EGI-CSIRT Face2Face meeting in Amsterdam

Name: EGI-CSIRT Face2Face meeting in Amsterdam
Start: 2016-04-04T09:00:00+02:00
End: 2016-04-05T17:00:00+02:00
Location: Amsterdam

4–5 Apr 2016

Amsterdam

Europe/Amsterdam timezone

Contribution List

11. Welcome, introduction, agenda, note takers, logistics etc

Dr Sven Gabriel (NIKHEF)

04/04/2016, 09:00

Session 1

12. SVG issues and Risk Assessment (SCG)

Linda Cornwall (STFC)

04/04/2016, 09:30

Session 1

Report and discussion on Security Threat Risk Assessment. outcomes - what we are doing or need to do to address the main areas of concern. Monitoring other than the WN. Some vulnerabilities are considered 'Critical' in some cases, but not 'Critical' on the WN, which is all that can be monitored at present. Is there anything better that can be done?

13. Security Monitoring

Daniel Kouril (CESNET)

04/04/2016, 11:00

Session 1

Update on RT-IR Update on pakiti, security dashboard How to use the tools as Security Officer on Duty

14. IRTF part 1

Daniel Kouril (CESNET), Mr Ian Neilson (STFC), Mr Tobias Dussa (KIT-CERT), Vincent Brillault (CERN)

04/04/2016, 14:00

Session 2

Presentation - expectations of the officer on duty (15 minutes presentation, 15 minutes discussions?) Massticket-tool (as part of How to use the tools as Security Officer on Duty Input from: (Daniel/Ian/Vincent/Toby) Basic presentation on how to use mass ticket Discuss on how to improve the template/make it simpler 15 minutes presentation, 30 minutes discussion? Central...

15. IRTF part 2

Vincent Brillault (CERN)

04/04/2016, 16:00

Session 2

Debriefing for EGI-20160228-01 Less than 15 minutes, this is a simple incident Debriefing for EGI-20160301-01 At least 15 minutes? Quite few complications. Output interesting for Fedcloud part of the meeting

16. Agenda review

05/04/2016, 09:00

Session 3

17. Security policies

David Kelsey (STFC)

05/04/2016, 09:10

Session 3

Brief update of status of new/revised policies. Policies to be updated in 2016. Some word-smithing on one policy (if time?)

18. EGI-Engage SA1.2

David Kelsey (STFC)

05/04/2016, 10:00

Session 3

Reminder of what happened in PY1. Roadmap for PY2 (starting 1 March 2016).

21. Update on SSC

Dr Sven Gabriel (NIKHEF)

05/04/2016, 11:00

Session 3

22. News from ISGC2016, EGI CSIRT web & wiki

Dr Sven Gabriel (NIKHEF)

05/04/2016, 11:30

Session 3

23. Plans for next meetings

05/04/2016, 12:00

Session 3

19. EGI FedCloud Security

Boris Parak (CESNET), Daniel Kouril (CESNET), Dr Enol Fernandez (EGI.eu), Dr Sven Gabriel (NIKHEF), Vincent Brillault (CERN)

05/04/2016, 14:00

Session 4

VB (15 min + 15 min Discussion) Incident Response in FedCloud -summary of Cloud incidents, what is working well, what not, what is missing (30 min + Discussion) EGI Federated Cloud improvement plan (focus on security) Sveng: RP Certification Procedure (15 min Presentation 15 min Discussion) Discussion VM/User Management beyond OpenNebula (Boris) Automated security checks done by CZ (Daniel)

24. EGI FedCloud Security (continued)

05/04/2016, 16:00

Session 4

20. AOB, wrap-up

05/04/2016, 16:30

Session 4

4. Integration to IRTF

Vincent Brillault (CERN)

7. Intro / Agenda

Dr Sven Gabriel (NIKHEF)

1. Masstickets

Mr Tobias Dussa (KIT-CERT)

How to go about this? Possible goal: be able to grab a list of all EGI-Critical vuln hosts out of Pakiti, drop it into a script, and presto, the script creates a ticket per site. Reasonable? There would be some prereqs: * As reference, there must be a unified URL format, ideally something like https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/CVE-XXXX-YYYY. (I'd actually like to have the ability...

10. Procedures

Vincent Brillault (CERN)

2. RT-IR in IRTF, useage

Vincent Brillault (CERN)

RT-IR usage in IRTF, Discussion with Maintainer, what do we want to do with rt-ir, hww can this be done with rt-ir, what is needed / who does it

8. Security Policies update

David Kelsey (STFC)

9. Security procedures updates

Vincent Brillault (CERN)

The evolution of operational security procedures, including forensics Refine and extend the current security procedures and tools for incident response and forensics, for example: to take into account new kinds of players (e.g. cloud resource providers), or to extend the emergency suspension mechanism to cover new kinds of services. The security procedures related to other EGI operational...

0. Status Update RT-IR

Daniel Kouril (CESNET)

6. SVG Update and Open Issues

Linda Cornwall (STFC)

3. User/VM Management in FedCloud

Boris Parak (CESNET)

5. VM Management/SSC

Dr Sven Gabriel (NIKHEF)

Needed bits fur SSC-FC VM Management: Start/Stop/Contextualisation How to get the SSC Payload into the VMs What would be needed to control it from SSC-Monitor

Back to the event