Download presentation
Presentation is loading. Please wait.
Published byFelicia Alexander Modified over 6 years ago
1
Incident Response Plan for the Open Science Grid
2nd EGEE Conference Den Haag, Netherlands 25 Nov 2004 Bob Cowles –
2
Principles OSG is a with little central control or resources – almost everything has to be done by the sites or the VOs Sites security personnel will need to feel comfortable with grid use of resources limited additional risks local control over decisions Coordinate with EGEE/LCG efforts KISS or “Simplify and add lightness” 25 Nov 2004 OSG Incident Response
3
Centrally Provided List of site security points of contact
communications Filter standard addresses Coordinate with other Grid Operation Centers (GOC) 25 Nov 2004 OSG Incident Response
4
Site Responsibilities – 1
Report grid-related incidents (hi-priority list) Remove compromised servers Release only summary information Have a site incident response plan in place (logs, evidence) 25 Nov 2004 OSG Incident Response
5
Site Responsibilities – 2
Provide security contact information Follow-up to discussion list Take appropriate care with sensitive material collected Provide appropriate law enforcement with materials for coordination, investigation and prosecution 25 Nov 2004 OSG Incident Response
6
Incident Classification
Potential to compromise grid infrastructure Potential to compromise grid service or VO Potential to compromise grid user 25 Nov 2004 OSG Incident Response
7
Response Teams Self-organized body of volunteers
Mailing list maintained by GOC Team organized for severe or complex incidents Team leader to coordinate efforts 25 Nov 2004 OSG Incident Response
8
Incident Handling – 1 Discovery and reporting
local procedures & GOC list notified Initial analysis and classification verify incident and perform classification Containment remove resources, services, users Notification and escalation notify grid management for more severe 25 Nov 2004 OSG Incident Response
9
Incident Handling – 2 Analysis and Response Post-incident analysis
Resource tracking (response costs) Evidence collection Removal and recovery – regular communication on the discussion list Post-incident analysis Close-out report following incident 25 Nov 2004 OSG Incident Response
10
Timeline Jun 04 – Security TG formed Jul 04 – IR Activity formed
Sep 04 – First draft of plan reviewed Oct 04 – Coordinate with EGEE/LCG Nov 04 – Presentation – 2nd EGEE Conf Dec 04 – Implementation Jan 05 – Implementation & testing Feb 05 – OSG; EGEE Review 25 Nov 2004 OSG Incident Response
11
The Plan www.opensciencegrid.org click on “Documents”
click on “Documents” click on “Search the database and read documents” click on “OSG Security Incident Handling and Response” 25 Nov 2004 OSG Incident Response
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.