Presentation is loading. Please wait.

Presentation is loading. Please wait.

Future GridPP Security

Published byMons Arntsen Modified over 5 years ago

Similar presentations

Presentation on theme: "Future GridPP Security"— Presentation transcript:

1 Future GridPP Security
David Crooks (STFC UKRI) GridPP42 25 April 2019

2 GridPP42 Future GridPP Security
Post SSC Ongoing evaluation of SSC results Can already make some plans Present here for discussion and hopefully agree way forward GridPP42 Future GridPP Security

3 GridPP42 Future GridPP Security
Site requirements Some things made clear (which we knew anyway…) Sites are typically staffing limited, regardless of size of site But, most especially where we have limited FTEs GridPP42 Future GridPP Security

4 GridPP42 Future GridPP Security
Site requirements Security asks things of sites Both via policy, but in particular as a healthy community What do we need from sites? GridPP42 Future GridPP Security

5 GridPP42 Future GridPP Security
Site requirements Components involved with incident response Communication User suspension Containment Tracking activity Forensics Reinstall Lessons learned and final report GridPP42 Future GridPP Security

6 GridPP42 Future GridPP Security
Site requirements Components involved with incident response Communication User suspension Containment Tracking activity Forensics Reinstall Lessons learned and final report GridPP42 Future GridPP Security

7 GridPP42 Future GridPP Security
Site requirements From an operational security standpoint, we need to be clear about what we ask sites for If we require action, need to be clear about what this is. Base requirements Respond to s Ensure that central suspension system is in place and effective GridPP42 Future GridPP Security

8 GridPP42 Future GridPP Security
How do we achieve this? Feedback from SSC I’ve spoken to several people already Seek to talk to all sites in person (either here or by coming for a visit) If I haven’t, please get in touch as I want to give everyone a chance to give feedback! GridPP42 Future GridPP Security

9 GridPP42 Future GridPP Security
How do we achieve this? Communications Security-discussion was extremely useful Other channels (mattermost team?) GridPP42 Future GridPP Security

10 GridPP42 Future GridPP Security
How do we achieve this? Documentation Started a round of revisions with Job Tracing page This needs additions (pilot jobs!) Continue to build this out, based on… GridPP42 Future GridPP Security

11 GridPP42 Future GridPP Security
How do we achieve this? Training HEPSYSMAN Security Day Individual site training? GridPP42 Future GridPP Security

12 GridPP42 Future GridPP Security
How do we achieve this? Test framework Break components of incident response into different parts Communication chain Tracking activity Test these individually, on a per site basis Written component? Tabletop exercises? GridPP42 Future GridPP Security

13 GridPP42 Future GridPP Security
How do we achieve this? GridPP security tools Proposing to use SCD Cloud to host a set of tools/test scripts/etc. Allow access for development by Security Team Common home/ACLs/development area Start with simple tests, but have common area for progress GridPP42 Future GridPP Security

14 GridPP42 Future GridPP Security
How do we achieve this? End result Consider we may have SSC every ~2 years Develop plan of GridPP documentation, training and testing in preparation SSC (for us) should be execution of well understood techniques GridPP42 Future GridPP Security

15 HEPSYSMAN Security Day
First iteration of training, following hiatus last year Morning: Review of basic procedures – what we ask of sites Technical review of SSC lessons learned Security tools – following Technical Meeting earlier in the year Afternoon: Forensics training Daniel Kouril (EGI CSIRT/CESNET) Hoping to have guided analysis of SSC payload GridPP42 Future GridPP Security

16 GridPP42 Future GridPP Security
EGI Conference Two security sessions + talks SSC Overview SSC Forensics training GridPP42 Future GridPP Security

17 GridPP42 Future GridPP Security
Next 6 months Run some test jobs at sites to practice tracing jobs Start with most common submission methods And those particular to us (GridPP DIRAC) Much of this experience we have already – this is an opportunity to practice SSC feedback – effectively performing gap analysis of procedural requirements Ultimately best done through experience GridPP42 Future GridPP Security

18 GridPP42 Future GridPP Security
Security Team Plan for security team to help with testing and training Focus the mandate of the team following our recent experience Grow our numbers a little GridPP42 Future GridPP Security

19 Wider topics

20 GridPP42 Future GridPP Security
Security Operations SOC Workshop in February Co-located with policy meeting and EGI CSIRT F2F Good attendance SOC WG Initial Model Projects ongoing/starting up at Nikhef and on SCD Cloud to test deployment Identify MISP as a priority to enable access to intelligence GridPP42 Future GridPP Security

