Presentation is loading. Please wait.

Presentation is loading. Please wait.

9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain.

Published byDaniel Toogood Modified over 9 years ago

Similar presentations

Presentation on theme: "9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain."— Presentation transcript:

1 9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain Roy, Vikram Andem EGEE06 Sept 25, 2006

2 9/25/08DLP2 Background OSG Project now funded by DOE and NSF as a national production level distributed facility. Moves on from the Grid3-Trillium era as being a relied upon, sustained infrastructure. As a contributor to the WLCG OSG must satisfy the security requirements of the LHC. OSG Security is building on prior work of Trillium collaborating with EDG, EGEE, WLCG.

3 9/25/08DLP3 Illustrative example User VO Site Jobs VO infra. Data Storage CECE W WW WWW WW W WW W W W W I trust it is the VO (or agent) I trust it is the user I trust it is the user’s job I trust the job is for the VO

4 9/25/08DLP4 OSG Site-VO Interoperation Perceived Risk Actual Risk? Implement controls OperateOperate n y Perceived Risk Actual Risk? Implement controls n VO OperateOperate y Site

5 9/25/08DLP5 Risk based view of the world Organizations implement controls over their activities so as to obtain acceptable residual risk. Organizations: Sites, VOs and Grids. –Each has a security process lifecycle. –Satisfaction jointly and severally. Each organization is captain of its own ship. –However, constrained to interoperate. Standards (e.g. OSG AUP’s) aid interoperation. OSG will accept agreements from small VOs and work with them as their security agent..

6 9/25/08DLP6 Two Broad Documents in the NIST pattern. Risk Assessment –Analyzes threats and vulnerabilities With mitigation in 13 control clusters To see if the residual risk is acceptable. Security Plan –Explains each control cluster. –Establishes tests of effectiveness.

7 9/25/08DLP7 (Imagined) Security Assessment –Do you have focus? Have you written down what is important and what is not (Risk Assessment) –Have you written down your Policies? –Do you have plan? Do you know it is working? (Security Plan)

8 9/25/08DLP8 RA(1) Threats to OSG Careless or uninformed authorized person Squatter Vandals Thief Malware Author Spy Alarmist

9 9/25/08DLP9 RA(2)Vulnerabilities Reliance on Third Parties. –This is a “whopper”. Improper (core person/user) Actions Remote Access. Exploits latent in Vulnerable Software.

10 9/25/08DLP10 RA(3)Impact Impact to be consistent with LCG T2 requirements (among others) The goal is to get to LOW –Occurrence -- Less than 5x/year –Perception … OSG can be Relied on. –No single occurrence disrupts … all. Then there are medium and high, but the point of the analysis is to get to low. How do you get to low? Controls.

11 9/25/08DLP11 SP(1)Controls Written as if all are in place. Management –Integrated Sec Mgt; Sec processes; Trust Relationships & Agreements Operational –Awareness; Response; Data Integrity; Config Management; Vul. ID; Physical Technical –Monitoring; Scanning; Control of people

12 9/25/08DLP12 SP(2)Draft Cluster -- Vul. Mgt. General Vulnerability Reporting Primary Vulnerability Reporting Secondary Vulnerability Awareness Vulnerability Mitigation Vulnerability Communication Vulnerability Awareness

13 9/25/08DLP13 (SP3)DRAFT Primary Vulnerability Reporting Plan: … entities operating a service or running a process for the OSG have primary responsibility for identifying vulnerabilities. … requires services and processes to report vulnerabilities inconsistent with acceptable risk to the OSG. to the OSG security officer. Acceptable risk is defined in the OSG Risk Assessment. Evaluation This control is evaluated annually by an inspection of the vulnerabilities logs –Comparing the primary reports to reports from the secondary chain. –Comparing the primary reports to vulnerabilities exploited in incidents.

14 9/25/08DLP14 Summary Security interoperation is required for grid interoperation. –Without work, interoperation is n**2 agreements. –Each organization must satisfy its self-identified security needs. –Common policies (such as the user AUP) speed up the n**2 process. –In the OSG, VO’s with heavy infrastructure seem to face diligence approximately equal to a site. –We are hear to learn about EGEE. –One way forward which may provide maximum interoperation and scaling seems to be to agree on Control Clusters, and then drill down. OSG has begun writing plans in a structure based on an understanding of NIST. OSG is working with the Site and VO Managers to clarify and collaborate on Security matters (as well as with EGEE and TeraGrid).

Download ppt "9/25/08DLP1 OSG Operational Security D. Petravick For the OSG Security Team: Don Petravick, Bob Cowles, Leigh Grundhoefer, Irwin Gaines, Doug Olson, Alain."

Similar presentations

Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.

Grid Security Policy David Kelsey (RAL) 1 July 2009 UK HEP SYSMAN Security workshop david.kelsey at stfc.ac.uk.
What you need to know Security Awareness for the OSG D. Petravick OSG Security Officer March, 2007.

What you need to know Security Awareness for the OSG D. Petravick OSG Security Officer March, 2007.
OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.

OSG Computer Security Plans Irwin Gaines and Don Petravick 17-May-2006.
Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.

Grid Security Users, VOs, Sites OSG Collaboration Meeting University of Washington Bob Cowles August 23, 2006 Work supported.
OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.

OSG Area Coordinators Meeting Security Team Report Mine Altunay 05/15/2013.
Information Security Policies and Standards

Information Security Policies and Standards
Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.

Open Science Grid Use of PKI: Wishing it was easy A brief and incomplete introduction. Doug Olson, LBNL PKI Workshop, NIST 5 April 2006.
Security Guide for Interconnecting Information Technology Systems

Security Guide for Interconnecting Information Technology Systems
NUAGA May 22, 2014.  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.

NUAGA May 22,  IT Specialist, Utah Department of Technology Services (DTS)  Assigned to Department of Alcoholic Beverage Control  PCI Professional.
Open Science Ruth Pordes Fermilab, July 17th 2006 What is OSG Where Networking fits Middleware Security Networking & OSG Outline.

Open Science Ruth Pordes Fermilab, July 17th 2006 What is OSG Where Networking fits Middleware Security Networking & OSG Outline.
Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.

Jim Reavis, Executive Director Cloud Security Alliance November 22, 2010 Developing a Baseline On Cloud Security.
OSG Security Review Mine Altunay June 19, 2008. June 19, 2008 2 Security Overview Current Initiatives  Incident response procedure – top priority (WBS.

OSG Security Review Mine Altunay June 19, June 19, Security Overview Current Initiatives  Incident response procedure – top priority (WBS.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.

Publication and Protection of Site Sensitive Information in Grids Shreyas Cholia NERSC Division, Lawrence Berkeley Lab Open Source Grid.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Blueprint Meeting Notes Feb 20, 2009. Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:

Blueprint Meeting Notes Feb 20, Feb 17, 2009 Authentication Infrastrusture Federation = {Institutes} U {CA} where both entities can be empty TODO1:
Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.

Mine Altunay OSG Security Officer Open Science Grid: Security Gateway Security Summit January 28-30, 2008 San Diego Supercomputer Center.
WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.

WLCG Security: A Trust Framework for Security Collaboration among Infrastructures David Kelsey (STFC-RAL, UK) CHEP2013, Amsterdam 17 Oct 2013.
Engineering Essential Characteristics Security Engineering Process Overview.

Engineering Essential Characteristics Security Engineering Process Overview.

Similar presentations

Ads by Google