Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling Grids for E-sciencE www.eu-egee.org EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.

Published byMadlyn Mosley Modified over 9 years ago

Similar presentations

Presentation on theme: "Enabling Grids for E-sciencE www.eu-egee.org EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009."— Presentation transcript:

1 Enabling Grids for E-sciencE www.eu-egee.org EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009

2 Enabling Grids for E-sciencE Efforts Training and dissemination: –Estimated efforts: 35 PM Activity coordination –UK (3 PM) Training and dissemination contributions –APROC (4 PM) –ITALY (4 PM) –SWE (4 PM) –SEE (4 PM) –DECH (10 PM) –FRANCE (2 PM) Website, communication and outreach –RUSSIA (3 PM) 2

3 Enabling Grids for E-sciencE Overview Service Reference Cards –Security section Security training events/workshops –Security trainings at EGEE07, EGEE08 and EGEE09 –Security trainings at ROCs  France ROC  AP ROC  UKI ROC  DECH ROC Security and dissemination area on OSCT public website –Ongoing work Security RSS feed 3

4 Enabling Grids for E-sciencE Service Reference Cards –to gather useful general information and to provide links to detailed information for each service –Specifically have a “security information” section –https://twiki.cern.ch/twiki/bin/view/EGEE/ServiceReferenceCardshttps://twiki.cern.ch/twiki/bin/view/EGEE/ServiceReferenceCards –SEE ROC  glite-PX MyProxy server  glite-VOMS Virtual Organisation Membership System  glite-MON Monitoring System Collector Server –DECH ROC  glite-VOBOX Virtual Organisation Node  glite-FTS File Transfer Service  glite-LFC LCG File Catalog  lcg-CE LCG Computing Elements 4

5 Enabling Grids for E-sciencE Service Reference Cards –FR ROC  gLite-AMGA ARDA Metadata Catalog  gLite-UI User Interface –SWE ROC  gLite-WMS Workload Management Service  gLite-LB Logging and Bookkeeping service  glite-BDII Berkeley Database Information Index –IT ROC  glite-WN Worker Node  glite-CREAM_CE gLite CREAM Computing Element –CERN ROC  glite-DPM Disk Pool Manager –Oscar Koeroo  glExec 5

6 Enabling Grids for E-sciencE Training Events Security training session at EGEE 07 –http://indico.cern.ch/conferenceTimeTable.py?confId=18714http://indico.cern.ch/conferenceTimeTable.py?confId=18714 Training topics: –Introduction: Grid and security –Grid systems installation and configuration –Centralized logging –Protecting administrative credentials –Testing and monitoring Grid systems –Incident response (policies and procedures) 6

7 Enabling Grids for E-sciencE Training Events Joint security training session at EGEE08 –http://indico.cern.ch/conferenceTimeTable.py?confId=32220http://indico.cern.ch/conferenceTimeTable.py?confId=32220 Training topics: –Introduction: Grid and security –Middleware security overview and pattern matching –Security recommendations: lcg-CE –Security recommendations: CREAM CE –Security recommendations: WMS –Security recommendations: LB –Security recommendations: SE –Handling security incidents: procedures and recommendations 7

8 Enabling Grids for E-sciencE Training Events Joint Security training session at EGEE09 –http://indico.cern.ch/conferenceDisplay.py?confId=55893http://indico.cern.ch/conferenceDisplay.py?confId=55893 Training topics –Managing grid security incidents –Security Monitoring, Pakiti and Nagio-based monitoring –Command line security tools: introduction and job-lookup-by- subject –Command line security tools: testing client connection –Authorization Service, Argus command line tools and Central banning –User traceability and log analysis 8

9 Enabling Grids for E-sciencE Training Workshops at ROCs France ROC AP ROC UKI ROC DECH ROC 9

10 Enabling Grids for E-sciencE French grid security workshop Duration: 2 days Participants: –Site security contacts  From production sites and sites under certification –Organisational security contacts  Secretariat-General for National Defence (government institution)  Security officers from the institutions participating in the French JRU  Security contacts from the French NREN (RENATER)  Grid security contact from one industrial site –26 people in total (plus the person responsible for the technical organisation) Contributions came from: –French OSCT members –Site security contacts –Institutional security contact http://indico.in2p3.fr/conferenceDisplay.py?confId=160 5

11 Enabling Grids for E-sciencE Topics EuGridPMA Overview of security related bodies of EGEE and their roles More detailed: Role of OSCT and OSCT-DC Security Service Challenges how-to and results Sources of information about grid security –Policies, which ones, where to find them, how to change them –Hints, where they are and where they come from –Handling a security incident on a CE (and how to crack a CE ;-) ) –Incident handling procedure in general and existing communication channels Self audit Discussion about SLAs Security handling by example: three different organisations presented their ways Discussion on cooperation models in the future NGI

12 Enabling Grids for E-sciencE Perspective Specific grid security training event or workshop not planned for the near future –Nevertheless, a repetition would be necessary from time to time for the newcomers Instead, integration of grid security topics into other events –Example: French EGEE to NGI transition conference in October

13 Enabling Grids for E-sciencE Training Workshop at AP ROC Security Training Workshop –Half day security training workshop on 19 th April; –The International Symposium on Grid Computing (ISGC) 2009, Taipei,Taiwan –http://www2.twgrid.org/APTeam/index.php/2009_ISGC_EUAsia Grid/EGEE_Tutorialhttp://www2.twgrid.org/APTeam/index.php/2009_ISGC_EUAsia Grid/EGEE_Tutorial Topics:  Security Policy;  Grid Security and Incident Handling;  Middleware Security;  Security Service Challenge 3 at AP ROC; 13

