Grid Operational Security: from EGEE to EGI Mingchao Ma STFC – RAL, UK ISGC 2010, Taipei, Taiwan
Overview • Current EGEE operational security • Transition - a regional view – ROC in EGEE – NGI in EGI • Challenges in EGI and forward looking
OSCT • A geographically dispersed security team • 11 Regional Operation Centre security officers and backups • Meet up twice per year • Telephone call once a week
OSCT Structure Operational Security Coordination Team (OSCT) OSCT – Duty Day to day coordination Contact Regional Regional Regional Operation Operation … … Operation Centre (ROC) Centre (ROC) Centre (ROC) Site Site … … Site Site Site … … Site … … … … … … … …
Current Activities • Computer security incident handling – Procedure – Communication channels – Collaboration with other CSIRT teams • Security monitoring (development) – SAM/Nagios based monitoring – Pakiti: patch management • Training and dissemination • Security drill – Security Service Challenge (SSC)
The EGI Computer Security and Incident Response Team (EGI CSIRT)
EGI EUGridPMA Security EGI CSIRT (IGTF) Policy Group Software Software Vulnerability Security Group Group EGI-InSPIRE: TSA 1.2
Transition – a NGI view • To appoint a NGI security officer – current ROC security officer, or – A “New” NGI security officer; • Funded by NGI instead of EGI; • Act as Point of Security Contact for the NGI • Coordinate all aspects of security activities within NGI; • Contribute to EGI CSIRT
UKI ROC – an Example
UKI ROC in EGEE • UK & Ireland Regional Operation Centre(UKI ROC) • UK Grid: GridPP • Ireland Grid: GridIreland • A single point of security contact
UK and Ireland NGI • UK NGI – + – UKI ROC security officer => UK NGI security officer • Ireland NGI – Need to appoint a NGI security officer – Participate EGI CSIRT security activities
Challenges • 11 FTE in EGEE => 1 FTE in EGI – Match-up effort from NGIs • A much bigger team – From 15ish to 40 or 50 • Various skill set – New to Grid security • More heterogeneous infrastructure – Multiple middleware stacks • Short transition period • Many uncertainties
Risk • Software Vulnerability Group – funding is unclear; GSVG handled vulnerability in EGEE • Security monitoring tools development • Contribution from NGIs is subject to negotiation and remains unclear • Lost of expertise
Short Term Plan • No interruption to operational security – “business as usual” • Actively engage NGI security officers – Face to face meetings – Regular online-/Tele-conferences; – Mailing list; – Training if needed • Maintain current activities – More members, but much less EGI funded effort – Delegate tasks and responsibilities to NGI security officers • Clarify responsibilities
The Aim • To build and maintain an efficient and effective security team • To define and develop a sustainable operation model suitable for the need • To address various operational security issues transparently • To maintain the availability of EGI services
To maintain a secure infrastructure!
http://www.eu-egi.eu contact@eu-egi.eu EGI Geneva Workshop www.eu-egi.eu 19
Recommend
More recommend
