Mission and Organization
As a member of EGI, France-Grilles benefits, supports, and is part of the security team EGI: EGI-CSIRT (Computer Security Incident Response Team) .
The Security Officer for France-Grilles (the French NGI) is a member of the EGI-CSIRT and is the link for operational communication regarding security, between sites of France-Grilles and with EGI-CSIRT.
The mission of the EGI-CSIRT is to ensure the operational aspects for achieving a secure infrastructure. To reach that aim, it is important that the security contact information for each site are filled in and kept up to date in the GOCDB (Grid Configuration DataBase).
EGI-CSIRT coordinates between different NGIS (National Grid Initiative) and the NRENs (National Research and Education Network) and seeks to combine and enhance the various safety aspects such as monitoring, training and response the incidents.
Vulnerabilities in application programs or operating systems relevant for the EGI infrastructure are evaluated by the SVG (Software Vulnerability Group). This group examines announced vulnerabilities, CVE (Common Vulnerability Exposure), or reported (anyone can report a vulnerability by email: report-vulnerability-at-egi.eu), and produces an opinion on the level of risk associated with the vulnerabilities.
A list of advisory is here: https://wiki.egi.eu/wiki/SVG:Advisories
Policies and procedures are defined by the SPG (Security Policies Group). They determine the usage rules applicable to all EGI member (hence any France Grilles member), whether they are users, sites or virtual organizations. The documents are available here:
Security policies: https://wiki.egi.eu/wiki/SPG:Documents
The procedures: https://wiki.egi.eu/wiki/EGI_CSIRT:Policies
The certificate is your passport to the grid. The certificate private key and password must be kept confidential.
Some basic guidelines:
– Be stored in a file readable only by you,
– Being protected by a strong password. It can be created by a password generator.
– Do not share your certificate or its password with anyone.
For all questions about certificates, please contact the GRID2-FR Registration Authority team by email : email@example.com
A security issue … What do I do?
– Keep calm
– Use procedures and guidelines: https://wiki.egi.eu/wiki/EGI_CSIRT:Incident_reporting
– Use the guideline for system analysis: https://wiki.egi.eu/wiki/Forensic_Howto
– If the incident is related to one or more GRID2-FR certificates ( private key is compromised or suspected to be compromised, stolen, lost, or password problem, .. ), contact the GRID2-FR RA team as soon as possible to request revocation of the relevant certificate(s)
NOT TO DO
– Do not talk on a mailing list other than that provided for this purpose
– Do not publish this information on the Internet or other media
– Do not restart (reboot) the infected server(s)
– Do not destroy the virtual machine