21 Security Operations

22 GridPP42 Future GridPP Security
Security Operations Threat Intelligence Making this available to share IoCs related to WLCG related incidents WLCG CERN MISP TLP: AMBER as well as TLP: GREEN and WHITE SIRTFI IdPs (within eduGAIN) If your site is not on the list, recommend following up with your institutional provider 4 GridPP sites 557 entities across 28 federations Used PocketSOC demonstrator to ingest traffic from malware analysis Trigger alerts using real MISP event GridPP42 Future GridPP Security

23 GridPP42 Future GridPP Security
Combined Assurance GridPP42 Future GridPP Security

24 Combined assurance Impact for LIGO SKA 29 Aug 2018
GridPP42, April 2019

25 GridPP42 Future GridPP Security
WISE Wise Information Security for collaborating eInfrastructures Active Working Groups: Updating the SCI framework (SCI-WG) Risk Assessment WISE (RAW-WG) Working Groups being created: Incident Response & Threat Intelligence Working Group (IRTI-WG) Security Communications Challenge Coordination Working Group (SCCC-WG) Security for High Speed Transmissions Working Group (S4HST-WG) GridPP42 Future GridPP Security

26 SIG-ISM/WISE meeting, Lithuania
Recent joint GEANT SIG-ISM/WISE meeting in Kaunas, Lithuania 16-18 April 2019 Linda Cornwall and David Crooks attended Joint discussions on areas of shared interest Coordination of security communications challenges Shared interest in SOC development – GEANT security working group task on Security Operations Centres Risk Assessment GridPP42 Future GridPP Security

27 GridPP42 Future GridPP Security
IRIS Proposal submitted for trust framework and incident response cooperation framework for IRIS Presenting at upcoming TWG Dave Kelsey, Ian Neilson and myself GridPP42 Future GridPP Security

28 Conclusions SSC was invaluable Wider collaboration
Highlights needs for sites and community Gives context to existing plans Wider collaboration Security necessarily exists as a collaborative effort across many communities Leading and participating in efforts across infrastructures Sharing intelligence within appropriate groups is key element 29 Aug 2018 GridPP42, April 2019

Download ppt "Future GridPP Security"

Similar presentations

INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.

INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
Www.geant.org AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.

AARC Overview Licia Florio, David Groep 21 Jan 2015 presented by David Groep, Nikhef.
Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.

Commonwealth of Massachusetts Statewide Strategic IT Consolidation (ITC) Initiative ANF IT Consolidation Website Publishing / IA Working Group Kickoff.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,

15-Dec-04D.P.Kelsey, LCG-GDB-Security1 LCG/GDB Security Update (Report from the Joint Security Policy Group) CERN 15 December 2004 David Kelsey CCLRC/RAL,
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
INFSO-RI-508833 Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.

INFSO-RI Enabling Grids for E-sciencE EGEE SA1 in EGEE-II – Overview Ian Bird IT Department CERN, Switzerland EGEE.
A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.

A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) 1 st WISE, Barcelona 20 Oct 2015.
Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.

Reflections “from around the block.” (Security) Ian Neilson GridPP Security Officer STFC RAL.
Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.

Security Policy: From EGEE to EGI David Kelsey (STFC-RAL) 21 Sep 2009 EGEE’09, Barcelona david.kelsey at stfc.ac.uk.
Additional Services: Security and IPv6 David Kelsey STFC-RAL.

Additional Services: Security and IPv6 David Kelsey STFC-RAL.
Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.

Evolving Security in WLCG Ian Collier, STFC Rutherford Appleton Laboratory Group info (if required) 1 st February 2016, WLCG Workshop Lisbon.
EGEE ARM-2 – 5 Oct 2004 - 1 LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG/EGEE Security Coordination Ian Neilson Grid Deployment Group CERN.
3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid

3rd Helix Nebula Workshop on Interoperability among e-Infrastructures and Commercial Clouds Carmela ASERO, EGI.eu 17 September 2013, Madrid
Ian Collier, STFC, Romain Wartel, CERN Maintaining Traceability in an Evolving Distributed Computing Environment Introduction Security.

Ian Collier, STFC, Romain Wartel, CERN Maintaining Traceability in an Evolving Distributed Computing Environment Introduction Security.
Www.egi.eu EGI-InSPIRE RI-261323 www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323.

EGI-InSPIRE RI EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Operational Security Coordination Team OSCT report EGEE-4, Pisa Ian Neilson, CERN.

INFSO-RI Enabling Grids for E-sciencE Operational Security Coordination Team OSCT report EGEE-4, Pisa Ian Neilson, CERN.
Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.

Who doesn’t need to be WISE? Bringing into reality global information security collaboration Alessandra Scicchitano GÉANT - Project Development Officer.

Similar presentations

Ads by Google