Open Science Group Security Kevin Hill

244 views

Published on

Open Science Group Security Kevin Hill

Published in: Technology, News & Politics
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
244
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Open Science Group Security Kevin Hill

  1. 1. OSG Security Kevin Hill
  2. 2. Goals • Operational Security – Identify software vulnerabilities – observing the practices of our VOs and sites, and sending alerts when we detect abnormalities; – performing fire drills to measure readiness and security awareness • interoperability with other grids • education: security training of our members; teaching best practices, and learning from our users about difficulties of security practices
  3. 3. Security Incidents • Report to local Security Team + OSG GOC. • https://twiki.grid.iu.edu/bin/view/Documenta tion/IncidentDiscoveryReporting • Compromised credentials most common issue. • Certificates revoked, CRL’s can take 6 hours or more to propagate. • Also ban users via GUMS, SAZ, or gridmap files, as appropriate for the site.
  4. 4. Software vulnerability • If security vulnerability discovered, report to OSG GOC, which will contact Security and Software teams. – https://ticket.opensciencegrid.org – Or send email to goc@opensciencegrid.org • Java, tomcat, most common suspects these days.
  5. 5. OSG Certificates • OSG provides certificates signed by Digicert. • Registration Agents (RAs) approve certs for individuals. • Grid Admins (GAs) approve certs for hosts/services. • https://twiki.grid.iu.edu/bin/view/Operations /OSGPKITrustedAgent • https://www.opensciencegrid.org/bin/view/S ecurity/NewOSGPKI
  6. 6. Fire Drills • Selected sites are sent pseudo malicious jobs and asked to treat as a regular security incident. • Upcoming drill will test jobs submitted via Glide-in WMS.
  7. 7. Tools • Security team provides OSG CA cert bundles. • Also looking at other security tools to provide. • PackagedPakiti software vulnerability database for distribution for sites own use. • Open to suggestions for new tools!

×