EGI CSIRT team monthly meeting

Name: EGI CSIRT team monthly meeting
Start: 2010-10-21T14:30:00+02:00
End: 2010-10-21T15:30:00+02:00
Location: EVO - EGI CSIRT meeting

Thursday 21 Oct 2010, 14:30 → 15:30 Europe/Amsterdam

EVO - EGI CSIRT meeting

Mingchao Ma (STFC - RAL)

Description

A monthly team meeting to discuss team activities and issues It will be on EVO (http://evo.caltech.edu/evoGate/). Meeting can be found in Universe community, please search EVO meeting with keyword "EGI CSIRT" Access information can be found at: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting EVO Phone Bridge Telephone Numbers: --------------- - USA (Caltech, Pasadena, CA) +1 626 395 2112 - Switzerland (CERN, Geneva) +41 22 76 71400 - Slovakia (UPJS, Kosice) +421 55 234 2420 - Italy (INFN, several cities) http://server10.infn.it/video/index.php?page=telephone_numbers Enter '4000' to access the EVO bridge - Germany (DESY, Hamburg) +49 40 8998 1340 - USA (BNL, Upton, NY) +1 631 344 6100 - United Kingdom (University of Manchester) +44 161 306 6802 - Australia (ARCS) +61 Adelaide 08 8463 1011 Brisbane 07 3139 0705 Canberra 02 6112 8742 Hobart 03 623 70281 Melbourne 03 8685 8362 Perth 08 6461 6718 Sydney 02 8212 4591 - Netherlands (Nikhef, Amsterdam) +31 20 7165293 Dial '2' at the prompt - Canada (TRIUMF, Vancouver) +1 604 222 7700 - Czech Republic (CESNET, Prague) +420 95 007 2386 - USA (MIT, Cambridge, MA) +1 617 715 4691 - France (RAP, Paris) +33 144 27 81 50

- 14:30 → 14:35
  
  Minutes taker and Project update 5m
  
  Minutes taker - DC of the week or the backup
- 14:35 → 14:45
  
  incident at GRISU-COMETA-INFN-CT[EGI-20101018-01] and open vulnerabilities: CVE-2010-3847 and CVE-2010-3904 10m
  
  Incident at GRISU-COMETA-INFN-CT - compromised system reinstalled without backup/analysis - What went wrong and how to improve it? Open vulnerabilities - Current status - How to monitor site patching status? Vulnerability disclose??
- 14:45 → 15:00
  
  Group activities update and forward planning 15m
  
  Update from group coordinators: --IRTF (Leif) Wiki page update: https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting update incident handling flowchart? Vulnerability handling procedure (See Linda's draft)? Risk assessment procedure (SVG or joint SVG and CSIRT)? Other procedure? Detail plan for the coming month and quarter? --Security monitoring (Daniel) Pakiti development and new requirement Operational dashboard integration Nagios development Detail plan for the coming month and quarter? --Security drill (Sven) How can NGIs run SSC4? Detail plan for the coming month and quarter? --Security training & dissemination (Helene on behalf of Dorine) Plan for next 12 months * put security training and dissemination materials on the EGI-CSIRT public site. * build a database of grid security expert * organize a training event at each user forum and technical forum. * Define with NGI security officer which support they want from EGI-CSIRT . * Define an security training strategy ( agenda of training EGI events, contents of security materials). [ Actors implied: EGI-CSIRTS, SPG, SSG . ] * Define common training strategy with other EGI operational group (like COD, operationnal procedures, ...).
- 15:00 → 15:20
  
  post-mortem: handling CVE-2010-3081 20m
  
  Things need to be improved - Procedure? - Template? - Communication? - Assistant tool like RTIR? * http://espinete.rediris.es/ * Anyone tried it? - Monitoring tool improvment and integration? * Access control (pull DNs from GOCDB) * One time link * Adding kernel exception * fine-grain filter (e.g X86_64) - ??? ???
- 15:20 → 15:25
  
  update from team members 5m
  
  A quick roundtable update
- 15:25 → 15:30
  
  Action review and AOB 5m
  
  To review any pending actions and ongoing issues https://rt.egi.eu/rt/index.html A list of new actions from this meeting AOB Next monthly meeting: 18-Nov-2010