membership and interaction with other groups Most people are.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Future support of EGI services Tiziana Ferrari/EGI.eu Future support of EGI.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 Pakiti.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI Pakiti.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
European Grid Initiative Federated Cloud update Peter solagna Pre-GDB Workshop 10/11/2015....1.

European Grid Initiative Federated Cloud update Peter solagna Pre-GDB Workshop 10/11/
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
Www.egi.euEGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 EGI Future activities Peter Solagna – EGI.eu.

RI EGI-InSPIRE RI EGI Future activities Peter Solagna – EGI.eu.
UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud Security - what is needed Linda Cornwall (STFC) and the.
Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005

Grid Security Vulnerability Group Linda Cornwall, GDB, CERN 7 th September 2005
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI (Present and) Future of the EGI Services for WLCG Peter Solagna – EGI.eu.
Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.

Trusted Virtual Machine Images a step towards Cloud Computing for HEP? Tony Cass on behalf of the HEPiX Virtualisation Working Group October 19 th 2010.

Similar presentations

Ads by Google