TWiki> LCG Web>LCGSecurityChallenge>SSC3 (revision 6)EditAttachPDF

Security Service Challenge level 3 (SSC_3)

[Not only is this page is in preparation, but, following the pilot run of the challenge, we may be well advised to redefine the format of SSC_3.]

This WIKI contains instructions, recommendations and suggestions that are relevant for the LCG/EGEE Security Service Challenge level 3 (SSC_3).

The objective

SSC_3 challenges the Operational Responsiveness of the LCG/EGEE Grid Sites.

The goal of the LCG/EGEE Security Service Challenge (SSC), is to investigate whether sufficient information is available to be able conduct an audit trace as part of an incident response, and to ensure that appropriate communications channels are available.

Material for the Test OPerator (TOP)

We have provided a tool kit containing software and detailed instructions for executing the SSC_3. When the SSC_3 enters the second Stage (see below), then the material will be available for download here. A ReadMe

The initial ticket contains the following elements:

  • The VO is noted as dteam

  • The short description is: Security Service Challenge (SSC_3) for <ROC-name>/<Site-name>

  • The description is: This is a test of the type "Security Service Challenge". This ticket shall be assigned to "Security Management". The ROC Security Contact is responsible for coordinating a solution to the problem. The particulars of the SSC are supplied in the attachment of this ticket.

  • The priority is: less urgent

  • It is DTEAM specific problem

  • The particulars about what has been seen, as well as the specific questions are in the attachment of the initial alert. A skeleton of the attachment used at Stage_1 is shown below:
  
    
A persistent Grid Job has been submitted to one of your Sites as part of a Security Service Challenge (SSC). The particulars of the Job are listed below: The Grid credentials used for the submission were: /DC=ch/DC=cern/OU=Organic Units/OU=Users/CN=psa/CN=123456/CN=John Bull Date: 2007-09-13 Approximate time of submission, between: 07:30 -and- 07:50 (UTC) --------------------------------------------------------- Please stop the Job and suspend the Grid access authorization of the incriminated user. Also, please use the ticketing system to respond by providing the following: 1). The IP-address of the User Interface (UI) which was used for the submission of the Job; 2). A list of the actions that you made; 3). A brief summary of your investigations, complete with an analysis of the programs submitted with the Job. Having filed the above, you will be alerted through the ticketing system when the access authorization of the user should be restored. ---------------------------------------------------------

Follow-up

  • If TOP has not received a relevant acknowledgment before the end of the following working day, then the GGUS ticket will be resubmitted.

  • If TOP has not received a relevant acknowledgment within a further 24 hour delay, then the Site will be contacted by means of the telephone number registered in the GOCDB.

  • If no response has been received within 72 hours from the submission of the initial alert, then the challenge for that Site will be marked as incomplete.

Debriefing Reports

After completion of each Stage of the SSC_3, the participating ROCs are asked to provide feedback from the exercise. Comments may go further than the execution of SSC_3 proper and also provide suggestions for other, future challenges. Based on the input, the final SSC_3 debriefing report will be compiled, circulated among its contributors and eventually published here.

Links to related information

___________

Updates:

2007-11-08 (psa) revision of text

2007-08-20 (psa) revision of text

2007-08-17 (psa) initial writing

Edit | Attach | Watch | Print version | History: r10 | r8 < r7 < r6 < r5 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r6 - 2007-11-08 - unknown
 
    • Cern Search Icon Cern Search
    • TWiki Search Icon TWiki Search
    • Google Search Icon Google Search

    LCG All webs login

This site is powered by the TWiki collaboration platform Powered by PerlCopyright & 2008-2021 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
or Ideas, requests, problems regarding TWiki? use Discourse or Send feedback