from 26 February 2012 to 02 March 2012 (Asia/Taipei)
Academia Sinica
Asia/Taipei timezone
Home > Timetable > Session details > Contribution details
get PDF of this contribution get XML of this contribution get ICal of this contribution
EGI Security Monitoring
Content: As we know, security is as strong as its weakest link. This is particularly true for the vast European Grid Infrastructure – a pan-European e-Infrastructure in collaboration with National Grid Initiatives (NGIs) and several European International Research Organisations (EIROs). It is vital for the infrastructure to be able to detect security weaknesses and potential security vulnerabilities as early as possible. Over the years, the EGI CSIRT (Computer Security Incident Response Team) has been developing security monitoring tools to monitor the infrastructure and to alert resource providers on any identified security problem. These security monitoring tools are serving as an early warning system so that a potential security issue can be detected and addressed before it becomes a more serious problem, such as a security incident. The paper will introduce current security monitoring framework that has been implemented and used by the EGI CSIRT on daily basis. The key component of the framework is a Nagios box and a set of security probes that test known issues. The probes are run as normal computing jobs submitted to the tested site so that they exploit as much as possible the standard interfaces used by common users. We use some general probes and also develop own checks based on current operations issues. We will discuss the framework in more details in the paper. The EGI CSIRT pays special attention to monitoring software patch status of the sites since we have learned that unpatched yet known vulnerabilities are quite often abused by attackers and lead to severe security incidents. In order to detect systems that expose critical vulnerabilities, the Pakiti monitoring tool has been developed and is regularly utilized by the EGI CSIRT. Pakiti was introduced at the last ISGC conference so we will provide an update and describe how the service is integrated with the whole monitoring framework. Due to the large and increasing number of resources joining the EGI e-Infrastructure it becomes more and more challenging for the EGI CSIRT to follow up all identified security issues. To solve the problem and scale up the operation capability, a security dashboard has been developed, which allows resource providers’ security officers and its NGI operation staff to access the monitoring results, and therefore to handle the issues directly. The dashboard aggregates the data produced by different security monitoring components and provides interfaces to its visualization. Access to the collected data is subject to strict access control so that sensitive information is accessed in a controlled manner. The security dashboard was developed as a specific module of the common EGI Operations portal and we believe the handling of security issues will be incorporated with current (non-security) issue handling procedure, which will significantly reduce the overall operation cost. In addition to the description of the monitoring framework and its particular components we will also present some early experience gained with regular utilization of the security dashboard and also results that have improved security of the whole environment recently.
Id: 28
Place: BHSS
Room: Conference Room 1
Starting date:
01-Mar-2012   16:44 (Asia/Taipei)
Duration: 22'
Contribution type: Oral Presentation
Primary Authors: Dr. MA, Mingchao (STFC - Rutherford Appleton Laboratory, UK)
Mr. LORPHELIN, Cyril (IN2P3)
Presenters: Dr. MA, Mingchao
Mr. KOURIL, Daniel
Material: pdf
Included in session: Security & Networking
Included in track: Security & Networking