Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.

Training and Dissemination

Enabling Grids for E-sciencE

www.eu-egee.org

Jinny Chien, ASGC1

Training and Dissemination

Jinny ChienAcademia Sinica Grid ComputingOSCT

EGEE 08 Conference

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination2

Current Status

• Many Security materials • How to find clear information easily

OSCT ISSeG Wiki LCG security IGTF GSVG

• How to train site managers or new comers (ex: good tutorial)• Do we have good materials are covered with grid security

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination3

How should we do

• - Identify what security training/dissemination material is available to the sites on the various EGEE websites and Wikis

- Identify the most important security risks for the EGEE infrastructure

- Review the material as appropriate, identify unnecessary information and possible missing parts

- Propose a strategy for the material dissemination, in order to deliver relevant security information to the sites

• - Put information on OSCT public website

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination4

Conception

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination5

Diagram

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination6

Trust

Site manager

Trust Authentication

Authorization

PKI

Certificate

Account management

VO management

Access right management

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination7

Policies

Site manager

Policy

Security Policy

Risk Assessment Policy

Incident Response Policy

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination8

Network Access Control

Site manager

Network

•Configuration

•Firewall

•TCP Wrapper

•M/W port

•Tool•Nmap, Nessus, •Netstat, iptables

•Maintenance•Disabling and uninstalling unneeded services•Control network bandwidth•Secure e-mail communication•Spam filter tool•Network Traffic

•Attack methods•XSS•SQL Injection

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination9

Monitoring

Site managerMonitoring

•Software Maintenance•Security patch Maintenance•Service status •Backup•CRLs/CAs•SW alteration

•Physical Maintenance•HD failure•Network failure•Electrical failure•Air conditioning failure

•Tool

• Nagios

• SAM

• Pakiti

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination10

Operating System

Site manager

OS

•Password Management

•Good Password

•SSH key

•Patch Management

•Update

•Log Management

•central log server

•Disk Management

•The permission of File / Directory

•Anti-Virus

•IDS( Intrusion Detection System)

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination11

Middleware

Site manager

M / W

•Maintenance•security patch•Host certificate•System backup•Update CRL and CA rpm

•Configuration•Port / Service •Host certificate•User mapping (UID/GID)

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination12

Forensics

Site manager

Forensics

•Execution•Check the system and related log file

Anti-Virus

Toolkits

•Collect problematic Log files•Inform related members refer to the incident response procedure

•Avoid more disaster

•Prevention•How to prevent the same problem to happen again

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination13

Procedure

Site manager

Procedure

•Incident Response Procedure

•How to block users

•How to identify VO users

•Risk assessment Procedure

•Access control Procedure

•Strong password Modification

•How to control user jobs

•System documents

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination14

Audit

Site manager

Audit

•Provide the Checklist - Users - System Admin - Developers - Managers

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination15

EGEE III Training and Dissemination

Site manager

Forensics

Procedure

AuditTrust

M / W

OS

Monitor

Network

Policy

Useful

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination16

Future Plan

• OSCT website (~ Nov)– Provide clear information to users– Find information easily– Use OSCT web pages effectively and friendly

• Available information– What is missing– What should be added – What should be removed

• Training and dissemination– Workshop, tutorial– How to improve the security course

• Contributions: (Thanks)APROC (4 PM), ITALY (4 PM), SWE (4 PM), DECH (3 PM), FRANCE (2 PM)

Jinny Chien, ASGC

Enabling Grids for E-sciencE

Training and Dissemination17

Question ?