RELIGIOUS ISSUES April McCarty Ann Hardin Jinny Maust Mike Renyolds.
Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and...
-
Upload
darlene-owen -
Category
Documents
-
view
213 -
download
0
Transcript of Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and...
![Page 1: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/1.jpg)
Training and Dissemination
Enabling Grids for E-sciencE
www.eu-egee.org
Jinny Chien, ASGC1
Training and Dissemination
Jinny ChienAcademia Sinica Grid ComputingOSCT
EGEE 08 Conference
![Page 2: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/2.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination2
Current Status
• Many Security materials • How to find clear information easily
OSCT ISSeG Wiki LCG security IGTF GSVG
• How to train site managers or new comers (ex: good tutorial)• Do we have good materials are covered with grid security
![Page 3: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/3.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination3
How should we do
• - Identify what security training/dissemination material is available to the sites on the various EGEE websites and Wikis
- Identify the most important security risks for the EGEE infrastructure
- Review the material as appropriate, identify unnecessary information and possible missing parts
- Propose a strategy for the material dissemination, in order to deliver relevant security information to the sites
• - Put information on OSCT public website
![Page 4: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/4.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination4
Conception
![Page 5: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/5.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination5
Diagram
![Page 6: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/6.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination6
Trust
Site manager
Trust Authentication
Authorization
PKI
Certificate
Account management
VO management
Access right management
![Page 7: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/7.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination7
Policies
Site manager
Policy
Security Policy
Risk Assessment Policy
Incident Response Policy
![Page 8: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/8.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination8
Network Access Control
Site manager
Network
•Configuration
•Firewall
•TCP Wrapper
•M/W port
•Tool•Nmap, Nessus, •Netstat, iptables
•Maintenance•Disabling and uninstalling unneeded services•Control network bandwidth•Secure e-mail communication•Spam filter tool•Network Traffic
•Attack methods•XSS•SQL Injection
![Page 9: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/9.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination9
Monitoring
Site managerMonitoring
•Software Maintenance•Security patch Maintenance•Service status •Backup•CRLs/CAs•SW alteration
•Physical Maintenance•HD failure•Network failure•Electrical failure•Air conditioning failure
•Tool
• Nagios
• SAM
• Pakiti
![Page 10: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/10.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination10
Operating System
Site manager
OS
•Password Management
•Good Password
•SSH key
•Patch Management
•Update
•Log Management
•central log server
•Disk Management
•The permission of File / Directory
•Anti-Virus
•IDS( Intrusion Detection System)
![Page 11: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/11.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination11
Middleware
Site manager
M / W
•Maintenance•security patch•Host certificate•System backup•Update CRL and CA rpm
•Configuration•Port / Service •Host certificate•User mapping (UID/GID)
![Page 12: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/12.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination12
Forensics
Site manager
Forensics
•Execution•Check the system and related log file
Anti-Virus
Toolkits
•Collect problematic Log files•Inform related members refer to the incident response procedure
•Avoid more disaster
•Prevention•How to prevent the same problem to happen again
![Page 13: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/13.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination13
Procedure
Site manager
Procedure
•Incident Response Procedure
•How to block users
•How to identify VO users
•Risk assessment Procedure
•Access control Procedure
•Strong password Modification
•How to control user jobs
•System documents
![Page 14: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/14.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination14
Audit
Site manager
Audit
•Provide the Checklist - Users - System Admin - Developers - Managers
![Page 15: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/15.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination15
EGEE III Training and Dissemination
Site manager
Forensics
Procedure
AuditTrust
M / W
OS
Monitor
Network
Policy
Useful
![Page 16: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/16.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination16
Future Plan
• OSCT website (~ Nov)– Provide clear information to users– Find information easily– Use OSCT web pages effectively and friendly
• Available information– What is missing– What should be added – What should be removed
• Training and dissemination– Workshop, tutorial– How to improve the security course
• Contributions: (Thanks)APROC (4 PM), ITALY (4 PM), SWE (4 PM), DECH (3 PM), FRANCE (2 PM)
![Page 17: Training and Dissemination Enabling Grids for E-sciencE Jinny Chien, ASGC 1 Training and Dissemination Jinny Chien Academia Sinica Grid.](https://reader035.fdocuments.us/reader035/viewer/2022081603/56649f115503460f94c2427f/html5/thumbnails/17.jpg)
Jinny Chien, ASGC
Enabling Grids for E-sciencE
Training and Dissemination17
Question ?