EGI CSIRT team monthly meeting
Thursday, 17 February 2011 -
14:30
Monday, 14 February 2011
Tuesday, 15 February 2011
Wednesday, 16 February 2011
Thursday, 17 February 2011
14:30
Minutes taker and Project update
Minutes taker and Project update
14:30 - 14:35
Last meeting minutes: https://wiki.egi.eu/csirt/index.php/Monthly_Meeting_Minutes_20-01-2011 Any question/comment on the minutes? Minutes taker - DC of the week or the backup Please upload minutes to: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting#Monthly_Meeting_Minutes
14:35
Group activities update, plans and objectives for 2011
Group activities update, plans and objectives for 2011
14:35 - 15:10
IRTF ==== Grid-Sec 001 update 19 EGI IR Site Checklist (Toby) EGI IR flowchar update? Wiki page update: https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting operational procedure development RTIR in operation? Security monitoring =================== Update: Security dashboard and integration Pakit and Nagios development Security drill ============== progress of SSC4 development work preparation for SSC4 NGI run - Spanish NGI, when to start? progress of SSC cross NGIs Other development work? Security training & dissemination ================================= === wikis tidy up: = internal wiki Main page will give pointers to categories. Each category corresponds to a use case: -> category 1: About the team - memberships and member list - presentation of activities and global plan - internal procedures and communication channels -> category 2: Activities updates - IRTF - Monitoring - SSC - Training -> category 3: Open ticket and action status -> category 4: Request corner (e.g. want to create a page and don't know wich category fit , seeking for a specific information that is not published, ...) -> category 5: useful links Question: are team leaders ok with that categorization? If yes, the private wiki will be updated accordingly. = public wiki Next action: collect requests for change === security training of the EGI TF Next action: John Smith and Christoph Witzig are waiting a list of topics for middleware session. Issue: How could we follow the agenda building process and make sure that security training is included with the accurate duration?
15:10
EGI Critical Vulnerability Handling procedure
EGI Critical Vulnerability Handling procedure
15:10 - 15:15
1) https://documents.egi.eu/secure/ShowDocument?docid=283 At January 2011 OMB meeting, it has been decided that all operational procedure will be put on wiki instead of DocDB: https://wiki.egi.eu/wiki/Operations:OD#Procedures * COD will not suspend a site; * a few (2 or 3) EGI CSIRT representatives will be given the priviledge to suspend a site via GOCDB * Getting suspended sites back into the infrastructure? 2) Critical Vulnerability Handling Procedure (Joint CSIRT/SVG) (Word Doc) Joint SVG and CSIRT process to handle critical vulnerabilities. https://documents.egi.eu/secure/ShowDocument?docid=282 Primary author: Linda Primary reviewer: Leif 3) On CSIRT (only CSIRT can read) Wiki - Handling Critical Vulnerabilities. This includes more details on use of CSIRT RT etc. What to do with 2 and 3? Linda: I would like to effectively merge 2 and 3 - put all this info on the Wiki. Possibly put the info prior to issuing the 7 day warning on the CSIRT public wiki? Or both on the public wiki? Adding to/modifying what is now on the CSIRT private wiki to ensure it fits the approved process, etc. I don't really think procedures need to be private, I don't see why they can't go on the publicly readable CSIRT wiki.
15:15
RTIR update - Carlos
RTIR update - Carlos
15:15 - 15:20
In progress: - Goc-DB Integration complete?? - Progress of developing templates for communication? - Progress of developing interface between ticket-status and ssc-monitor? - Progress of automated user-management monitoring (user ban status)? - Progress of reworking the malware (stability, reporting, functionality) this is not necessarily needed for the NGI-Run but for Concerted run? - Complete date? - Any issue or problem?
15:20
Next face to face meeting 6-7 April 2011 at KIT Germany
Next face to face meeting 6-7 April 2011 at KIT Germany
15:20 - 15:25
KIT, Ursula and Toby are putting up a web page with detail information on travel, location and registration etc. start from 9 or 9:30 on 6th April and will finish no later than 15:30 on 7th April, comments? * Trust building dinner 6th April, at the cost of individual, about 30 Euro per person, feel free to express your interest when register Possible topics - Risk assessment - ToR and procedure development - CSIRT best practices - RTIR hands on training - IRTF - Security Drill - Security Monitoring - Security Training A session to review and discuss 2011-EGI-sa1-roadmap https://documents.egi.eu/public/RetrieveFile?docid=344&version=1&filename=2011-EGI-sa1-roadmap-v1.0.pdf
15:25
AOB
AOB
15:25 - 15:30
Next monthly meeting: 17th March. 2011 21-25 March, ISGC2011 conference at Taiwan