1 / 18

Acceptable Use Policy and Security Incident Response Strategy in the Open Science Grid

Acceptable Use Policy and Security Incident Response Strategy in the Open Science Grid. International Symposium on Grid Computing 29 April 2005 Bob Cowles – bob.cowles@slac.stanford.edu. Work supported by U. S. Department of Energy contract DE-AC03-76SF00515. Principles.

belva
Download Presentation

Acceptable Use Policy and Security Incident Response Strategy in the Open Science Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Acceptable Use Policyand Security Incident Response Strategy in the Open Science Grid International Symposium on Grid Computing 29 April 2005 Bob Cowles – bob.cowles@slac.stanford.edu Work supported by U. S. Department of Energy contract DE-AC03-76SF00515

  2. Principles • OSG is a with little central control or resources – almost everything has to be done by the sites or the VOs • Sites security personnel will need to feel comfortable with grid use of resources • limited additional risks • local control over decisions • Coordinate with EGEE/LCG efforts • KISS or “Simplify and add lightness” OSG Acceptable Use and Incident Response

  3. Acceptable Use - Goals • Short enough for people to read and understand • No requirement for “incidental use” provisions • Remove burden on user of knowing use policies for all sites • Site computer security personnel feel provisions are sufficient OSG Acceptable Use and Incident Response

  4. Acceptable Use – Policy 1 • Allowed to use grid only: • Consistent with the activities and policies of the Virtual Organization(s) • Only using the resources authorized for use by the VO • NOTE: • VO must declare • Resource Provider must select compatible VOs OSG Acceptable Use and Incident Response

  5. Acceptable Use – Policy 2 • Be a good citizen • No attempt to circumvent rules or security controls on resources • If told there is a problem, modify your behavior then try to resolve OSG Acceptable Use and Incident Response

  6. Acceptable Use – Policy 3 • Report any suspected compromise of credentials • VO needs to specify where to report problems (e. g. security@opensciencegrid.org) • Also report to issuer of credentials • Report suspected misuse • VO needs to specify where to report (e. g. abuse@opensciencegrid.org) OSG Acceptable Use and Incident Response

  7. Acceptable Use – Policy 4 • Resource providers can regulate access as they deem necessary for • Operational reasons • Security-related reasons • Also still bound by agreements with other organizations, for example: • Home institute • Network provider OSG Acceptable Use and Incident Response

  8. AUP – The Taipei Accord • (1) You may only perform work, or transmit or store data consistent with the activities and policies of the Virtual Organizations of which you are a member, and only on resources authorized for use by those Virtual Organizations. • (2) You will not attempt to circumvent administrative or security controls on the use of resources. If you are informed that some aspect of your grid usage is creating a problem, you will adjust your usage and investigate ways to resolve the complaint. • (3) You will immediately report any suspected compromise of your grid credentials or suspected misuse of grid resources to incident reporting locations specified by the Virtual Organization(s) affected and credential issuing authorities as specified in their agreements and policy statements. • (4) You are aware that resource providers have the right to regulate access as they deem necessary for either operational or security-related reasons and that your use of the Grid is also bound by the rules and policies of the organizations through which you obtain access, e. g. your home institute, your national network and/or your internet service provider(s). OSG Acceptable Use and Incident Response

  9. Incident Response OSG Acceptable Use and Incident Response

  10. Centrally Provided • List of site security points of contact • Email communications • Filter standard email addresses • security@opensciencegrid.org • abuse@opensciencegrid.org • Coordinate with other Grid Operation Centers (GOC) OSG Acceptable Use and Incident Response

  11. Incident Classification • Potential to compromise grid infrastructure • Potential to compromise grid service or VO • Potential to compromise grid user OSG Acceptable Use and Incident Response

  12. Site Responsibilities – 1 • Report grid-related incidents (hi-priority list) • Remove compromised servers • Release only summary information • Have a site incident response plan in place (logs, evidence) OSG Acceptable Use and Incident Response

  13. Site Responsibilities – 2 • Provide security contact information • Follow-up to email discussion list • Take appropriate care with sensitive material collected • Provide appropriate law enforcement with materials for coordination, investigation and prosecution OSG Acceptable Use and Incident Response

  14. Response Teams • Self-organized body of volunteers • Mailing list maintained by GOC • Team organized for severe or complex incidents • Team leader to coordinate efforts OSG Acceptable Use and Incident Response

  15. Incident Handling – 1 • Discovery and reporting • local procedures & GOC list notified • Initial analysis and classification • verify incident and perform classification • Containment • remove resources, services, users • Notification and escalation • notify grid management for more severe OSG Acceptable Use and Incident Response

  16. Incident Handling – 2 • Analysis and Response • Resource tracking (response costs) • Evidence collection • Removal and recovery – regular communication on the discussion list • Post-incident analysis • Close-out report following incident OSG Acceptable Use and Incident Response

  17. Timeline • Jun 04 – Security TG formed • Jul 04 – IR Activity formed • Sep 04 – First draft of plan reviewed • Oct 04 – Coordinate with EGEE/LCG • Nov 04 – Presentation – 2nd EGEE Conf • Dec 04 – Implementation • Jan 05 – Accepted by JSPG for LCG/EGEE • Feb 05 – OSG Integration testbed test • Apr 05 – OSG launch OSG Acceptable Use and Incident Response

  18. The Plan http://computing.fnal.gov/docdb/osg_documents//Static/Lists//FullList.html www.opensciencegrid.org click on “Documents” click on “Search the database and read documents” click on “OSG Security Incident Handling and Response” OSG Acceptable Use and Incident Response

More Related