Coordinating Operational Security in evolving distributed IT-Infrastructures

Abstract

Operational Security in scientific distributed IT-Infrastructures such as EGI is challenging. Exist- ing computation frameworks are continually being extended, and new technologies implemented, thereby expanding the potential attack surface and exposing new risks. In this rapidly evolving environment new security policies have to be developed, and existing policies and procedures have to be constantly updated to meet new requirements. To efficiently enforce these new policies, the security monitoring infrastructure has to be fur- ther developed to cover all elements of the evolving infrastructure. Finally the incident response (IR) tool set has to be extended to be able to efficiently handle security incidents affecting new technologies. In this paper we discuss EGI-CSIRTs strategy for expanding its portfolio to provide all aspects of operational security in a Cloud environment, whilst maintaining its current capabilities. The paper describes the developments associated with a Virtual Machine Endorsement Policy and related technical aspects to allow a provision of a trustworthy set of Virtual Machine Images (VMI) to the user community by means of an Application-DataBase. VMIs with vulnerable configurations have already involved in incidents handled by EGI-CSIRTs Incident Response Task Force (IRTF). In dealing with these incidents it became apparent that the existing procedures and tools, which were otherwise successfully applied to IR in EGI, exposed deficiencies when applied to the EGI Federated Cloud (EGI-FedCloud) services. This understand- ing triggered the development of central User- and Virtual Machine-Management frameworks de- ployed in EGI-FedCloud. The status of these tools and the integration with the existing IR tools is discussed. In EGI, security policies and procedures are tested in Security Service Challenges (SSCs) which are designed to verify that they do, in practice, help with security operations to prevent and re- spond to incidents. An SSC addressing EGI-FedCloud services and IR procedures will is de- scribed.