Open Science Group Security Kevin Hill
•Descargar como PPTX, PDF•
0 recomendaciones•307 vistas
Open Science Group Security Kevin Hill
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (17)
Similar a Open Science Group Security Kevin Hill
Similar a Open Science Group Security Kevin Hill (20)
Más de Information Security Awareness Group
Más de Information Security Awareness Group (20)
Último
Último (20)
Open Science Group Security Kevin Hill
- 2. Goals • Operational Security – Identify software vulnerabilities – observing the practices of our VOs and sites, and sending alerts when we detect abnormalities; – performing fire drills to measure readiness and security awareness • interoperability with other grids • education: security training of our members; teaching best practices, and learning from our users about difficulties of security practices
- 3. Security Incidents • Report to local Security Team + OSG GOC. • https://twiki.grid.iu.edu/bin/view/Documenta tion/IncidentDiscoveryReporting • Compromised credentials most common issue. • Certificates revoked, CRL’s can take 6 hours or more to propagate. • Also ban users via GUMS, SAZ, or gridmap files, as appropriate for the site.
- 4. Software vulnerability • If security vulnerability discovered, report to OSG GOC, which will contact Security and Software teams. – https://ticket.opensciencegrid.org – Or send email to goc@opensciencegrid.org • Java, tomcat, most common suspects these days.
- 5. OSG Certificates • OSG provides certificates signed by Digicert. • Registration Agents (RAs) approve certs for individuals. • Grid Admins (GAs) approve certs for hosts/services. • https://twiki.grid.iu.edu/bin/view/Operations /OSGPKITrustedAgent • https://www.opensciencegrid.org/bin/view/S ecurity/NewOSGPKI
- 6. Fire Drills • Selected sites are sent pseudo malicious jobs and asked to treat as a regular security incident. • Upcoming drill will test jobs submitted via Glide-in WMS.
- 7. Tools • Security team provides OSG CA cert bundles. • Also looking at other security tools to provide. • PackagedPakiti software vulnerability database for distribution for sites own use. • Open to suggestions for new tools!