EGI CSIRT team monthly meeting

Europe/Amsterdam
EVO - EGI CSIRT meeting

EVO - EGI CSIRT meeting

Mingchao Ma (STFC - RAL)
Description
A monthly team meeting to discuss team activities and issues It will be on EVO (http://evo.caltech.edu/evoGate/). Meeting can be found in Universe community, please search EVO meeting with keyword "EGI CSIRT" Access information can be found at: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting EVO Phone Bridge Telephone Numbers: --------------- - USA (Caltech, Pasadena, CA) +1 626 395 2112 - Switzerland (CERN, Geneva) +41 22 76 71400 - Slovakia (UPJS, Kosice) +421 55 234 2420 - Italy (INFN, several cities) http://server10.infn.it/video/index.php?page=telephone_numbers Enter '4000' to access the EVO bridge - Germany (DESY, Hamburg) +49 40 8998 1340 - USA (BNL, Upton, NY) +1 631 344 6100 - United Kingdom (University of Manchester) +44 161 306 6802 - Australia (ARCS) +61 Adelaide 08 8463 1011 Brisbane 07 3139 0705 Canberra 02 6112 8742 Hobart 03 623 70281 Melbourne 03 8685 8362 Perth 08 6461 6718 Sydney 02 8212 4591 - Netherlands (Nikhef, Amsterdam) +31 20 7165293 Dial '2' at the prompt - Canada (TRIUMF, Vancouver) +1 604 222 7700 - Czech Republic (CESNET, Prague) +420 95 007 2386 - USA (MIT, Cambridge, MA) +1 617 715 4691 - France (RAP, Paris) +33 144 27 81 50
    • 1
      Minutes taker and Project update
      Last meeting minutes: https://wiki.egi.eu/csirt/index.php/Monthly_Meeting_Minutes_21-12-2010 Minutes taker - DC of the week or the backup Please upload minutes to: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting#Monthly_Meeting_Minutes There will be a OMB face to face meeting on 24-25 Jan 2011 at Amsterdam; EGIUF2010 (11-15 April 2011)
    • 2
      EGI Critical Vulnerability Handling procedure
      https://documents.egi.eu/secure/ShowDocument?docid=283 Aim for all EGI sites, being reviewed by NOC managers and OMB; Will also be reviewed and possibly approved at next OMB face to face meeting https://documents.egi.eu/secure/ShowDocument?docid=282 More detail, aim for CSIRT and SVG members; will complete by end of March?? Primary author: Linda Primary reviewer: Leif? Primary editor: ??
    • 3
      RTIR update - Carlos or Sven
      In progress: - Goc-DB Integration complete?? - Progress of developing templates for communication? - Progress of developing interface between ticket-status and ssc-monitor? - Progress of automated user-management monitoring (user ban status)? - Progress of reworking the malware (stability, reporting, functionality) this is not necessarily needed for the NGI-Run but for Concerted run? - Complete date? - Any issue or problem?
    • 4
      Group activities update, plans and objectives for 2011
      IRTF ==== Update: EGI IR Site Checklist (see attached pdf), any comment? (Toby) EGI IR flowchar update? Wiki page update: https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting Plan for 2011: - To develop and improve our operational procedure Critical vulnerability handling by end of Jan. Internal procedure by end of March? - Milestone MS412 update incident response operational Security Procedure or produce newly idetified procedure at PM15 (Aug. 2011) - To improve sites' patch management - RTIR in operation by ?? Security monitoring =================== Update: Security dashboard and integration Pakit and Nagios development Plan for 2011: - Security Dashboard, prototype by end of June and first release by end of December (or September, before EGITF2011)? - Processing of security monitoring data and automatic alerting What and when? - Nagios & Pakiti development (statistics, etc.) What and when? - site-level support (e.g. guides on centralized syslog, etc.) Security drill ============== Update preparation for SSC4 NGI run - Spanish NGI, when to start? Other development work? Plan for 2011: - SSC4 run in NGIs Number of NGIs going to be challenges in 2011? How long will it take to complete SSC4 across EGI? - SSC across NGIs, by end of June 2011 will address the Incident-Coordination-Capabilities of EGI-CSIRT itself, in particular the *collaboration* among the CERT-Teams (EGI-CSIRT, Site-CSIRTS, ATLAS-CERT) in a simulated incident affecting many sites at once. - SSC4 framework (SSC-Monitor) improvement by end of June 2011 * test-incident-status monitoring: stability/reliability (activity of the malware/user access management at the sites (banning/unbanning) * automate evaluation of the sites security operations and reporting - Other SSC4 frame improvements by end of December 2011 * Integrate other Experiment Job-submission frameworks (CMS) * Evaluate SSCs addressing particaluarities of VMs (StratusLab) Security training & dissemination ================================= Update: Plan for 2011: Manage EGI Wikis and mailing lists To organise security training at next EGI technical forum
      document
    • 5
      Next face to face meeting
      Doodle poll: http://www.doodle.com/taceqg3u6v4feaxm Date: 6-7 April 2011 Possible topics - Risk assessment - ToR and procedure development - CSIRT best practices - RTIR hands on training - IRTF - Security Drill - Security Monitoring - Security Training
    • 6
      AOB
      Next monthly meeting: 17th Feb. 2011