EGI-CSIRT Face2Face meeting in Prague

Europe/Amsterdam
Prague

Prague

Description
For logistics and video information see the EGI CSIRT private wiki. Timings and even the order of topics may change.
    • 13:00 13:30
      Intro

      Agenda

      • 13:00
        Intro / Agenda 30m
        Speaker: Dr Sven Gabriel (NIKHEF)
    • 13:30 14:30
      SVG
      Convener: Linda Cornwall (STFC)
      slides
    • 14:30 15:30
      EGI-CSIRT Web Appearance: Web Page

      Status EGI-CSIRT Web Page

      Conveners: Barbara Krasovec (JSI), Mr Ian Neilson (STFC), Sophie Ferry (CEA)
      slides
    • 15:30 16:00
      Coffee 30m
    • 16:00 18:15
      IRTF: VenomRootkit

      Presentation: Close out report https://rt.egi.eu/rt/RTIR/Display.html?id=12218 (Daniel)
      Discussion Incident handling in IRTF

      Conveners: Daniel Kouril (CESNET), Vincent Brillault (CERN)
      • 16:00
        Venom Rootkit 30m
        Speaker: Daniel Kouril (CESNET)
      • 16:30
        Debriefing 1h
        Speakers: Daniel Kouril (CESNET), Dr Sven Gabriel (NIKHEF), Vincent Brillault (CERN)
    • 09:00 12:30
      ISGC: Presentations:CSIRT/Fyodor Training:Planning

      We have a presentation on EGI-CSIRT, with a paper in the event journal, can be used as a reference.
      Discuss the contents, who delivers it

      Convener: Dr Sven Gabriel (NIKHEF)
      • 09:00
        ISGC CSIRT Presentation 30m
        Speaker: Dr Sven Gabriel (NIKHEF)
      • 09:30
        ISGC Fyodor 30m
        Speaker: Fyodor Yarochkin (AS)
      • 10:00
        ISGC Training 30m
        Speaker: Dr Sven Gabriel (NIKHEF)
      • 10:30
        coffee 30m
      • 11:00
        Trainings in EGI 1h
        Speaker: Dr Sven Gabriel (NIKHEF)
    • 12:30 14:00
      Lunch 1h 30m
    • 14:00 15:30
      Random Stuff

      Discussion of various topics

      Conveners: Daniel Kouril (CESNET), Mr Ian Neilson (STFC), Vincent Brillault (CERN)
      • 14:00
        Enhanced privacy for security-related GGUS tickets 15m
        ... evaluate the possibility for security officers to open GGUS tickets for selected sites, informing them on sensitive information (poorly configured services, urgent patches, etc) so, such tickets should remain more private than the rest. Today, GGUS ticket viewing requires a valid certificate from a trusted CA AND also to be a registered GGUS user. Also, GGUS tickets are not googleable, except for some fora who decided to use google groups (don't ask me why!!!???) e.g. https://groups.google.com/forum/#!topic/argus-support/gWDksPP5P5s Still, the security officers, to integrate security and operations (and not use the EGI RT) would like the list of DNs allowed to track such GGUS tickets to be more restricted. ...
        Speakers: Mr Ian Neilson (STFC), Vincent Brillault (CERN)
      • 14:15
        Argus monitoring 30m
        The argus framework was never tested on a project level. Start project to test the that the banning info ends up at the CEs/WMSs/in the VO-WMSes (Panda, CRAB etc) banning Issues with the storage systems. Presentation: IanN,Status update from UK on testing argus
        Speakers: Mr Ian Neilson (STFC), Vincent Brillault (CERN)
      • 14:45
        VB Security contact mailing list 15m
        Speaker: Vincent Brillault (CERN)
      • 15:00
        VB Procedures for introduction SUID binary? 25m
        Speaker: Vincent Brillault (CERN)
    • 15:30 16:00
      More Coffee 30m
    • 16:00 18:30
      IRTF: Random Stuff

      Presentation: Close out report https://rt.egi.eu/rt/RTIR/Display.html?id=12218 (Daniel)
      Discussion Incident handling in IRTF

      Conveners: Daniel Kouril (CESNET), Dr Sven Gabriel (NIKHEF), Vincent Brillault (CERN)
      • 16:30
        Security Monitoring /Dashboard Status Update 30m
        Status of the IRTF tools: - Security Dashboard - RT-IR - Massticket system - Single Ticket mode
        Speakers: Daniel Kouril (CESNET), Vincent Brillault (CERN)
      • 17:00
        IR in FedCloud, preparation session 1h
        - Prepare for the Session with FedCloud on Thursday - With who do we communicate - Do we treat FedCloud Users as Admins? (Trustwise, i.e. add them to the ticket?) - What is the role of the VO here? - Note: we may see situations, were users set up compute clusters in the cloud, to be used by multiple people from a vo - Note 2: we may see situations, were users set up compute clusters in the cloud, to be used by individuals with which we have no connection what-so-ever
        Speaker: Vincent Brillault (CERN)
      • 18:00
        VB IRTF Mandate, duty rota and future 30m
        Speaker: Vincent Brillault (CERN)
    • 09:00 10:00
      FedCoud Security: Debriefing [EGI-20161124-01] Vulnerable NFS Configuration in VMs

      Security of orchestration/contextualisation services

    • 10:00 10:30
      Coffee 30m
    • 10:30 11:30
      FedCoud Security: Indigo

      Security of orchestration/contextualisation services

    • 11:30 12:30
      SSC-FC: Status Update

      Develop the security challenge framework
      Page 39 of 64Experience from EGI-InSPIRE has shown that performing security service challenges on the operational infrastructure
      is useful confirm that there is sufficient audit information for traceability of any incident, that procedures and tools are
      sufficient and that participants are trained and aware of the need to participate in incident response. The framework for
      these security challenges will be modified and extended to meet the evolving scenarios.
      Develop the software vulnerability handling process to adapt to new technology and deployments
      Software vulnerability issues in the EGI core infrastructure have been handled through a close relationship with
      the technology providers, many of whom supply members of the Software Vulnerability Group (SVG). The general
      principles will remain, including the assessment of risks and the issuing of advisories. In the evolving scenarios of EGI-
      Engage there are, however, likely to be different types of relationship with the technology providers, especially when
      this does not involve membership of SVG. The procedures and methods for handling vulnerabilities in EGI-Engage
      will evolve accordingly.

       FedCloud SSC
          presentation Status 15 min.
          discussion
      

      expected outcome:

      next steps
      wps (who does what)
      timeline
      
      
      Communication channel SSCs (who coordinates this?)
          NGI RT-IR: We should use bulk ticket creation for that
              Presentation: Status tools / how we did this in the past / summary earlier results 
          Site-Security Telephone numbers check Per NGI
              Preparation: compile checklist / like where do we end up, does the person picking up the phone know what we are talking about
      

      expected outcome:

      status report of the quality our communication channels (mail/phone)
      present at OMB?
      
      Conveners: Boris Parak (CESNET), Dr Sven Gabriel (NIKHEF)
    • 12:30 14:00
      Lunch 1h 30m
    • 14:00 16:00
      SA1-2 Planning EINFRA-12 bidding and proposals: Planning / Wrap up
      Conveners: David Kelsey (STFC), Dr Sven Gabriel (NIKHEF)