1 / 11

Incident Response Plan for the Open Science Grid

Incident Response Plan for the Open Science Grid. 2 nd EGEE Conference Den Haag, Netherlands 25 Nov 2004 Bob Cowles – bob.cowles@slac.stanford.edu. Principles. OSG is a with little central control or resources – almost everything has to be done by the sites or the VOs

claudioc
Download Presentation

Incident Response Plan for the Open Science Grid

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Incident Response Plan for the Open Science Grid 2nd EGEE Conference Den Haag, Netherlands 25 Nov 2004 Bob Cowles – bob.cowles@slac.stanford.edu

  2. Principles • OSG is a with little central control or resources – almost everything has to be done by the sites or the VOs • Sites security personnel will need to feel comfortable with grid use of resources • limited additional risks • local control over decisions • Coordinate with EGEE/LCG efforts • KISS or “Simplify and add lightness” OSG Incident Response

  3. Centrally Provided • List of site security points of contact • Email communications • Filter standard email addresses • security@opensciencegrid.org • abuse@opensciencegrid.org • Coordinate with other Grid Operation Centers (GOC) OSG Incident Response

  4. Site Responsibilities – 1 • Report grid-related incidents (hi-priority list) • Remove compromised servers • Release only summary information • Have a site incident response plan in place (logs, evidence) OSG Incident Response

  5. Site Responsibilities – 2 • Provide security contact information • Follow-up to email discussion list • Take appropriate care with sensitive material collected • Provide appropriate law enforcement with materials for coordination, investigation and prosecution OSG Incident Response

  6. Incident Classification • Potential to compromise grid infrastructure • Potential to compromise grid service or VO • Potential to compromise grid user OSG Incident Response

  7. Response Teams • Self-organized body of volunteers • Mailing list maintained by GOC • Team organized for severe or complex incidents • Team leader to coordinate efforts OSG Incident Response

  8. Incident Handling – 1 • Discovery and reporting • local procedures & GOC list notified • Initial analysis and classification • verify incident and perform classification • Containment • remove resources, services, users • Notification and escalation • notify grid management for more severe OSG Incident Response

  9. Incident Handling – 2 • Analysis and Response • Resource tracking (response costs) • Evidence collection • Removal and recovery – regular communication on the discussion list • Post-incident analysis • Close-out report following incident OSG Incident Response

  10. Timeline • Jun 04 – Security TG formed • Jul 04 – IR Activity formed • Sep 04 – First draft of plan reviewed • Oct 04 – Coordinate with EGEE/LCG • Nov 04 – Presentation – 2nd EGEE Conf • Dec 04 – Implementation • Jan 05 – Implementation & testing • Feb 05 – OSG; EGEE Review OSG Incident Response

  11. The Plan http://computing.fnal.gov/docdb/osg_documents//Static/Lists//FullList.html www.opensciencegrid.org click on “Documents” click on “Search the database and read documents” click on “OSG Security Incident Handling and Response” OSG Incident Response

More Related