2. Goals
• Operational Security
– Identify software vulnerabilities
– observing the practices of our VOs and sites, and
sending alerts when we detect abnormalities;
– performing fire drills to measure readiness and
security awareness
• interoperability with other grids
• education: security training of our members;
teaching best practices, and learning from our
users about difficulties of security practices
3. Security Incidents
• Report to local Security Team + OSG GOC.
• https://twiki.grid.iu.edu/bin/view/Documenta
tion/IncidentDiscoveryReporting
• Compromised credentials most common
issue.
• Certificates revoked, CRL’s can take 6 hours or
more to propagate.
• Also ban users via GUMS, SAZ, or gridmap
files, as appropriate for the site.
4. Software vulnerability
• If security vulnerability discovered, report to
OSG GOC, which will contact Security and
Software teams.
– https://ticket.opensciencegrid.org
– Or send email to goc@opensciencegrid.org
• Java, tomcat, most common suspects these
days.
5. OSG Certificates
• OSG provides certificates signed by Digicert.
• Registration Agents (RAs) approve certs for
individuals.
• Grid Admins (GAs) approve certs for
hosts/services.
• https://twiki.grid.iu.edu/bin/view/Operations
/OSGPKITrustedAgent
• https://www.opensciencegrid.org/bin/view/S
ecurity/NewOSGPKI
6. Fire Drills
• Selected sites are sent pseudo malicious jobs
and asked to treat as a regular security
incident.
• Upcoming drill will test jobs submitted via
Glide-in WMS.
7. Tools
• Security team provides OSG CA cert bundles.
• Also looking at other security tools to provide.
• PackagedPakiti software vulnerability
database for distribution for sites own use.
• Open to suggestions for new tools!