EGI CSIRT team monthly meeting

Europe/Amsterdam
EVO - EGI CSIRT meeting

EVO - EGI CSIRT meeting

Mingchao Ma (STFC - RAL)
Description
A monthly team meeting to discuss team activities and issues It will be on EVO (http://evo.caltech.edu/evoGate/). Meeting can be found in EGI community, please search EVO meeting with keyword "EGI CSIRT" Access information can be found at: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting EVO Phone Bridge Telephone Numbers: --------------- - USA (Caltech, Pasadena, CA) +1 626 395 2112 - Switzerland (CERN, Geneva) +41 22 76 71400 - Slovakia (UPJS, Kosice) +421 55 234 2420 - Italy (INFN, several cities) http://server10.infn.it/video/index.php?page=telephone_numbers Enter '4000' to access the EVO bridge - Germany (DESY, Hamburg) +49 40 8998 1340 - USA (BNL, Upton, NY) +1 631 344 6100 - United Kingdom (University of Manchester) +44 161 306 6802 - Australia (ARCS) +61 Adelaide 08 8463 1011 Brisbane 07 3139 0705 Canberra 02 6112 8742 Hobart 03 623 70281 Melbourne 03 8685 8362 Perth 08 6461 6718 Sydney 02 8212 4591 - Netherlands (Nikhef, Amsterdam) +31 20 7165293 Dial '2' at the prompt - Canada (TRIUMF, Vancouver) +1 604 222 7700 - Czech Republic (CESNET, Prague) +420 95 007 2386 - USA (MIT, Cambridge, MA) +1 617 715 4691 - France (RAP, Paris) +33 144 27 81 50
    • 14:00 14:05
      Agree on agenda and review minutes 5m
      - Any question/comment on last meeting's minutes? https://wiki.egi.eu/csirt/index.php/Monthly_Meeting_Minutes_21-7-2011 - Minutes taker - DC of the week or the backup -Agree on agenda iteam Minutes template was updated to include action items https://wiki.egi.eu/csirt/index.php/Minutes_Template Please upload minutes and action list to: https://wiki.egi.eu/csirt/index.php/EGI_CSIRT_monthly_meeting#Monthly_Meeting_Minutes
    • 14:05 14:10
      EGI TF & f2f meeting 5m
      Registration (early birth due on 5th Aug.) http://go.egi.eu/tf11-registration EGI CSIRT face to face meeting 3 hours on Monday 19th Sep 2011 Draft agenda: https://www.egi.eu/indico/sessionDisplay.py?sessionId=45&confId=452#20110919 EGI CSIRT trust building dinner at EGI TF, Lyon, provisional date: Monday evening 19th Sep. 2011, Location: TBD Estimated cost: 30-40 Euro (food and wine) per person Contact Dorine to express your interest :-) Other security-related sessions -SVG -SPG -EMI security direction
    • 14:10 14:20
      Milestone MS412 and Operational Security Procedures 10m
      External review complete https://documents.egi.eu/secure/ShowDocument?docid=649 Operational Security Procedures EGI Security Incident Handling Procedure: https://documents.egi.eu/document/710 EGI Software Vulnerability Issue Handling Procedure: https://documents.egi.eu/document/717 EGI-CSIRT Critical Vulnerability Operational Procedure: https://documents.egi.eu/document/283 Summary on Wiki: https://wiki.egi.eu/wiki/Operational_Procedures#Security Decision as agreed with Tiziana: . DocDB will host the procedures (no need to keep a wiki version) . All security procedures will have a version associated: x.y . Minor updates (x.y+1) will be reviewed and approved internally by the relevant security teams without involving the OMB (the OMB will be informed though about a new minor release when published). . Major updates (x+1.0) will have to be approved by the OMB as well. . Security procedures will have a code number of this kind: SECxy (for example SEC01). Codes in the range [SEC01 - SEC03] have already been allocated to the three existing procedures What plan for new procedures development ?
    • 14:20 14:30
      Collaberation with Peer Grids and NREN on incident response etc. 10m
      - WLCG - OSG - DEISA/PRACE - Compute Canada - Other Grid infrastructure - NREN CSIRT teams
    • 14:30 14:50
      RT, RTIR, GGUS and Security dashboard 20m
      Issues for discussion - Usage of RTIR IR and vulnerability handling only - Membership of RTIR two opinions: IRTF member only or EGI CSIRT member By IRTF member, it means security officers and their backup at https://wiki.egi.eu/csirt/index.php/Members_of_IRTF Anyone else can be added as AdminCC to a RTIR ticket at a need to know basis if option 1 was chosen - RTIR setup email forward enabled, any missing feature? - What to do with RT Use to handle EGI CSIRT internal operational issues (e.g. tracking open action) - GGUS and security dashboard Security dashboard interface to GGUS to handle security issues other than incident and critical vulnerability Need to check if GGUS has sufficient access control in place
    • 14:50 15:40
      Update from group coordinator 50m
      IRTF ==== - the ongoing security incident https://rt.egi.eu/rt/RTIR/Search/Results.html?Queue=Incidents - security incident handling procedure update https://documents.egi.eu/secure/ShowDocument?docid=693 Security monitoring =================== - Security Dashboard discussion https://operations-portal.egi.eu/test/frontend_test.php/csiDashboard/csiDashboard -Site-wide Pakiti monitoring https://wiki.egi.eu/csirt/index.php/Monitoring#Site-wide_Pakiti_monitoring - Any new development of Pakit and Nagios? Security drill ============== - Current status of SSC5 - Development of SSC5 framework and plan of SSC4 NGI run Security training & dissemination ================================= Security training at technical forum https://www.egi.eu/indico/conferenceTimeTable.py?confId=452#20110923
    • 15:40 15:55
      Action review 15m
      https://wiki.egi.eu/csirt/index.php/Pending_actions
    • 15:55 16:00
      AOB 5m
      Monthly meeting shcedule: normally the second last Thursday of each month the proposed meetings as following: 19th September <== face to face at EGI TF in Lyon 20th October