OSCT F2F meeting, Nikhef, Amsterdam Minutes of Day 1 (22nd March 2010), taken by Mingchao Ma Training and dissemination Mingchao gave a presentation on security training and dissemination in EGEE III. The presentation can be found at: http://indicoprev.cern.ch/getFile.py/access?sessionId=1&resId=0&materialId=0&confId=87622 A few comments were made at the end of the presentation. David commented that it will be good to have a central repository for all these training material. Romain also commended that it will be even better to develop some training modules which can be used by others. Mingchao said a central repository can be setup and training materials from TERANA can also be used for training. It is recommended to have a train for the trainer session at the first EGI technical conference in September. It is also recommended to contact TERANA to see if it is possible to organize a training workshop only for EGI/NGI security officers. It is also a good opportunity to have a training session at first EGI technical conference in September. Romain gave a presentation on the new development of Argus service, presentation can be found at: http://indicoprev.cern.ch/materialDisplay.py?sessionId=9&materialId=0&confId=87622 Discussion on who can access/modify/update the banning list? They can be all NGIs security officers, EGI/OSG/WLCG security officers or CERN CERT staff only. It is believed that the access to the banning list should be limited to a small number of people. A procedure and banning criteria under which a user/vo/CA can be banned should be developed. CERN is happy to host the service, but it is unlikely to provide a 24/7 service. Break for lunch at 12:00, back at 14:00 Security Service Challenge Sven and Angela gave update on security service challenges and also information on the oncoming SSC4. Presentations can be found at: http://indicoprev.cern.ch/getFile.py/access?sessionId=2&resId=0&materialId=0&confId=87622 Feedbacks on the implementation of the new SSC framework are very welcome. A comment on incident procedure was made by one NGI security officer that it was not easy to find the procedure in the past SSC. Another comment on forensic service was that NGI might provide such service. One asked how to prepare for SSC4, Sven answered that no special preparation is needed; the challenge is a way to measure the security posture of the tested site. Security monitoring Daniel gave an introduction on security monitoring (http://indicoprev.cern.ch/materialDisplay.py?sessionId=3&materialId=0&confId=87622) A question raised on the effort available in EGI for the maintenances of security probes, if a NGI can take the maintenance work? Daniel answered that probes should be maintained by us but efforts should come from other NGIs as well. A question of if a project-wide Pakiti service will be available, the answer is the service will be still available in EGI. There is also discussion on how to run Pakiti service at different level (site, NGI and/or EGI). A nice feature to have is to visualize the patching status so that it is easier for the management to understand the impact of the vulnerability Coffee Break at 15:45 for 30 minutes, back at 16:15 Michal gave an presentation about Pakiti (http://indicoprev.cern.ch/getFile.py/access?sessionId=3&resId=0&materialId=1&confId=87622)Michal also demonstrated some new functions of Pakiti. A question was raised about software packages provided by VOs, is Pakiti able to control or check software installed by VOs? Daniel answered that there is SAM probe to test file system. Romain answered that there is little to do with Pakiti as VOs can install any software they want. And there is no information on how to manage the VOs software. Christos Triantafyllidis gave a presentation on security monitoring - Nagios, which can be found at: http://indicoprev.cern.ch/materialDisplay.py?sessionId=4&materialId=0&confId=87622 Daniel has a question to Emir if the ACL issue can be solved before the end of EGEE III. Emir answered that it is not a technical issue, it is about which approach should be taken. Will there be a project-wide centralized Nagios box run by the project? No answer to it at the moment, but probable a centralized instance is not the way to go. Does EGI trust the information from NGIs? We have to put some basic trust to the NGIs. Daniel gave another presentation on areas of interest in security monitoring for EGI. Two approaches of how to implement the security monitoring: using public interface or internal interface which requires consent from sites; Tools for trace users' activities; Guides/tools for log management; Integration with EGI monitoring framework; Romain asked if it is possible to use APEL account data for security monitoring purpose as OSG uses account data for security incident analysis. It seems possible, Daniel will explore it further. OSCT F2F meeting, Nikhef, Amsterdam Minutes of Day 2 (23rd March 2010), taken by Mingchao Ma Jules from Sara gave a presentation on DEISA operational security. A brief introduction on DEISA project was given and followed by various operational security issues such as security policy, incident handling, DEISA security teams and access control in DEISA etc. Romain asked how many incidents in the past year. There were a few incidents reported from sites, but there might be more at sites. Users like SSH access, they hate certificates. DEISA adopted JSPG's policies with some modification. A common set of policies is desired, closer collaboration with JSPG is needed. How to strength the collaboration between DEISA CERT and other CSIRTs teams. A more formal collaboration might be needed. Representatives from different CERTs teams can sit in each other's mailing list to share information. Romain gave a short presentation on OSCT security work in the past 6 years. OSCT work and achievement in the past 6 years has been discussed. Slides can be found at: http://indicoprev.cern.ch/materialDisplay.py?sessionId=5&materialId=0&confId=87622 Coffee break at 9:30 for 30 minutes

Related material