OSCT-2

Friday Jan 26, 2007, 9:00 AM → 5:30 PM Europe/Zurich

513/1-027 (CERN)

Ian Neilson (CERN), Romain Wartel

Operational Security Coordination Team meeting. To dial in to the conference: a. Dial +41227676000 (Main) b. Enter access code 0142490 Or, to be called by the system, you can click here: https://audioconf/call/0142490

Slides Security_in_The_IT-ROC.pdf Security_in_The_IT-ROC.ppt

9:00 AM → 9:30 AM Introduction

Introduction, agenda of the day, and progress made since OSCT-1

9:30 AM → 10:30 AM Round-table: EGEE-wide OSCT activities

Different tasks for OSCT have been identified.
How do the ROCs propose we achieve them?
How can we collaborate and share the load?

While this list is by no mean exhaustive or authoritative,
the proposed tasks so far cover:
- OSCT communications with other groups and the sites
- Incident Response improvement
- Security tools (monitoring, detection, prevention)

During this session, all ROCs are welcome to comment on
proposed tasks and their priority, and according to their
preferences and availability, offer some contribution on one
or more area.

slides Wartel27012007.pdf

10:30 AM → 11:00 AM Coffee break

11:00 AM → 12:00 PM Round-table: Sensitive information reporting and disclosure

OSCT needs to deal with sensitive information, but must also
be able to communicate with all the sites and other external
projects.

Specific issues have recently been reported, for which
feedback and recommendations from the ROCs would be necessary:

• What is the best way to handle the information flow for
  unpatched software or operational vulnerabilities? (GSVG ->
  OSCT -> all sites)

• How can we resolve or mitigate SPAM problems on the
  incident reporting channels, while enabling external
  communities to contact our CSIRTs?

• Do we need a both a CSIRT and a CONTACTS list?

12:00 PM → 1:30 PM Lunch break

1:30 PM → 2:00 PM Security Service Challenges

SSC2 debriefing and future plans.

slides SSC_OSCT_2007-01-26d.pdf SSC_OSCT_2007-01-26d.ppt

2:00 PM → 2:20 PM Regional security: IT ROC

Presentations from the ROC representative as to how security
operations are organised in his region.

2:20 PM → 2:50 PM Regional security: SEE ROC

Presentations from the ROC representative as to how security
operations are organised in his region.

2:50 PM → 3:05 PM ISSeG update

Update on the EGEE related projected, ISSeG
(http://www.isseg.eu) and collaboration with OSCT.

slides ISSeG-OSCT-2.pdf ISSeG-OSCT-2.ppt

3:05 PM → 3:35 PM Coffee break

3:35 PM → 3:50 PM Collaboration with other monitoring groups

Introduction about the monitoring groups currently being
setup, in particular the System Management:

https://uimon.cern.ch/twiki/bin/view/LCG/SystemManagementWGMandate

and discuss about the security part of the mandate.

slides System_Management_Working_Group.pdf System_Management_Working_Group.ppt

3:50 PM → 4:30 PM Round-table: Security Monitoring

There are several monitoring tools/frameworks that could be
used for security purpose, such as (but not limited to) SAM,
Pakiti, or lcg-fw.

• How could be use these tools?
• Do we want to provide/maintain them?
• How could we promote their use among the sites?

4:30 PM → 5:00 PM OSCT Duty Contact

The OSCT-DC role has been implemented since OSCT-1.

• Is there any good/bad feedback from the ROCs about this?
• How can we improve the role?

5:00 PM → 5:15 PM AOB and next meeting