Security Workshop:Scenario2

From Gridkaschool

In this scenario, your site is in normal production; grid jobs are submitted, batch jobs are run, and users are performing interactive logins.

The most important service your site is performing is participating in the Galactic Space Weather Forecast System. This is run in a distributed fashion over all sites, where an automated production system logs in to each CE node once a minute as the user "produser" and submits a short batch job that calculates a part of the overall forecast. Separately, the production system logs in to each CE node once a minute, scans the output directory for any completed forecast data and uploads this via sftp to the production server, which assembles the data into a weather forecast which is displayed on the Status Dashboard.

There is some redundancy in the forecast data, which means that if fresh data from one (1) site is missing, the forecast system still works. However, if data from two or more sites are missing, the forecast production fails. This must be avoided at all costs. If, heaven forbid, corrupt data is introduced into the system, this may wreak havoc with the forecasts for up to 15 minutes.

The Status Dashboard shows the age of the last data received for each site. If the data is older than two minutes, the site enters a warning state. If the data is older than five minutes, the site state turns critical, and forecasts are threatened.

Serious failure of a site's part in the forecast production may result in a point penalty.

Scores are awarded as in Scenario 1, and the same rules apply. The scenario ends when you recover a backdoor password and you are confident that you have understood all details in the incident. Extra points may be awarded for outstanding forensics.

Again, sites can receive an optional bonus challenge if desired.

Retrieved from "https://wiki.scc.kit.edu/gridkaschool/index.php?title=Security_Workshop:Scenario2&oldid=682"