• Operational Security
– Identify software vulnerabilities
– observing the practices of our VOs and sites, and
sending alerts when we detect abnormalities;
– performing fire drills to measure readiness and
• interoperability with other grids
• education: security training of our members;
teaching best practices, and learning from our
users about difficulties of security practices
• Report to local Security Team + OSG GOC.
• Compromised credentials most common
• Certificates revoked, CRL’s can take 6 hours or
more to propagate.
• Also ban users via GUMS, SAZ, or gridmap
files, as appropriate for the site.
• If security vulnerability discovered, report to
OSG GOC, which will contact Security and
– Or send email to firstname.lastname@example.org
• Java, tomcat, most common suspects these
• OSG provides certificates signed by Digicert.
• Registration Agents (RAs) approve certs for
• Grid Admins (GAs) approve certs for
• Selected sites are sent pseudo malicious jobs
and asked to treat as a regular security
• Upcoming drill will test jobs submitted via
• Security team provides OSG CA cert bundles.
• Also looking at other security tools to provide.
• PackagedPakiti software vulnerability
database for distribution for sites own use.
• Open to suggestions for new tools!