Training and Dissemination
Enabling Grids for E-sciencE
www.eu-egee.org
Jinny Chien, ASGC1
Training and Dissemination
Jinny ChienAcademia Sinica Grid ComputingOSCT
EGEE 08 Conference
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination2
Current Status
• Many Security materials • How to find clear information easily
OSCT ISSeG Wiki LCG security IGTF GSVG
• How to train site managers or new comers (ex: good tutorial)• Do we have good materials are covered with grid security
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination3
How should we do
• - Identify what security training/dissemination material is available to the sites on the various EGEE websites and Wikis
- Identify the most important security risks for the EGEE infrastructure
- Review the material as appropriate, identify unnecessary information and possible missing parts
- Propose a strategy for the material dissemination, in order to deliver relevant security information to the sites
• - Put information on OSCT public website
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination4
Conception
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination5
Diagram
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination6
Trust
Site manager
Trust Authentication
Authorization
PKI
Certificate
Account management
VO management
Access right management
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination7
Policies
Site manager
Policy
Security Policy
Risk Assessment Policy
Incident Response Policy
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination8
Network Access Control
Site manager
Network
•Configuration
•Firewall
•TCP Wrapper
•M/W port
•Tool•Nmap, Nessus, •Netstat, iptables
•Maintenance•Disabling and uninstalling unneeded services•Control network bandwidth•Secure e-mail communication•Spam filter tool•Network Traffic
•Attack methods•XSS•SQL Injection
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination9
Monitoring
Site managerMonitoring
•Software Maintenance•Security patch Maintenance•Service status •Backup•CRLs/CAs•SW alteration
•Physical Maintenance•HD failure•Network failure•Electrical failure•Air conditioning failure
•Tool
• Nagios
• SAM
• Pakiti
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination10
Operating System
Site manager
OS
•Password Management
•Good Password
•SSH key
•Patch Management
•Update
•Log Management
•central log server
•Disk Management
•The permission of File / Directory
•Anti-Virus
•IDS( Intrusion Detection System)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination11
Middleware
Site manager
M / W
•Maintenance•security patch•Host certificate•System backup•Update CRL and CA rpm
•Configuration•Port / Service •Host certificate•User mapping (UID/GID)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination12
Forensics
Site manager
Forensics
•Execution•Check the system and related log file
Anti-Virus
Toolkits
•Collect problematic Log files•Inform related members refer to the incident response procedure
•Avoid more disaster
•Prevention•How to prevent the same problem to happen again
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination13
Procedure
Site manager
Procedure
•Incident Response Procedure
•How to block users
•How to identify VO users
•Risk assessment Procedure
•Access control Procedure
•Strong password Modification
•How to control user jobs
•System documents
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination14
Audit
Site manager
Audit
•Provide the Checklist - Users - System Admin - Developers - Managers
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination15
EGEE III Training and Dissemination
Site manager
Forensics
Procedure
AuditTrust
M / W
OS
Monitor
Network
Policy
Useful
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination16
Future Plan
• OSCT website (~ Nov)– Provide clear information to users– Find information easily– Use OSCT web pages effectively and friendly
• Available information– What is missing– What should be added – What should be removed
• Training and dissemination– Workshop, tutorial– How to improve the security course
• Contributions: (Thanks)APROC (4 PM), ITALY (4 PM), SWE (4 PM), DECH (3 PM), FRANCE (2 PM)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination17
Question ?