Security Alerts

From GridPP Wiki
Jump to: navigation, search

A Method of Handling Security Alerts.

When a security alert is received(usually via UKIROCSecurity):-

a) Reply to the alert to inform them that you have receive it, and that appropriate action will be taken.

b) The action required consists of checking the logs of the Servers and Worker Nodes for attempted connections/intrusions from certain site(s)and or ipaddress(es). The offending sites/ipaddresses information is usually supplied in the alert.

c) When this is complete, a report should be sent to the sender of the alert indicating whether or not any suspicious behavour/connections/intrusions were detected. If so, full details of the behavour should be included.