14 Enabling Grids for E-sciencE Training Workshop at UKI ROC One day UK Security Training Workshop (one day) –Incorporated into HEPSYSMAN workshop; – http://hepwww.rl.ac.uk/SYSMAN/June2009/agenda.htmlhttp://hepwww.rl.ac.uk/SYSMAN/June2009/agenda.html Topics –SSC3 case study –TCD security monitoring tool –OxCERT –Update on Security Policy –Security on storage element –Update on Security activities in EGEE, GridPP and NGS –JANET CSIRT Invited UK JANET CSIRT and Oxford University CSIRT; Discussion on incident handling and cooperation among Grid CSIRT, NREN’s CSIRT and University CSIRT 14

15 Enabling Grids for E-sciencE Training Workshop at DECH ROC Half day security training workshop –GridKa-School 2009, organized by members of GridKa/OSCT –http://gks09.fzk.de/Agenda.html#Fridayhttp://gks09.fzk.de/Agenda.html#Friday Topics –Grid Security Workshop for Administrators and Developers –Security Services Challenge @ Uni Bonn –Security Services Challenge @ TU Dortmund –Grid-CERT (DFN-CERT) Future planned activity: –Presentation about EGEE Incident Response Procedures and Security Service Challenges with anonymized results from ROC DECH at D-Grid security workshop,14./15. Oct 2009 15

16 Enabling Grids for E-sciencE Online Repository A security area on OSCT website Still working in process 16 Revision : Web Structure Site manager Conception Application Security Physical Security Forensics Monitoring News Document

17 Enabling Grids for E-sciencE 17

18 Enabling Grids for E-sciencE Prototype 18

19 Enabling Grids for E-sciencE RSS Feed RSS feed for the security-related guidelines and best practices. –http://rss-grid-security.cern.ch/rss.phphttp://rss-grid-security.cern.ch/rss.php See security RSS feed guide to learn about the feed and how to integrate it into your own site –http://rss-grid-security.cern.ch/http://rss-grid-security.cern.ch/ 19

20 Enabling Grids for E-sciencE From EGEE to EGI 20

Download ppt "Enabling Grids for E-sciencE www.eu-egee.org EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009."

Similar presentations

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim

The EPIKH Project (Exchange Programme to advance e-Infrastructure Know-How) gLite Grid Services Abderrahman El Kharrim
Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug 2009 1.

Makrand Siddhabhatti Tata Institute of Fundamental Research Mumbai 17 Aug
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.

INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
1 Deployment of an LCG Infrastructure in Australia How-To Setup the LCG Grid Middleware – A beginner's perspective Marco La Rosa

1 Deployment of an LCG Infrastructure in Australia How-To Setup the LCG Grid Middleware – A beginner's perspective Marco La Rosa
SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.

SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE AP ROC Min-Hong Tsai ASGC SA1 Transition Meeting May 8 th, 2008

EGEE-II INFSO-RI Enabling Grids for E-sciencE AP ROC Min-Hong Tsai ASGC SA1 Transition Meeting May 8 th, 2008
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org The US Federation Miron Livny Computer Sciences Department University of Wisconsin – Madison.

INFSO-RI Enabling Grids for E-sciencE The US Federation Miron Livny Computer Sciences Department University of Wisconsin – Madison.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks Configuring and Maintaining EGEE Production.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks Configuring and Maintaining EGEE Production.
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.

INFSO-RI Enabling Grids for E-sciencE SA1: Cookbook (DSA1.7) Ian Bird CERN 18 January 2006.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Security Update Mingchao Ma HEPSYSMAN - Security 1 st July 2009.

Security Update Mingchao Ma HEPSYSMAN - Security 1 st July 2009.
Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.

Security Area in GridPP2 4 Mar 2004 Security Area in GridPP2 “Proforma-2 posts” overview Deliverables – Local Access – Local Usage.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks ?? Athens, May 5-6th 2009 Community Support.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks ?? Athens, May 5-6th 2009 Community Support.
Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager

Responsibilities of ROC and CIC in EGEE infrastructure A.Kryukov, SINP MSU, CIC Manager Yu.Lazin, IHEP, ROC Manager
GridPP Deployment & Operations GridPP has built a Computing Grid of more than 5,000 CPUs, with equipment based at many of the particle physics centres.

GridPP Deployment & Operations GridPP has built a Computing Grid of more than 5,000 CPUs, with equipment based at many of the particle physics centres.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks David Kelsey RAL/STFC,
Training and Dissemination Enabling Grids for E-sciencE www.eu-egee.org Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org Training services offered by SZTAKI for EGEE and EGI Gergely Sipos MTA SZTAKI (Hungarian.

EGEE-III INFSO-RI Enabling Grids for E-sciencE Training services offered by SZTAKI for EGEE and EGI Gergely Sipos MTA SZTAKI (Hungarian.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org SA1 and gLite: Test, Certification and Pre-production Nick Thackray SA1, CERN.

INFSO-RI Enabling Grids for E-sciencE SA1 and gLite: Test, Certification and Pre-production Nick Thackray SA1, CERN.

Similar presentations

Ads by Google