Name: EGI CSIRT team monthly meeting
Start: 2010-10-21T14:30:00+02:00
End: 2010-10-21T15:30:00+02:00
Location: EVO - EGI CSIRT meeting

EGI CSIRT team monthly meeting

Thursday, 21 October 2010 - 14:30

Monday, 18 October 2010
Tuesday, 19 October 2010
Wednesday, 20 October 2010
Thursday, 21 October 2010

14:30 Minutes taker and Project update
Minutes taker and Project update
14:30 - 14:35
Minutes taker - DC of the week or the backup

14:35 incident at GRISU-COMETA-INFN-CT[EGI-20101018-01] and open vulnerabilities: CVE-2010-3847 and CVE-2010-3904
incident at GRISU-COMETA-INFN-CT[EGI-20101018-01] and open vulnerabilities: CVE-2010-3847 and CVE-2010-3904
14:35 - 14:45
Incident at GRISU-COMETA-INFN-CT - compromised system reinstalled without backup/analysis - What went wrong and how to improve it? Open vulnerabilities - Current status - How to monitor site patching status? Vulnerability disclose??

14:45 Group activities update and forward planning
Group activities update and forward planning
14:45 - 15:00
Update from group coordinators: --IRTF (Leif) Wiki page update: https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting update incident handling flowchart? Vulnerability handling procedure (See Linda's draft)? Risk assessment procedure (SVG or joint SVG and CSIRT)? Other procedure? Detail plan for the coming month and quarter? --Security monitoring (Daniel) Pakiti development and new requirement Operational dashboard integration Nagios development Detail plan for the coming month and quarter? --Security drill (Sven) How can NGIs run SSC4? Detail plan for the coming month and quarter? --Security training & dissemination (Helene on behalf of Dorine) Plan for next 12 months * put security training and dissemination materials on the EGI-CSIRT public site. * build a database of grid security expert * organize a training event at each user forum and technical forum. * Define with NGI security officer which support they want from EGI-CSIRT . * Define an security training strategy ( agenda of training EGI events, contents of security materials). [ Actors implied: EGI-CSIRTS, SPG, SSG . ] * Define common training strategy with other EGI operational group (like COD, operationnal procedures, ...).

15:00 post-mortem: handling CVE-2010-3081
post-mortem: handling CVE-2010-3081
15:00 - 15:20
Things need to be improved - Procedure? - Template? - Communication? - Assistant tool like RTIR? * http://espinete.rediris.es/ * Anyone tried it? - Monitoring tool improvment and integration? * Access control (pull DNs from GOCDB) * One time link * Adding kernel exception * fine-grain filter (e.g X86_64) - ??? ???

15:20 update from team members
update from team members
15:20 - 15:25
A quick roundtable update

15:25 Action review and AOB
Action review and AOB
15:25 - 15:30
To review any pending actions and ongoing issues https://rt.egi.eu/rt/index.html A list of new actions from this meeting AOB Next monthly meeting: 18-Nov-2010