Is launching a virus inside the grid a good idea?
Well, Sven Gabriel (Nikhef Security Officer / EGI-CSIRT) and Oscar Koeroo (Grid middleware security developer) did it, and they now explain why (there's also more info on the EGI-CSIRT below)...
EGI-CSIRT's primary goal is to provide Incident Response Capabilities across
One activity within this team is to organize Security-Drills including our
resource centres as well as Experiment job-submission frameworks.
The motivation for this is to optimize our operational set-up in order to
minimize the impact of a real computer security incident on our production.
In a distributed environment like the European Grid Infrastructure,
operational security and in particular Incident-Response has an additional
dimension, since in general a security incident happening at a certain site
will affect multiple resource centres around the globe. To contain such an
incident the activities of many teams have to be coordinated.
The crucial aspects to look at are that
- the operational set-up at the sites allows the local team to find all
relevant information, communicate the results to the central incident
coordination team and to perform targeted user-access and process management.
Using the outcome of earlier security exercises we made sure that the needed
tools are available. This has put us in a position to actually evaluate our
project wide incident response capabilities simulating a computer security
incident on a global scale, affecting 40 sites in 20 countries.