/internal/security-coordination/Recent content in Security Coordination on DocumentationHugo -- gohugo.io/internal/security-coordination/service-information/Mon, 01 Jan 0001 00:00:00 +0000/internal/security-coordination/service-information/ <h2 id="identity-card">Identity card</h2> <!-- markdownlint-disable no-inline-html no-bare-urls --> <table> <thead> <tr> <th>Property</th> <th>Value</th> </tr> </thead> <tbody> <tr> <td>Name</td> <td>Security coordination</td> </tr> <tr> <td>Description</td> <td>Enhance local security for a safer global infrastructure</td> </tr> <tr> <td>URL</td> <td><a href="https://csirt.egi.eu">https://csirt.egi.eu</a></td> </tr> <tr> <td>Support Email</td> <td>abuse at egi.eu</td> </tr> <tr> <td><a href="..">Helpdesk</a> Support Unit</td> <td><strong>EGI Services and Service Components</strong> <br/> I__ Security Coordination <br/> I__ Security Monitoring</td> </tr> <tr> <td>Configuration Database entry</td> <td><a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&amp;id=968">https://goc.egi.eu/portal/index.php?Page_Type=Site&amp;id=968</a> <br /> <a href="https://goc.egi.eu/portal/index.php?Page_Type=Site&amp;id=1127">https://goc.egi.eu/portal/index.php?Page_Type=Site&amp;id=1127</a></td> </tr> <tr> <td>Supplier</td> <td>UKRI, FOM-Nikhef, CERN, CESNET, GRNET, IJS</td> </tr> <tr> <td>Roadmap</td> <td>N/A</td> </tr> <tr> <td>Release notes</td> <td>N/A</td> </tr> <tr> <td>Source code</td> <td>N/A</td> </tr> <tr> <td>Issue tracker for developers</td> <td>N/A</td> </tr> <tr> <td>License</td> <td>N/A</td> </tr> <tr> <td>Privacy Policy</td> <td>N/A</td> </tr> </tbody> </table> <!-- markdownlint-enable no-inline-html no-bare-urls -->/internal/security-coordination/monitoring/Mon, 01 Jan 0001 00:00:00 +0000/internal/security-coordination/monitoring/ <h2 id="what-is-it">What is it?</h2> <p>EGI is an interconnected federation where a single vulnerable place may have a huge impact on the whole infrastructure. In order to recognise the risks and to address potential vulnerabilities in a timely manner, the EGI Security Monitoring provides an oversight of the infrastructure from the security standpoint.</p> <p>Also, sites connected to EGI differ significantly in the level of security and detecting weaknesses exposed by the sites allows the EGI security operations to contact the sites before the issue leads to an incident.</p> <p>Information produced by security monitoring is also important during assessment of new risks and vulnerabilities since it enables to identify the scope and impact of a potential security incident.</p> <h2 id="technical-description">Technical description</h2> <p>This service includes the following components.</p> <h3 id="secmon">Secmon</h3> <p>A Nagios-based service provided to monitor a range of assets like CRLs, file system permissions, vulnerable file permissions etc.</p> <p>Ad-hoc probes are deployed to support incident management, to assess the vulnerability of the infrastructure with regards to specific security issues and for proactive security management.</p> <p>The results produced are available to the EGI Security dashboard of the <a href="../../operations-portal">Operations Portal</a> for visualisation.</p> <h3 id="pakiti">Pakiti</h3> <p><a href="./pakiti">Pakiti</a> is the monitoring and notification service which is responsible for checking the patching status of systems.</p> <p>The results produced are available to the EGI Security dashboard of the <a href="../../operations-portal">Operations Portal</a> for visualisation.</p> <h3 id="incident-reporting-tool">Incident reporting tool</h3> <p>Ticketing system for tracking of incident.</p> <h3 id="tools-for-security-service-challenge-support">Tools for Security Service Challenge support</h3> <p>Security challenges are a mechanism to check the compliance of sites/NGIs/EGI with security requirements. Runs of Security Service Challenges need a set of tools that are used during various stages of the runs.</p>