1 / 15

LCG/EGEE Operational Security Coordination

This Operational Security Coordination Team (OSCT) aims to facilitate effective response, arrange necessary services, manage incident follow-up, support security improvements, and provide information and awareness in the grid deployment. Acting as a point of contact, they liaise with development and deployment groups and assist in deploying security monitoring tools. Their main goal is to ensure that processes work smoothly by coordinating efforts among various entities in the grid deployment. Common policies, processes, organizational structures, relationships, and communication methods are established to handle cyber security incidents effectively. Early milestones include adopting guidelines from OSG, managing security pages, and working on security monitoring and tools. The team also focuses on incident handling and response readiness by conducting planned security challenges, evaluating procedures, updating response protocols iteratively, and providing feedback to enhance security testing components.

everetteallen
Download Presentation

LCG/EGEE Operational Security Coordination

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. LCG/EGEE Operational Security Coordination Ian Neilson Grid Deployment Group CERN EGEE Den Haag 25 Nov 2004 - 1

  2. Operational Security Coordination Team • OSCT - What is expected? • Grid Security incident handling • Cannot handle centrally – why? • No central operational authority • The scale of the grid • Regional barriers • Hence: COORDINATION Team • Facilitate effective response • Arrange necessary services • ‘Manage’ incident follow-up • Support for improving security • Information and awareness • Publish security advice • Point of contact • Liaise with development & deployment groups • Assist deployment of security monitoring tools • Service Challenges • Make sure processes work • ? EGEE Den Haag 25 Nov 2004 - 2

  3. OSCT Security Activities in EGEE Security Activities in EGEE From Dave Kelsey’s CHEP’04 Plenary Talk CA Coordination NA4 NA4 NA4 NA4 Solutions/Recommendations Req. JRA3 JRA1 Req. Req. Req. Joint Security Policy Group Middleware Security Group EGEE/LCG Joint Security Group Req. “Joint Security Group” defines policy and procedures For LCG/GDB and EGEE/SA1 (Cross Membership of OSG) Req. SA1 EGEE Den Haag 25 Nov 2004 - 3

  4. CSIRT Media/Press “PR” CIC/GOC “External” GRID OSCT RC ROC Security Coordination - Channels EGEE operational channels still being established. Responsibilities and processes being defined. EGEE Den Haag 25 Nov 2004 - 4

  5. Operational Security Coordination • Who is the OSCT? • So far - • Ian Neilson • 11 * ROC contact(s) • Not much discussion so far • ROC managers meeting • LCG Workshop • This meeting….. • Who else? • Other collaborating grids • CERTS • Anybody who will contribute! EGEE Den Haag 25 Nov 2004 - 5

  6. Operational Security Coordination Team • Incident Handling • Proposal: Adopt Guidelines from OSG [Bob Cowles] • Early milestones • Proposal: Contact data management by ROCs via GOCdb • What has to happen? • Controlled site registration process [see SA1/JSPG session this morning] • Some GOC technical: • DB Authorization model / Mailing list generation … • Process to validate and maintain? • Timeline • Data managed in DB – Feb? • Full process – April? EGEE Den Haag 25 Nov 2004 - 6

  7. Operational Security Coordination • Early milestones • Proposal: Working group to manage “Security Pages” • Issues • Where to host (LCG, GOC, CIC … pages)? • Create content • Commitment + process to maintain • Timeline • Start now, 6 months ‘reasonably comprehensive site’ • Proposal: Working Group on Security Monitoring & Tools • Issues • What is necessary, what is available? • How is it used • Publish on “Security Pages” • Timeline • Start now, 12 months ??90% sites covered ‘in some way’ EGEE Den Haag 25 Nov 2004 - 7

  8. And now….OSG Incident Handling Guide EGEE Den Haag 25 Nov 2004 - 8

  9. Operational Security Coordination Team • OSG - Security Incident Handling and Response Guide • To guide the development and maintenance of a common capability for handling and response to cyber security incidents on Grids. • The capability will be established through • (1) common policies and processes, • (2) common organizational structures, • (3) cross-organizational relationships, • (4) common communications methods, and • (5) a modicum of centrally-provided services and processes. EGEE Den Haag 25 Nov 2004 - 9

  10. Operational Security Coordination • Further Incident Handling Issues • Ticket Tracking • Do we need this? • Appropriate contact levels • Site security officer or responsible grid admin? • Post-mortem analysis • Site information handling policies • Public/Press Relations • Ad-hoc team building • Building process, communications • Relationship to NRENS/CSIRTS • They have experience • Existing communications channels • They may have authority • Relationship with other Grid projects • Information sharing policies EGEE Den Haag 25 Nov 2004 - 10

  11. Operational Security Coordination • Security Service Challenges • Objectives (https://edms.cern.ch/document/478367) • a) Evaluate the effectiveness of current procedures by simulating a small and well defined set of security incidents. • b) Use the experiences of a) in an iterative fashion (during the challenges) to update procedures. • c) Formalise the understanding gained in a) & b) in updated incident response procedures. • d) Provide feedback to middleware development and testing activities to inform the process of building security test components. EGEE Den Haag 25 Nov 2004 - 11

  12. Operational Security Coordination Team • Service Challenges • Announced Fire Drills • Check processes are understood • Check the information is available • Check processes work • Controlled improvement cycle • Initial plans: 2 VERY simple exercises • Can we trace a job through the system? • Submit a job that sends an email (or something like) • Report as ‘incident’ • Trace who, where, what route? • Can we do the same for a file? EGEE Den Haag 25 Nov 2004 - 12

  13. Operational Security Coordination Team • Service Challenges • Proposal: • Dry run feasibility • Create guidelines, ?tools and plan • ROCs/OSCT coordinate exec across sites • Feedback to security pages • Timeline • Dry run start now • Work through ROCS – Feb • ROCS work through sites – May • Future • Unannounced fire drills • Disruptive testing • The real thing EGEE Den Haag 25 Nov 2004 - 13

  14. Operational Security Coordination • Summary - 1 • “Start small and keep it simple.” • Define basic structures • JSPG review and update policy documents • ROCs to take over management of contacts lists • Must integrate with site registration process • Establish what level of support is behind site security entries • Relationships with local/national CERT • Validate/test entries • Exercise channels and raise awareness by Security Challenges EGEE Den Haag 25 Nov 2004 - 14

  15. Operational Security Coordination • Summary – 2 • Proposal: Adopt Guidelines from OSG • Proposal: Contact data management by ROCs via GOCdb • Proposal: Working group to manage “Security Pages” • Proposal: Working Group on Security Monitoring & Tools • Ongoing Service Challenges • OSCT workshop • Early Spring ’05? EGEE Den Haag 25 Nov 2004 - 15

More Related