Participants: Matthew (EGI Foundation) Yannick Legre (EGI Foundation) Alessandro (EGI Foundation) Bruce (EGI Foundation) David Cohen (NGI_IL) Ionut Vasile (NGI_RO) Sven (EGI-CSIRT) Gianfranco Sciacca (NGI_CH) Vincent Brillault (EGI-CSIRT) Sean (AAROC) Dragos Ciobanu-Zabet (NGI_RO) Vincenzo Spinoso (EGI Foundation) Joao Pina (NGI_IBERGRID) Jan Alastos (NGI_SK) Stephane Gerard (BEgrid) Enol Fernandez (EGI Foundation) Miroslav Ruda (NGI_CZ) Apologies: Jerome Pansanel (NGI_FRANCE) ===================================================== Introduction (by Matthew Viljoen) (slides in agenda) ===================================================== - Feedback from the HTCondor workshop - updates to the DTEAM VO AuP waiting for another week before approving the changes - WLCG UK sites dropping BDII we need to understand the implications and are working with the WLCG Information Security Evolution Task Force to ensure no adverse impact during this change - Customer satisfaction survey for VA - proposing next OMB on 15 Nov =============================== GDPR Update (by Yannick Legre) (slides in agenda) =============================== GDPR defines 3 roles: data controller, data subject, data processor currently preparing the data processing agreement important to provide evidence of secure processing - Stephane: concerning the logs; how to threat these data, who will process and how? Yannick: this should be clearly described by each RC, we will support the RCs in this need to talk with and iform also the VOs - Matthew: in case of breaches, processor and controller have to communicate each other: where the contact people are defined? the contact points need to be decided and stored somewhere (like for example in GOCDB) ============================================================= Trusted configurations for UMD deployments (by Bruce Becker) (slides in agenda) ============================================================= Primary audience of this are the site-managers: useful having their feedback on this Sven: very powerful tools. regarding the security checks: either have a WN for an user created ad hoc for the check, you can look at the several vulnerabilities you can test the configuration, in case of any failures, you can fix the configuration (like the code) doing some pull requests to configuration - Status of the tool: fully tested and ansible role for several products (still working on CREAM and storage elements) the site-admins can start to try the roles for the products already completely they can also contribute uploading their configuration example - Joao: the PTs use different configuration tools -Bruce: creating a dev environment used by all the PTs - Joao: CERN is working with docker for condor configuration. Any collaboration with them? - Bruce: yes - Matthew: what are the sites currently using? - Joao: the site-admins need to be involved, maybe with some tutorials/webinars/dedicate workshops - Bruce: this is under discussion - Sven: being prepared in case of security incidents with these configurations -including sec team in the development pipe ====================================================================================== Security updates and the Communication challenge (by Sven Gabriel) (slides in agenda) ====================================================================================== - no incidents since the last OMB (July) - intel speculation Q3, security advisory sent on 2018-09-04 - some other vulnerabilities in August - Security Service challenge not yet completed, postponed - Security Comm challenge (EGI-wide) some contacts were broken - Sven: to share the results and the actions of this challenge with others ===================== Discussion and AOB ===================== None