Vincent Brillault
(CERN)
18/05/2017, 16:00
Clarify procedures (VOs, AAI check-in, robots)
Discussion, identify possible policy violations of the users/VO, escalate to Management via OMB
Mr
Tobias Dussa
(KIT-CERT)
18/05/2017, 16:30
Concept to use syncthing to share VM images, what is needed at the sites, what at irtf. POC, then ask OMB for approval/support
Mr
Ian Neilson
(STFC),
Vincent Brillault
(CERN)
The argus framework was never tested on a project level.
Start project to test the that the banning info ends up at the CEs/WMSs/in the VO-WMSes (Panda, CRAB etc)
banning Issues with the storage systems.
Presentation: IanN,Status update from UK on testing argus
Daniel Kouril
(CESNET),
Vincent Brillault
(CERN)
Questions that I see are:
- Monitoring: How to make sure that Operations people are allowed to see
the relevant info.
- Is the info there distinct enough so that they don't trap into false
positives/mitigations/etc, what do we need to do in terms of
training/documentation?
- Ticket creation still be done by us (Massticket Magic)
- Low level tech communications (Advisories etc) should be done...
Mr
Ian Neilson
(STFC),
Vincent Brillault
(CERN)
... evaluate the possibility for security officers to open GGUS tickets for selected sites, informing them on sensitive information (poorly configured services, urgent patches, etc) so, such tickets should remain more private than the rest.
Today, GGUS ticket viewing requires a valid certificate from a trusted CA AND also to be a registered GGUS user. Also, GGUS tickets are not googleable,...
Vincent Brillault
(CERN)
Clarify procedures (VOs, AAI check-in, robots)
Discussion: Problem with Robot Certificates (GoeGrid Incident)
Describe Problem, check if this is a policy violation, escalate to Management (via OMB)
Daniel Kouril
(CESNET),
Vincent Brillault
(CERN)
Status of the IRTF tools:
- Security Dashboard
- RT-IR
- Massticket system
- Single Ticket mode