Pending Actions (deadline: 19/06/2007)

Below is a list of actions on the ROC Security Contacts from the OSCT-2 meeting, which are expected to be completed before the OSCT-3 meeting.

• All ROCs:
  • Update the (coming) private OSCT Website with their ROC Security Contact details
  • Perform a Security Service Challenge 2 against (all?) sites in their region and give a short debriefing presentation at the next OSCT meeting
  • Provide feedback on the upcoming ISSeG threat list and questionnaire, as a preparation to the joint training session at EGEE-07
• CERN:
  • [Completed] Investigate possibility of hosting a private website for the OSCT on the CERN central service
  • [In progress] Produce a short "Incident Response procedure" for the sites
  • [Completed] Check with the CERN mail team if it is possible to:
    • Use/check email signature on the incident lists
    • Use email encryption on the incident lists
    • Ensure that posters to the CSIRT list are member of the CONTACT list or else moderate the post
    • Change the Reply-to field of the CSIRT list
  • [Completed] (but announcement on hold) Create a new incident discussion list populated with the CSIRTS details (same recipients list, but different "FROM" field)
  • [Background activity] Maintain Pakiti (http://pakiti.sf.net)
  • [Completed] Produce packages for lcg-fw and the tool enabling Grid host to know what remote hosts are part of our Grid
  • [Completed] Clarify and document OSCT-DC activities on the (coming) OCST private website
  • [Completed] Gather and share OSCT Jabber IDs
  • [Completed] Schedule one or more (max 1/month) meeting using Instant Messaging
  • [Completed] Produce a list of wished features for RTIR to be (possibly) useful for the OSCT
  • [In progress] Check with GGUS if appropriate features for incident handling could be implemented
  • [In progress] Coordinate the development of security plugins for common monitoring tools (ex: SAM, Nagios)
  • Coordinate between CERN, UKI, SEE ROCs to prepare a joint training session with ISSeG
  • [Completed] Check with release/deployment team if it is possible to add the content of the RSS feed on the gLite installation pages for EGEE admins
  • Put involvement of VOs in IR process at least on agenda for next meeting
• RUSSIA:
  • [Background activity] Manage and maintain the content of the OSCT Websites (public and private)
• Asia Pacific (could not attend the meeting): NONE
• FRANCE: NONE
• UKI:
  • Investigate security plugins for Nagios, Lemon, Ganglia
  • [Completed] Host a repository of security plugins for common monitoring tools
  • [Background activity] Provide (and update) security best-practice documentation for the RSS feed
  • Coordinate between CERN, UKI, SEE ROCs to prepare a joint training session with ISSeG
• DECH:
  • Investigate security plugins for Nagios
• ITALY: NONE
• CE:
  • Produce one or more SAM security tests
  • Document the process that can be followed by other developers to produce more SAM security tests.
• NE:
  • [In progress] Test and provide feedback on RTIR
  • Test and provide feedback on the firewall management tool(s) (status: currently awaiting for CERN)
• SEE:
  • Produce (and update) security best-practice documentation for the RSS feed
  • Contribute to the "Incident Response procedure" for the sites (in collaboration with CERN ROC)
  • [Background activity]Follow-up monthly with sites providing no or incorrect CSIRTs details
  • Coordinate between CERN, UKI, SEE ROCs to prepare a joint training session with ISSeG
• SWE:
  • [In progress] Investigate (and possibly implement) new features in RTIR
  • [In progress] Provide RTIR training for OSCT according to ROC Security Contacts' availability and interest
  • [Completed] Investigate the possibility providing OSCT with Jabber IDs
  • [Completed] Investigate the possibility of hosting a (secure?) Jabber conference room for OSCT

-- Romain Wartel - 26 Feb 2007