Pending Actions (deadline: 19/06/2007)
Below is a list of actions on the ROC Security Contacts from the
OSCT-2 meeting, which are expected to be completed before the
OSCT-3 meeting.
- All ROCs:
- Update the (coming) private OSCT Website with their ROC Security Contact details
- Perform a Security Service Challenge 2 against (all?) sites in their region and give a short debriefing presentation at the next OSCT meeting
- Provide feedback on the upcoming ISSeG threat list and questionnaire, as a preparation to the joint training session at EGEE-07
- CERN:
- [Completed] Investigate possibility of hosting a private website for the OSCT on the CERN central service
- [In progress] Produce a short "Incident Response procedure" for the sites
- [Completed] Check with the CERN mail team if it is possible to:
- Use/check email signature on the incident lists
- Use email encryption on the incident lists
- Ensure that posters to the CSIRT list are member of the CONTACT list or else moderate the post
- Change the Reply-to field of the CSIRT list
- [Completed] (but announcement on hold) Create a new incident discussion list populated with the CSIRTS details (same recipients list, but different "FROM" field)
- [Background activity] Maintain Pakiti (http://pakiti.sf.net
)
- [Completed] Produce packages for lcg-fw and the tool enabling Grid host to know what remote hosts are part of our Grid
- [Completed] Clarify and document OSCT-DC activities on the (coming) OCST private website
- [Completed] Gather and share OSCT Jabber IDs
- [Completed] Schedule one or more (max 1/month) meeting using Instant Messaging
- [Completed] Produce a list of wished features for RTIR to be (possibly) useful for the OSCT
- [In progress] Check with GGUS if appropriate features for incident handling could be implemented
- [In progress] Coordinate the development of security plugins for common monitoring tools (ex: SAM, Nagios)
- Coordinate between CERN, UKI, SEE ROCs to prepare a joint training session with ISSeG
- [Completed] Check with release/deployment team if it is possible to add the content of the RSS feed on the gLite installation pages
for EGEE admins
- Put involvement of VOs in IR process at least on agenda for next meeting
- RUSSIA:
- [Background activity] Manage and maintain the content of the OSCT Websites (public and private)
- Asia Pacific (could not attend the meeting): NONE
- FRANCE: NONE
- UKI:
- Investigate security plugins for Nagios, Lemon, Ganglia
- [Completed] Host a repository of security plugins for common monitoring tools
- [Background activity] Provide (and update) security best-practice documentation for the RSS feed
- Coordinate between CERN, UKI, SEE ROCs to prepare a joint training session with ISSeG
- DECH:
- Investigate security plugins for Nagios
- ITALY: NONE
- CE:
- Produce one or more SAM security tests
- Document the process that can be followed by other developers to produce more SAM security tests.
- NE:
- [In progress] Test and provide feedback on RTIR
- Test and provide feedback on the firewall management tool(s) (status: currently awaiting for CERN)
- SEE:
- Produce (and update) security best-practice documentation for the RSS feed
- Contribute to the "Incident Response procedure" for the sites (in collaboration with CERN ROC)
- [Background activity]Follow-up monthly with sites providing no or incorrect CSIRTs details
- Coordinate between CERN, UKI, SEE ROCs to prepare a joint training session with ISSeG
- SWE:
- [In progress] Investigate (and possibly implement) new features in RTIR
- [In progress] Provide RTIR training for OSCT according to ROC Security Contacts' availability and interest
- [Completed] Investigate the possibility providing OSCT with Jabber IDs
- [Completed] Investigate the possibility of hosting a (secure?) Jabber conference room for OSCT
-- Romain Wartel - 26 Feb 2007