EGI-CSIRT Face2Face meeting in Amsterdam

4 Apr 2016, 09:00 → 5 Apr 2016, 17:00 Europe/Amsterdam

N328 (Amsterdam)

Daniel Kouril (CESNET), David Kelsey (STFC), Linda Cornwall (STFC), Sven Gabriel (NIKHEF), Vincent Brillault (CERN)

For logistics and video information see the EGI CSIRT private wiki.

https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_F2F_meeting_4_-_5_April,_Amsterdam,_NL

Timings and even the order of topics may change.

Monday, 4 April

09:00 → 12:30 Session 1

09:00 Welcome, introduction, agenda, note takers, logistics etc

Speaker: Dr Sven Gabriel (NIKHEF)

09:30 SVG issues and Risk Assessment (SCG)

Report and discussion on Security Threat Risk Assessment. outcomes - what we are doing or need to do to address the main areas of concern. Monitoring other than the WN. Some vulnerabilities are considered 'Critical' in some cases, but not 'Critical' on the WN, which is all that can be monitored at present. Is there anything better that can be done?

Speaker: Linda Cornwall (STFC)

10:30 Coffee

11:00 Security Monitoring

Update on RT-IR Update on pakiti, security dashboard How to use the tools as Security Officer on Duty

Speaker: Daniel Kouril (CESNET)

Slides rt_upgrade.pptx

12:30 → 14:00 Lunch

14:00 → 17:00 Session 2

14:00 IRTF part 1

Presentation - expectations of the officer on duty (15 minutes presentation, 15 minutes discussions?) Massticket-tool (as part of How to use the tools as Security Officer on Duty Input from: (Daniel/Ian/Vincent/Toby) Basic presentation on how to use mass ticket Discuss on how to improve the template/make it simpler 15 minutes presentation, 30 minutes discussion? Central Banning Update from Vincent - (IanN) testing UK-argus banning system if Ian has tested it, a report on testing the UK ngi-central banning system. (related to ticket 10171)

Speakers: Daniel Kouril (CESNET), Mr Ian Neilson (STFC), Mr Tobias Dussa (KIT-CERT), Vincent Brillault (CERN)

15:30 More coffee

16:00 IRTF part 2

Debriefing for EGI-20160228-01 Less than 15 minutes, this is a simple incident Debriefing for EGI-20160301-01 At least 15 minutes? Quite few complications. Output interesting for Fedcloud part of the meeting

Speaker: Vincent Brillault (CERN)

Tuesday, 5 April

09:00 → 12:30 Session 3

09:00 Agenda review

09:10 Security policies

Brief update of status of new/revised policies. Policies to be updated in 2016. Some word-smithing on one policy (if time?)

Speaker: David Kelsey (STFC)

10:00 EGI-Engage SA1.2

Reminder of what happened in PY1. Roadmap for PY2 (starting 1 March 2016).

Speaker: David Kelsey (STFC)

10:30 Coffee

11:00 Update on SSC

Speaker: Dr Sven Gabriel (NIKHEF)

11:30 News from ISGC2016, EGI CSIRT web & wiki

Speaker: Dr Sven Gabriel (NIKHEF)

12:00 Plans for next meetings

12:30 → 14:00 Lunch

14:00 → 17:00 Session 4

14:00 EGI FedCloud Security

VB (15 min + 15 min Discussion) Incident Response in FedCloud -summary of Cloud incidents, what is working well, what not, what is missing (30 min + Discussion) EGI Federated Cloud improvement plan (focus on security) Sveng: RP Certification Procedure (15 min Presentation 15 min Discussion) Discussion VM/User Management beyond OpenNebula (Boris) Automated security checks done by CZ (Daniel)

Speakers: Boris Parak (CESNET), Daniel Kouril (CESNET), Dr Enol Fernandez (EGI.eu), Dr Sven Gabriel (NIKHEF), Vincent Brillault (CERN)

15:30 More Coffee

16:00 EGI FedCloud Security (continued)

16:30 AOB, wrap-up