Presentation is loading. Please wait.

Presentation is loading. Please wait.

UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008.

Published byBridget Burke Modified over 9 years ago

Similar presentations

Presentation on theme: "UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008."— Presentation transcript:

1 UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008

2 Security Policy 22 Oct. 2008 Mingchao Ma, Oxford 2 Security Policy Site & VO Policies Certification Authorities Traceability and Logging Incident Response Accounting Data Privacy (draft) Pilot Jobs and other Grid Services Grid & VO AUPs

3 EGEE Security Groups 22 Oct. 2008Mingchao Ma, Oxford3

4 OSCT 22 Oct. 2008Mingchao Ma, Oxford4 Operational Security Coordination Team (OSCT) Regional Operation Centre (ROC) Day-to-day coordination ……… Site … … … … Grid Security On-Duty

5 OSCT Activities Weekly telephone meeting; Twice F2F meeting per year Work together with other security groups to improve Grid security; Provide security expertise to sites; Handling and mitigating Grid security incidents –Procedures; Incident tracking; IR Channel (list, IM) and Security Service Challenges; Best practice, training and dissemination –Security RSS feed; OSCT website/Wiki; Training events Security Tools (monitoring, detection and prevention ) –Pakiti; SAM security tests Analysing and evaluating security risks/vulnerabilities (together with GSVG) 22 Oct. 2008Mingchao Ma, Oxford5

6 UKI ROC and GridPP Security officer, deputy security officer and production manager Quarterly report to PMB; Day to day operational security issues Run security service challenges (SSC) Best practices, recommendations, Procedure; –Wiki, GridPP security page; OSCT-DC rota; Handle and response security incident/vulnerability … 22 Oct. 2008Mingchao Ma, Oxford6

7 Incident Handling – UKI ROC Policy & Procedure –Detect, Contain, Analysis and Restore Communication Channels –Copy of security contacts (email & tel. in GOCDB) –Tier2 technical coordinators –Production manager –PMB –JANET CSIRTs and University CSIRTS ?? 22 Oct. 2008Mingchao Ma, Oxford7

8 Security Incidents So far no “grid incident”... but will happen (where the grid is the attack vector)‏ A few incidents per year within the grids From a site perspective, the incidents are often caused by: – Failure to apply security patches provided by vendors – Poor access control management (ex: root password)‏ – Incidents at other sites – Unresolved past security incidents (lack of traceability)‏ – Incorrect risk assessment (threats were not correctly identified) – Shared user community, staff and computing resources between grids and HEP sites make propagation easier 22 Oct. 2008Mingchao Ma, Oxford8

9 NGS Security Policy –Regulations for Use of the UK National Grid Service (2005) –NGS Security Incident Response policy (2005) Security incident handling –Building up security contact list –NGS-Operation mailing list ?? 22 Oct. 2008Mingchao Ma, Oxford9

10 Links Policy –http://www.jspg.org/ OSCT –http://osct.web.cern.ch/osct/ GridPP –http://www.gridpp.ac.uk/security NGS –http://www.ngs.ac.uk/security.html 22 Oct. 2008Mingchao Ma, Oxford10

11 More links EGEE Security http://www.eu-egee.org/security/ OSCT Wiki https://twiki.cern.ch/twiki/bin/view/LCG/OSCT Security RSS feed http://rss-grid-security.cern.ch/rss.php Vulnerability reporting –grid-vulnerability-report@cern.chgrid-vulnerability-report@cern.ch Incident reporting –project-egee-security-support@cern.chproject-egee-security-support@cern.ch –Incident response procedure https://edms.cern.ch/document/867454/ 22 Oct. 2008Mingchao Ma, Oxford11

Download ppt "UKI ROC/GridPP/EGEE Security Mingchao Ma Oxford 22 October 2008."

Similar presentations

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.

Joining the Grid Andrew McNab. 28 March 2006Andrew McNab – Joining the Grid Outline ● LCG – the grid you're joining ● Related projects ● Getting a certificate.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.

WLCG Security TEG, risks and Identity Management David Kelsey GridPP28, Manchester 18 Apr 2012.
INFSO-RI-508833 Enabling Grids for E-sciencE www.eu-egee.org Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.

INFSO-RI Enabling Grids for E-sciencE Operational Security OSCT JSPG March 2006 Ian Neilson, CERN.
Www.egi.eu EGI-Engage www.egi.eu Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.

EGI-Engage Recent Experiences in Operational Security: Incident prevention and incident handling in the EGI and WLCG infrastructure.
SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.

SSC2 and Update on Multi-user Pilot Jobs Framework Mingchao Ma, STFC – RAL HEPSysMan Meeting 20/06/2008.
INFSO-RI-508833 Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes

INFSO-RI Enabling Grids for E-sciencE Incident Response Policies and Procedures Carlos Fuentes
Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:

Operational Security Working Group Topics Incident Handling Process –OSG Document Review & Comments:
EGEE-II INFSO-RI-031688 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks EGEE Operations Ian Bird, CERN IT/GD LHCC.

EGEE-II INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks EGEE Operations Ian Bird, CERN IT/GD LHCC.
What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:

What if you suspect a security incident or software vulnerability? What if you suspect a security incident at your site? DON’T PANIC Immediately inform:
EGEE ARM-2 – 5 Oct 2004 - 1 LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.

EGEE ARM-2 – 5 Oct LCG Security Coordination Ian Neilson LCG Security Officer Grid Deployment Group CERN.
Enabling Grids for E-sciencE www.eu-egee.org EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.

Enabling Grids for E-sciencE EGEE III Security Training and Dissemination Mingchao Ma, STFC – RAL, UK OSCT Barcelona 2009.
GGF12 – 20 Sept 2004 - 1 LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.

GGF12 – 20 Sept LCG Incident Response Ian Neilson LCG Security Officer Grid Deployment Group CERN.
GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center

GGF Fall 2004 Brussels, Belgium September 20th, 2004 James Marsteller Pittsburgh Supercomptuing Center
Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005

Deployment Issues David Kelsey GridPP13, Durham 5 Jul 2005
Security Update Mingchao Ma HEPSYSMAN - Security 1 st July 2009.

Security Update Mingchao Ma HEPSYSMAN - Security 1 st July 2009.
Www.egi.eu EGI-InSPIRE RI-261323 EGI-InSPIRE www.egi.eu EGI-InSPIRE RI-261323 EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,

EGI-InSPIRE RI EGI-InSPIRE EGI-InSPIRE RI EGI Federated Cloud F2F Security Issues in the cloud Introduction Linda Cornwall,
02/07/09 1 WLCG NAGIOS Kashif Mohammad Deputy Technical Co-ordinator (South Grid) University of Oxford.

02/07/09 1 WLCG NAGIOS Kashif Mohammad Deputy Technical Co-ordinator (South Grid) University of Oxford.
Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.

Ali Pabrai, CISSP, CSCS ecfirst, chairman & ceo Preparing for a HIPAA Security Audit.
EGEE-III INFSO-RI-222667 Enabling Grids for E-sciencE www.eu-egee.org EGEE and gLite are registered trademarks ROD model assessment ROC UKI John Walsh.

EGEE-III INFSO-RI Enabling Grids for E-sciencE EGEE and gLite are registered trademarks ROD model assessment ROC UKI John Walsh.

Similar presentations

Ads by Google