Difference between revisions of "Security Duty"

From GridPP Wiki
Jump to: navigation, search
(Handover report)
(Security Duty tasks)
Line 18: Line 18:
  
 
* Take care to take note of anything that is going on in CSIRT, especially incidents that may affect UKNGI
 
* Take care to take note of anything that is going on in CSIRT, especially incidents that may affect UKNGI
 
* Forward all communications which have been sent to site-security-contacts to NGS-csirts. This may include:
 
** Information on incidents
 
** Advisories from CSIRT
 
** Advisories from SVG
 
** If you are adding further information also forward to gridpp-csirts (gridpp-csirts should get all info sent to site-security-contacts)
 
  
 
== Dashboard checking ==
 
== Dashboard checking ==

Revision as of 12:48, 17 June 2014

Purpose

This lists what the UK NGI Security team should do and what the person on UK security duty should do.

UKNGI Security duty rota is at SD rota

Note that this is different from the EGI CSIRT rota duty, for which UK participation is suspended at present, until a UK person is available and up to speed.

EGI meetings

NGI security team members are not currently expected to attend EGI security meetings as part of their team duties.

Security Duty tasks

  • Respond to any e-mails to UKNGI-Security list which require a response. If a UK site needs help which you do not have the knowledge to give ask the other UKNGI-Security members or CSIRT. Be particularly prepared to ask if sites need help dealing with incidents, Critical vulnerabilities, interpreting information from CSIRT sent to site security contacts.
  • Respond if a security incident is reported in the UKNGI. If this happens you will probably have a busy week!
  • Take care to take note of anything that is going on in CSIRT, especially incidents that may affect UKNGI

Dashboard checking

When on duty check the security dashboard

At present (from May 2014), the above link is out of service, though expected to be replaced. Other sources of monitoring information to check include:

Any Critical Vulnerabilities from Pakiti are handled by EGI CSIRT duty person, not the UK duty.

For UK NGI Vulnerabilities which are 'High' inform sites if they remain for a day. (These should show in Pakiti)

Similarly for Nagios. Note that Nagios errors reporting 'Critical' e.g. CRL, file permission etc are handled by us. These are not what are meant by critical vulnerabilities.

Find the CSIRT contact for the site in the GOCDB, send e-mail to them, CC UKNGI-security

Security Duty Templates may help you draft appropriate mails.

This Security checking may be carried out by the ops team at a later date. (For now its by us.)

Security Dashboard Notes may be used to help is track what we are doing.

Handover report

On Friday, just before you go home, please provide a brief report on what has happened during your duty week to ukngi-security at cern.ch. Provide this report anyway, even if 'nothing to report'.

More notes

Most information and e-mail forwarding to CSIRT addresses should be sent well within office hours, many of the csirt lists set off alarms to on-call site security people.

Examples of what may be sent at any time:

  • Information on incidents which the site may be involved in
  • Advisories on Critical vulnerabilities
  • Anything that can't wait until next working day

Examples of what should be sent during office hours

  • Advisories less than 'Critical'
  • Information on ongoing incidents which don't require immediate response.
  • reports on incidents
  • Everything if possible

Responses to individuals may obviously be sent as you wish.

CC anything appropriate to UKNGI-Security. Include at the top who or what lists anything is forwarded too, as Jiscmail hides this information and it is not possible to configure a jiscmail list to show this.

Common sense is an appropriate tool!

Useful links

EGI csirt public wiki CSIRT Public Wiki

EGI CSIRT private wiki CSIRT Private Wiki

GridPP Wiki Security Information


This page is a Key Document, and is the responsibility of Rob Harper. It was last reviewed on 2014-06-10 when it was considered to be 100% complete. It was last judged to be accurate on 2014-06-10.