1. OSG Security Review Mine Altunay December 4, 2008

2. 31 Jan 2008 2 Security Overview Current Initiatives  OSG Security Roadmap  AuthN: Certificate Authorities distribution problem(WBS 2.1.1 and 2.1.9 and 2.1.9.1)  AuthZ needs: MyProxy certificate renewal and lifetimes, Additional Banning Features and ca mgmt tool – requests from site admins at SLAC  Technical and operational needs for long and short term (WBS 2.1.4)  Incident Mitigation Plans (WBS 2.3). Comm. with site admins (Aashish)  Monitoring, security related RSV probes  More fire drills and site education (WBS 2.1). Aashish and Igor will set up fire drills.  Policy work  Top-level Grid Policy, OSG Registration Policy and procedures  Risk assessment (WBS 2.1.4, 2.3) Accomplishments Since Last Report  Privacy Policy & Approval of CA Policy have been completed and sent to EB.  Jim set up periodic meetings with Miron and Ruth to discuss fundamental security issues  Security plan revision against NIST guidelines completed.  Security controls are being completed. New surveys for core assets are partially completed  CA management tool for OSG site admins are completed, tested and integrated into VDT. Ready for next release  Banning capability into GUMS is implemented. Ready for the release.  Great feedback at SLAC on CA mgmt tool and banning feature

3. 31 Jan 2008 3 Security Overview Accomplishments Since Last Report  Security oriented RSV probes are defined. Central probes are almost finished (Anand). Site probes are Arvind’s.  Weekly gratia reports to VO admins are generated and sent each week. This is being transitioned to Gratia soon  Proxy clean-up work has completed and initiated similar work in EGEE  Operational work continues  CA distribution service transfer. February is set as a deadline. Has not finalized yet  Education was assigned to Doug, but he was out so this is stalled  Desired security interactions with software providers is written  CHEP Review Committee, reviewed 12 submissions and sent a submission on behalf of OSG  Incident Response procedure is set up and is ready to sent to EB  IGTF CA incident response team and evaluation (Jim)

4. 31 Jan 2008 Security Overview Issues / Concerns  Effort is not an issue. It was when Doug first left for medical leave.  Jim does RA work.  Aashish and Anand helped greatly  I spend time in software tools group. I have to be careful  Igor, Aashish and Anand helps. Total of 2.50 FTE. 4

5. 31 Jan 2008 5 Security Overview Current Initiatives (6/08)  Incident response procedure – top priority (WBS 2.1.2 and 2.3.)  OSG Registration Policy and Requirements from members (WBS 2.3.1)  OSG Core Assets/Software in VDT Stack (WBS 2.1.7)  DOEGrids RA workflow – introducing requested notifications (WBS 2.2)  VO incident response teams (WBS 2.1.1 and 2.1.2)  Command Line Security Management Tools (WBS 2.1.1)  Banning tool requirements. With CDIGS. (WBS 2.1.9)  Including OSG Staff contact info into OIM (WNBS 2.1.1 and 2.1.2)  Grid Tactical Plan (FNAL) and MOU with VO services/Privilege Project (WBS 2.1.9)  ST&E control deadlines are approaching (WBS 2.1.1) Current Initiatives (3/08)  OSG Security roadmap  Technical and operational needs for long and short term (WBS 2.1.4)  Incident Mitigation Plans (WBS 2.3)  AuthN needs: GSI auth problems, CRLs, proxy clean up and VOMS-GUMS authN  AuthZ needs: Banning tool, Uniform FQAN, MyProxy, AC validation  More fire drills and site education (WBS 2.1)  Forensics -- splunk, incident training  Certify tool  Policy work  JSPG and OSG policies – incident response policy has priority (WBS 2.1.2 and 2.3.)  Revising old security plan against NIST guidelines (WBS 2.1.4)  Risk assessment (WBS 2.1.4, 2.3)