You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 5 Current »

Date

Attendees

Agenda

  • Introduction to the meeting - TK
    • First meeting between perfSONAR team (of leads and dev leads from the global group), and the GÉANT Security team.
    • Background: a need that was identified by the perfSONAR team for recommendations from an expert group regarding operating perfSONAR in a secure manner.
    • A pre-meeting was held between GÉANT security team and perfSONAR team members from GÉANT on 08/03, at the annual GÉANT Symposium
  • Introduction of attendees - All
  • Purpose of the meeting
    • To review and get recommendations on best practices to operate perfSONAR. With over 1400 pS nodes around the world, it is of paramount importance that pS group stay up-to-date on security practices, to ensure continued reliability and robustness pS' operation
      • Eric and others agreed with this
  • GÉANT Security Team - presentation about task - Marcin Wolski
    • Sent to the group earlier via email
  • pS security recommendations exercise - what pS group wants out of this exercise
    • The aim of this exercise is to work together to get recommendations for security best practices to operate pS. This includes process, policies and best practices - documentation to operate pS node in secure manner. pS is different from few other software as it is a multi-deployment appliance:
      • Includes the auto-update element, which enables pS deployments to be updated with any new software automatically once every day.
      • There are already some Security Considerations listed by pS group on its website, such as access to nodes, IPTables, host management using IDS, etc., but we are looking to expand this with this exercise.
      • Vulnerabilities are handled at the earliest by the development team, and an announcement is made on perfsonar-user list with regard to the severity if it and if/how much does it affect a pS deployment
      • All the above considered - we would like to improve the process, and hence this exercise
  • Discussion with GÉANT security team
    • Define acceptance criteria, division into work items
      • GÉANT Security team will:
        • Until end of April, i.e. end of GN4-1:
          • Go through all security-related documentation on perfsonar.net website, and arrange for infrastructure to deploy perfSONAR toolkit
          • From GN4-2/May onwards:
            • Install perfSONAR toolkit and review the default security policies, settings, and make recommendations based on the process
            • Go through Vulnerability Management process and list practices for improvisation
        • Communication between the teams
          • GÉANT security team will, in the first instance, contact GÉANT perfSONAR team, for e.g. if any clarifications are required. The GÉANT perfSONAR team in turn will keep the rest of global perfSONAR team updated with any discussions that occur, either by way of email or during weekly developers call
          • If any security-related topic of interest is flagged on any perfsonar mailing list, someone from the pS global team will co-ordinate among themselves to inform the GÉANT security team about it, should they need to consider it in relation to policy setting
          • Shared space needed which is accessible to both teams (perfSONAR global team, GÉANT security team)
            • Required to store information such as progress of tasks, documentation (in-progress, draft, review, or final), discussions/decisions, or even admin tasks such as meeting notes, or next meeting dates etc.
            • Trupti will ask GÉANT IT team if GÉANT wiki (confluence; eduGAIN-enabled access) can be used for this exercise
              • And setup a page for non- GÉANT, i.e. rest of pS global team, participants
              • Other possibility includes the perfSONAR github wiki (https://github.com/perfsonar/project/wiki), but need to discuss with rest of pS group if it is the right platform at this stage
              • Done - this wiki page will be used for collaboration on this task.
    • Next meeting
      • TBD
  • No labels