In addition to core activities of co-ordinating response to computer and network security incidents and mitigating threats to the infrastructure, the EGI CSIRT team, in collaboration with partners, provides services for security monitoring, security training and best practice dissemination. Find out more about EGI CSIRT’s activities below.
- Incident response: Within the EGI CSIRT, day-to-day security operations are handled by the Incident Response Task Force (IRTF). IRTF is a small team of approximately half a dozen security experts distributed over several countries and multiple organizations who, taking part in an on-duty rota, act as first responders to reports of security incidents within the EGI Infrastructure. If required, security forensics expertise within the IRTF is made available to sites for the investigation and resolution of incidents.
- Security monitoring: In order to obtain information about the state of the infrastructure and enable a pro-active security stance, the EGI CSIRT uses a security monitoring framework that collects and evaluates data from all EGI sites. This framework enables the EGI CSIRT to check basic security characteristics of the services that EGI sites make available to its users, including services’ software patching levels and deployed mitigations.
- Security policy and procedure: Operational security can only be organized within a proper policy framework, regulating access to, provision and usage of the infrastructure. Through the adoption of these policies by EGI, the CSIRT is given the authority to require action on the part of users and service providers, such as to apply software patches and to participate in incident response. EGI CSIRT actively participates in the development and maintenance of the policy framework to ensure it remains relevant in an evolving infrastructure.
- Vulnerability advisories: EGI CSIRT members participate in the EGI Software Vulnerability Group (SVG) which acts is to minimize the risk to the EGI infrastructure arising from software vulnerabilities. Handling vulnerabilities is an important part of incident prevention and, when vulnerabilities are reported, the SVG issues advisories for sites including information on risk level and, where possible, mitigating actions. For critical risk vulnerabilities the EGI CSIRT operates procedures to ensure that all EGI services take appropriate action to eliminate or mitigate the risk to the infrastructure.
- Training: The skills necessary for proper incident response are often beyond the experience of system administrators, in particular in specialised environments. In EGI, it is crucial to have a deep under-standing of the technology to be able to use the available information for a more complete incident response. Security training is therefore of vital importance. EGI CSIRT has developed and offered material in the three categories of defensive, offensive and role-play training.