= Attending = Linda Cornwall Nuno Dias Serge Droz Ursula Epting Dorine Fouossong Sven Gabriel Michael Hausding Daniel KouĊ™il Stuart Kenny Mingchao Ma Giuseppe Misurelli David O'Callaghan Adam Smutnicki Christos Triantafyllidis Minutes by David O'Callaghan, Ireland. = Project update = Mingchao gave some news and updates from the project. First external review of MS405 Operational Security Procedures, comprising the Software Vulnerability Handling Procedure and Incident Handling Procedure, has been received this morning (URL below). Mingchao reported that Wilhelm has done some work on the public and private wiki. There are some areas that need a tidy up. All members are encouraged to take a look and make suggestions. = Group activities update and forward planning = -- IRTF As mentioned, the incident handling procedure went for external review. https://documents.egi.eu/public/ShowDocument?docid=47 Review feedback: https://documents.egi.eu/document/67 Feedback was received this morning and it consists mostly of minor issues. Dorine is editor of the milestone. No further comments were made in the meeting. The weekly meeting is now held on EVO and seems to be OK. Anyone with problems or comments should let Mingchao know. The topic of imrpoving procedures was raised. ** The minute-taker lost audio for a minute at this point ** --Security monitoring Daniel explained that the plan is to keep tasks straightforward: easy and feasible to achieve. No major research will be undertaken. As we work in a very distributed environment, it can be difficult to find information that is distributed in the infrastructure and the monitoring tools should help. The security monitoring tasks are not focussed just on EGI CSIRT. The results should be usable for other security tasks in EGI. Regarding tracing of users Sven asked if there are plans to query submission systems of experiments e.g. ATLAS jobs submission, etc., which store non-anonymised user data. This may be easier than querying tools such as APEL and easier than convincing sites to provide personal data. Mingchao noted that projects may already have useful tools available. Daniel would like to produce a list of sources of tracing/monitoring information, preferably by the next monthly meeting. --Security drill Sven stated that SSC4 is complete and that the report will be sent within two weeks. There was some discussion of how SSC4 could be appied to NGIs. It may be possible to have the software toolkit ready for the EGI TF, although it may still require some polishing at that time. Apart from the question of making the toolkit available, Christos and others raised the issue of the effort required by NGIs to run or coordinate challenges. Christos noted that there should be representatives from all NGIs at this monthly meeting. These missing NGIs are a worry. If NGIs don't have effort for security the infrastructure may be at risk. (Note: there are only 34 members on https://www.egi.eu/sso/groupView/EGI-CSIRT-Team and, for example, 3 of those are from Ireland, so it looks like some NGI sec officers are not part of the EGI-CSIRT-Team list and may not be aware of these meetings.) Ursula noted that to run security challenges within NGIs it is necessary to make the tasks for sites basic, as some sites have little experience in this area. Sven will update the Security Drill wiki with SSC4 information. --Security training & dissemination Wilhelm was not availble to comment on the wiki. All team members should spend some time looking at wiki for potential improvements. Please vote on CSIRT logo: https://wiki.egi.eu/csirt/index.php/Logo = Incident update = Mingchao gave an update on Security Alert EGI-20100707-01. This is not considered an EGI Security Incident as no EGI hosts have been implicated. Romain will send out an update by the end of today. If an NGI wishes to contact their NREN CSIRT then please anonymize grid sites (e.g. CERN) Serge will contact NSP-SEC and Terena TF-CSIRT, which will reach many commercial ISPs and European NRENs respectively. = EGI technical forum conference planning = Nobody on the call stated they would not be going to the EGI TF meeting. Mingchao listed some of the security-related sessions and advised us to look at the agenda online for session details. Mingchao asked that the Friday afternoon security session should be taken into account when planning travel to the meeting. Giuseppe noted that it is the new NGIs (e.g. who were not on the call) who should be there. Mingchao may contact Steven again about getting a slot before Friday evening. = AOB = The next monthly meeting will be on 19th August (Thursday). There will probably be no on-line meeting in September. Mingchao mentioned the EGI RT ticket tracker and proposed we use it for actions arising from meetings. https://rt.egi.eu/rt/ The current list of actions can be found at: https://wiki.egi.eu/csirt/index.php/Pending_actions (please login with your SSO account). RT will not be used for security incidents, but we may have our own RT for this later. Linda provided some information by email about the planned use of RT for Software Vulnerability tracking. Sven suggested that we go through all pending CSIRT actions in the weekly CSIRT meeting. Christos gave a brief update on Nagios security monitoring. A wiki page has been create for NGI installation. There are problems starting it to monitor all sites from GOCDB (?)