1. www.eu-eela.eu E-science grid facility for Europe and Latin America Task TSA1.3 - Authentication Services and Policies Acheivements Jacques Alves da Silva (for Vinod Rebello) Universidade Federal Fluminense (Brazil) EELA 2 SA-1 Kick-off Meeting CEFET, Rio de Janeiro, Brazil, 17-18.09.2008

2. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 2 Apologies Task Leader of Task TSA1.3 is Vinod Rebello (UFF) –As chair of the International Grid Trust Federation (IGTF) and The Americas Grid Policy Management Authority (TAGPMA), is currently attending Open Grid Forum (OGF 24) and the APGridPMA meeting in Singapore;

3. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 3 Objectives (1) – CA Operations Help Latin American and Caribbean countries maintain IGTF Compliant Grid Certification Authorities and achieve maturity –Operational since EELA  Argentina  Brazil  Chile  Mexico  Latin American and Caribbean Catch-all Establish new national Grid CAs in Latin American countries (EELA-2 requirements: at least one) –Candidates  Colombia  Peru

4. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 4 Objectives (2) – Security Coordinate all security related activities in SA1 –establish security policies and protocols for their posterior implementation in partners –coordinate the security response teams deployed locally at Resource Centres and Certificate Authorities

5. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 5 CA Status – Argentina Operated by UNLP (Universidad Nacional de La Plata) – http://www.pkiunlpgrid.unlp.edu.ar/ Has issued 27 certificates 1 RA

6. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 6 CA Status – Brazil Operated by UFF (Universidade Federal Fluminense) – http://brgridca.ic.uff.br Issued 491 certificates amongst 20 institutions/departments Currently 4 RAs – widespread use of catchall RA based on notary+video conferencing (scheme first proposed by UFF BrGrid CA)

7. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 7 CA Status – Chile Operated by REUNA (Red Universitaria Nacional) – http://reuna-ca.reuna.cl Issued 45 certificates to 6 institutions Have 6 RAs, other REUNA affiliates to follow Non consortium members use REUNA as their RA

8. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 8 CA Status – Mexico Operated by UNAM (Universidad Nacional Autónoma de México) – https://ca.unamgrid.unam.mx/grid/ Had staffing problems Recently appointed new CA staff Has issued 37 certificates 1 RA

9. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 9 CA Status – LAC Catchall Operated by UFF (Universidade Federal Fluminense) – http://lacgridca.ic.uff.br Has issued 36 certificates to users in Colombia, Peru and Cuba 2 RAs

10. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 10 CA Status – Venezuela Operated by ULA (Universidad de Los Andes) – https://ra.cecalc.ula.ve/pub Pending final approval by TAGPMA

11. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 11 CA Status – Colombia To be operated by UNIANDES (Universidad de los Andes) Due to staffing limitations, propose to start work in 2009 Will however follow the previously proposed EELA-2 transition plan for new CAs and setup an RA for the LACGrid CA RA Manager has already been nominated

12. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 12 CA Status – Peru To be operated by SENAMHI (Servicio Nacional de Meteorología e Hidrología) Installed UFF LACGrid RA as phase 1 of transition Have submitted a CP/CPS for revision to Task Leader Next step is to make a request to join TAGPMA Submit CP/CPS for approval CA manager has been appointed

13. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 13 Task Status (1) Documentation –Submitted Task deliverable – CA selection report –RA Operation Manual for Phase 1 of proposal to set up national CA – become an RA of LAC catchall CA. TAGPMA participation – chairing fortnightly VC Debian OpenSSL vulnerability (CVE-2008-0166) –All EELA CAs had to verify quickly if any certificate they had issued suffered from this vulnerability –Identified incident response weaknesses in many CAs

14. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 14 Task Status (2) Setting up and training a Computer Security Incident Response Team (CSIRT) –Adapting focus to include CA operations as well –Analysis of available documentation Objectives – elaborate Security related Policies and Procedures Documents –All sites must have an approved Institutional Security Policy – what policy is appropriate for grid environments? –Developing a software security suite to provide round-the-clock surveillance of grid and CA resources.

15. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 15 CSIRT Documentation Incident Handling –NIST SP 800-61 - Computer Security Incident Handling Guide  http://csrc.nist.gov/publications/nistpubs/800-61-rev1/SP800- 61rev1.pdf –Building an Incident Response Program To Suit Your Business  http://www.sans.org/reading_room/whitepapers/incident/627.php –LCG/EGEE Grid Security Incident Response Handbook  http://www.gridpp.ac.uk/wiki/Incident_Response_Handbook –Organizational Models for Computer Security Incident Response Teams  http://www.sei.cmu.edu/publications/documents/03.reports/03hb00 1.html –CSIRT Starter Kit  http://www.terena.nl/activities/tf-csirt/starter-kit.html

16. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 16 Summary Existing EELA CAs continue operational Two countries without national CAs are beginning the process Task Deliverable submitted to EU Active participation in TAGPMA, IGTF activities CSIRT being formed

17. www.eu-eela.eu Rio de Janeiro, EELA-2 SA1 Kick-off Meeting, 17.09.2008 17 Thank You Vinod Rebello vinod@ic.uff.br Questions?