Activities of the Italian (IT) ROC Security Group

The security group's main task is to keep contacts with the LCG/EGEE Security working groups and to provide links, references and guidelines for the Italian production Grid sites.
In addition it is responsible to coordinate actions in case of a security incident occurring in one of the Italian sites and to participate to the Security Service Challenge when requested by the project.
Another goal of the group is to promote best practice and discussions among site managers and resource administrators, in order to share a common knowledge concerning security monitoring, tools and procedures.

IT-ROC Contacts

• IT-ROC Security Officier: new contacts required?
• IT-ROC Security Mailing List: new contacts required?
• IT-ROC Managers: new contacts required?

Incident Reporting Escalation and Procedures

A good coordination of the incident response procedures needs to involve a number of different teams: local site administrators, Grid services administrators (if different from the previous) and people responsible for the security of the national network infrastructure (GARR-CERT) and Grid coordination (ROC).
The security procedures herein described have been reviewed to improve the communication between network and site administrators and EGEE computing resource administrators.
This review involved people representing the Italian ROC, the INFN computing committee and the GARR-CERT.
The complete document is available here.

Actors involved

• Network infrastructure level
  • GARR-CERT: Computer Emergency Response Team for GARR
• ROC level
  • ROC Italy ROC CSIRT: A group of people (at least 2), reachable through the mailing list grid-security<AT>infn.it, responsible for the security coordination inside the ROC
  • Italy Security Officer (RSO): A single person responsible for the security coordination inside the ROC. It MUST be a member of the ROC_Italy CSIRT
• Site level
  • Local Site Managers (LSM): People responsible for the management of the networking and computing resources at a site
  • Access Point Manager (APM): The GARR contact person who is responsible for the management of the top level access router and IP addresses assignment. A APM is present at all sites