EGI CSIRT team monthly meeting

Name: EGI CSIRT team monthly meeting
Start: 2011-02-17T14:30:00+01:00
End: 2011-02-17T15:30:00+01:00
Location: EVO - EGI CSIRT meeting

Thursday 17 Feb 2011, 14:30 → 15:30 Europe/Amsterdam

EVO - EGI CSIRT meeting

Mingchao Ma (STFC - RAL)

Description

A monthly team meeting to discuss team activities and issues It will be on EVO (http://evo.caltech.edu/evoGate/). Meeting can be found in Universe community, please search EVO meeting with keyword "EGI CSIRT" Access information can be found at: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting EVO Phone Bridge Telephone Numbers: --------------- - USA (Caltech, Pasadena, CA) +1 626 395 2112 - Switzerland (CERN, Geneva) +41 22 76 71400 - Slovakia (UPJS, Kosice) +421 55 234 2420 - Italy (INFN, several cities) http://server10.infn.it/video/index.php?page=telephone_numbers Enter '4000' to access the EVO bridge - Germany (DESY, Hamburg) +49 40 8998 1340 - USA (BNL, Upton, NY) +1 631 344 6100 - United Kingdom (University of Manchester) +44 161 306 6802 - Australia (ARCS) +61 Adelaide 08 8463 1011 Brisbane 07 3139 0705 Canberra 02 6112 8742 Hobart 03 623 70281 Melbourne 03 8685 8362 Perth 08 6461 6718 Sydney 02 8212 4591 - Netherlands (Nikhef, Amsterdam) +31 20 7165293 Dial '2' at the prompt - Canada (TRIUMF, Vancouver) +1 604 222 7700 - Czech Republic (CESNET, Prague) +420 95 007 2386 - USA (MIT, Cambridge, MA) +1 617 715 4691 - France (RAP, Paris) +33 144 27 81 50

- 1
  
  Minutes taker and Project update
  
  Last meeting minutes: https://wiki.egi.eu/csirt/index.php/Monthly_Meeting_Minutes_20-01-2011 Any question/comment on the minutes? Minutes taker - DC of the week or the backup Please upload minutes to: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting#Monthly_Meeting_Minutes
- 2
  
  Group activities update, plans and objectives for 2011
  
  IRTF ==== Grid-Sec 001 update 19 EGI IR Site Checklist (Toby) EGI IR flowchar update? Wiki page update: https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting operational procedure development RTIR in operation? Security monitoring =================== Update: Security dashboard and integration Pakit and Nagios development Security drill ============== progress of SSC4 development work preparation for SSC4 NGI run - Spanish NGI, when to start? progress of SSC cross NGIs Other development work? Security training & dissemination ================================= === wikis tidy up: = internal wiki Main page will give pointers to categories. Each category corresponds to a use case: -> category 1: About the team - memberships and member list - presentation of activities and global plan - internal procedures and communication channels -> category 2: Activities updates - IRTF - Monitoring - SSC - Training -> category 3: Open ticket and action status -> category 4: Request corner (e.g. want to create a page and don't know wich category fit , seeking for a specific information that is not published, ...) -> category 5: useful links Question: are team leaders ok with that categorization? If yes, the private wiki will be updated accordingly. = public wiki Next action: collect requests for change === security training of the EGI TF Next action: John Smith and Christoph Witzig are waiting a list of topics for middleware session. Issue: How could we follow the agenda building process and make sure that security training is included with the accurate duration?
- 3
  
  EGI Critical Vulnerability Handling procedure
  
  1) https://documents.egi.eu/secure/ShowDocument?docid=283 At January 2011 OMB meeting, it has been decided that all operational procedure will be put on wiki instead of DocDB: https://wiki.egi.eu/wiki/Operations:OD#Procedures * COD will not suspend a site; * a few (2 or 3) EGI CSIRT representatives will be given the priviledge to suspend a site via GOCDB * Getting suspended sites back into the infrastructure? 2) Critical Vulnerability Handling Procedure (Joint CSIRT/SVG) (Word Doc) Joint SVG and CSIRT process to handle critical vulnerabilities. https://documents.egi.eu/secure/ShowDocument?docid=282 Primary author: Linda Primary reviewer: Leif 3) On CSIRT (only CSIRT can read) Wiki - Handling Critical Vulnerabilities. This includes more details on use of CSIRT RT etc. What to do with 2 and 3? Linda: I would like to effectively merge 2 and 3 - put all this info on the Wiki. Possibly put the info prior to issuing the 7 day warning on the CSIRT public wiki? Or both on the public wiki? Adding to/modifying what is now on the CSIRT private wiki to ensure it fits the approved process, etc. I don't really think procedures need to be private, I don't see why they can't go on the publicly readable CSIRT wiki.
- 4
  
  RTIR update - Carlos
  
  In progress: - Goc-DB Integration complete?? - Progress of developing templates for communication? - Progress of developing interface between ticket-status and ssc-monitor? - Progress of automated user-management monitoring (user ban status)? - Progress of reworking the malware (stability, reporting, functionality) this is not necessarily needed for the NGI-Run but for Concerted run? - Complete date? - Any issue or problem?
- 5
  
  Next face to face meeting 6-7 April 2011 at KIT Germany
  
  KIT, Ursula and Toby are putting up a web page with detail information on travel, location and registration etc. start from 9 or 9:30 on 6th April and will finish no later than 15:30 on 7th April, comments? * Trust building dinner 6th April, at the cost of individual, about 30 Euro per person, feel free to express your interest when register Possible topics - Risk assessment - ToR and procedure development - CSIRT best practices - RTIR hands on training - IRTF - Security Drill - Security Monitoring - Security Training A session to review and discuss 2011-EGI-sa1-roadmap https://documents.egi.eu/public/RetrieveFile?docid=344&version=1&filename=2011-EGI-sa1-roadmap-v1.0.pdf
- 6
  
  AOB
  
  Next monthly meeting: 17th March. 2011 21-25 March, ISGC2011 conference at Taiwan