LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK [email protected] 9-Oct-03 D.P.Kelsey, LCG-GDB-Security.
Download ReportTranscript LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK [email protected] 9-Oct-03 D.P.Kelsey, LCG-GDB-Security.
LCG/GDB Security (Report from the LCG Security Group) FNAL 9 October 2003 David Kelsey CCLRC/RAL, UK [email protected] 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 1 Overview Just one topic • LCG Security and Availability Policy – Draft 3 presented at 9th Sep 03 GDB – Aiming for approval at this meeting • This draft (V4b) produced on 30th Sep Security Group meetings (also working on risk analysis) – 10th September 2003 – 24th September 2003 http://agenda.cern.ch/displayLevel.php?fid=68 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 2 Changes since last GDB • “LCG Security and Availability Policy” – Trevor Daniels (GOC task force) is main author – In collaboration with Security Group • Incorporated comments made last month by GDB – Ownership – Role of home employing institute – No personnel screening • Lots of minor changes – To make document clearer – Changed document template to LCG SEC format • Also distributed V4b to Site Security contacts – but no feedback to date 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 3 Section 1: Objectives and Scope • Objectives – Agreed set of statements – Attitude of the project towards security and availability – Authority for defined actions – Responsibilities on individuals and bodies • Promote the LHC science mission • Control of resources and protection from abuse • Minimise disruption to science • Obligations to other network (inter- and intra- nets) users • Broad scope: not just hacking • Maximise availability and integrity of services and data • Resources, Users, Administrators, Developers (systems and applications), and VOs • Does NOT override local policies • Procedures, rules, guides etc contained in separate documents 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 4 Section 1: Ownership, maintenance and review • The Policy is – Prepared and maintained by Security Group and GOC – Approved by GDB – Formally owned and adopted as policy by SC2 • Technical docs implementing or expounding policy – Procedures, guides, rules, … – Owned by the Security Group and GOC • timely and competent changes • GDB approval for initial docs and significant revisions – Must address the objectives of the policy • Review the top-level policy at least every 2 years – Ratification by SC2 via GDB if major changes required 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 5 Section 2: LCG services and resources • Definition of … • Resources – Equipment, software, data • Services – Defined by GOC web-site – example list defined 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 6 Section 3: Roles and Responsibilities • LCG Organisation • VOs – Acts with LCG Organisation, sites and home institutes of users • Sites • Resource Administrators • Users • Developers • GOC • Some examples here. Details in associated documents 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 7 Section 4: Physical security • Expected to be covered by site local policy and practices – Should aim to reduce the risks • Should be consistent with the SLA defined by the resource administrator 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 8 Section 5: Network security • Covered by local site policy – Should aim to reduce risks • Again consistent with SLA • LCG policy to reduce the risk exposed by applications which need to communicate across the Internet, BUT • Firewalls required to allow transit of inbound and outbound packets to/from some port numbers 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 9 Section 6: Access Control • Global components of the common grid security infrastructure must be deployed by all sites and resources • Additional local components allowed • Resource providers and Users must comply with all relevant associated documents 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 10 Section 7: Compliance • Require Site self-audit at least every 2 years – Check policy (and associated procedures and practices) is being followed • Independent audit (by or for GOC) allowed if – Self audit not performed – Not following policy – At random • Audit summaries to be published (by GOC) • Emergency exceptions allowed – Time-limited, authorised and GOC informed 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 11 Section 8: Sanctions Sanctions defined for failure to comply • Sites or admins – remove services • Users , Admins, Developers – remove right of access – May have activities reported to home institute • or to law enforcement agencies – Appropriate body will decide course of action • Responsibility of the VO to define the body • VOs – Remove right of access for them and all their users 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 12 Section 9: Associated documents • • • • • • • • • User Registration and VO Management (exists) Rules for use of LCG-1 (exists) Procedures for Resource Administrators Approval of LCG CA’s (exists) Guide for network administrators Procedures for site self-audit SLA Guide Incident Response (exists) Audit Requirements (exists) 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 13 Issues since 30th Sep • We use the term GOC in the singular – Means the GOC “service” • i.e. several GOC’s • Assumes that sites join LCG – How can we cope with other Grids offering resources, but not part of LCG? • We need to require they agree to our policy 9-Oct-03 D.P.Kelsey, LCG-GDB-Security 14