EGI CSIRT team monthly meeting

Europe/Amsterdam
EVO - EGI CSIRT meeting

EVO - EGI CSIRT meeting

Mingchao Ma (STFC - RAL)
Description
A monthly team meeting to discuss team activities and issues It will be on EVO (http://evo.caltech.edu/evoGate/). Meeting can be found in EGI community, please search EVO meeting with keyword "EGI CSIRT" Access information can be found at: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting EVO Phone Bridge Telephone Numbers: --------------- - USA (Caltech, Pasadena, CA) +1 626 395 2112 - Switzerland (CERN, Geneva) +41 22 76 71400 - Slovakia (UPJS, Kosice) +421 55 234 2420 - Italy (INFN, several cities) http://server10.infn.it/video/index.php?page=telephone_numbers Enter '4000' to access the EVO bridge - Germany (DESY, Hamburg) +49 40 8998 1340 - USA (BNL, Upton, NY) +1 631 344 6100 - United Kingdom (University of Manchester) +44 161 306 6802 - Australia (ARCS) +61 Adelaide 08 8463 1011 Brisbane 07 3139 0705 Canberra 02 6112 8742 Hobart 03 623 70281 Melbourne 03 8685 8362 Perth 08 6461 6718 Sydney 02 8212 4591 - Netherlands (Nikhef, Amsterdam) +31 20 7165293 Dial '2' at the prompt - Canada (TRIUMF, Vancouver) +1 604 222 7700 - Czech Republic (CESNET, Prague) +420 95 007 2386 - USA (MIT, Cambridge, MA) +1 617 715 4691 - France (RAP, Paris) +33 144 27 81 50
    • 14:00 14:05
      Agree on agenda and review minutes 5m
      - Any question/comment on last meeting's minutes? https://wiki.egi.eu/csirt/index.php/Monthly_Meeting_Minutes_23-6-2011 - Minutes taker - DC of the week or the backup -Agree on agenda iteam Minutes template was updated to include action items https://wiki.egi.eu/csirt/index.php/Minutes_Template Please upload minutes and action list to: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting#Monthly_Meeting_Minutes
    • 14:05 14:10
      EGI TF & f2f meeting 5m
      Registration (early birth due on 5th Aug.) http://go.egi.eu/tf11-registration timetable https://www.egi.eu/indico/conferenceTimeTable.py?confId=452#all EGI CSIRT face to face meeting 3 hours on Monday 19th Sep 2011 https://www.egi.eu/indico/sessionDisplay.py?sessionId=45&confId=452#all update from group coorindate, 30 minutes each - Incident Response Task Force - Security Monitoring Group - Security Drill Grop - Security Training and Dissemination Group Some discussion - Security Dashboard - SSC framework/plan of ssc4 NGI run
    • 14:10 14:15
      Milestone MS412 - Operational Security Procedures 5m
      MS412 is due 31st July 2011 SA1 internal review started, comment is still accepted https://documents.egi.eu/secure/ShowDocument?docid=649 https://wiki.egi.eu/wiki/SA1_Milestones Review timetable https://wiki.egi.eu/wiki/Milestone_review_timetable Review process https://wiki.egi.eu/wiki/Review_process
    • 14:15 14:30
      RTIR update 15m
      - Status of RTIR - Deployment plan - Document of RTIR (how to, guildline etc) - Any outstanding issue
    • 14:30 15:30
      Update from group coordinator 1h
      IRTF ==== - the ongoing security incident - security incident handling procedure update Security monitoring =================== - Security Dashboard discussion https://operations-portal.egi.eu/test/frontend_test.php/csiDashboard/csiDashboard - Any new development of Pakit and Nagios? Pakiti 3.0? - proposal of deploying security monitoring client at sites Security drill ============== - Current status of SSC5 - Development of SSC5 framework and plan of SSC4 NGI run Security training & dissemination ================================= Security training at technical forum -- middleware SESSION MW-1 - glexec: deployment issue, recommandation for configuration. (Oscar) - Communication between argus and glexec: architecture. - setting up argus server (Can this be Valery/Andrea? Repeat?) SESSION MW-2 - advanced security tutorial for cream ce: secure configuration, user banning. (Someone from CREAM for this? Or Argus?) - EMI security architecture. ( No talk, discussions ). SESSION OPS-1 – Incident workflow and forensic tools. [ Speaker: Leif ] – Linux rootkit and TTY hijacking [Speaker: Antonio ] - Vulnerability handling (what to do if you find a vulnerability and How are they handled) [Linda] SESSION OPS-2 – Advanced pakiti tutorial: what configuration if you want to monitor all hosts of the site? Dealing with scalability issues. [ Speaker: Daniel? Michal? Christos? ] – SSC5 case study - Malware analysis [Speaker: Oscar] – Using the security challenge framework. [ Speaker: Aram]
    • 15:30 15:45
      Action review 15m
      https://wiki.egi.eu/csirt/index.php/Pending_actions
    • 15:45 15:50
      AOB 5m
      Monthly meeting shcedule: normally the second last Thursday of each month the proposed meetings as following: 18th August 19th September <== face to face at EGI TF in Lyon 20th October