Difference between revisions of "OWG Meeting 23-Sep-2015"
From GlueXWiki
(Created page with "= Location and Time = '''Room:''' '''<font size="+1">Hall-D Conference Room</font>''' '''''Note room change!!''''' '''Time:''' 1:30pm-2:30pm =Connection= <div class="toccol...") |
|||
| Line 6: | Line 6: | ||
=Connection= | =Connection= | ||
| − | <div class=" | + | <div class="mw-collapsible mw-collapsed"> |
You can connect using [https://bluejeans.com/120390084 BlueJeans Video conferencing (ID: 120390084)]. ''(Click "Expand" to the right for details -->):'' | You can connect using [https://bluejeans.com/120390084 BlueJeans Video conferencing (ID: 120390084)]. ''(Click "Expand" to the right for details -->):'' | ||
| Line 30: | Line 30: | ||
# '''GlueX Collaboration Meeting''' [[GlueX-Collaboration-Oct-2015|October 8-10]] | # '''GlueX Collaboration Meeting''' [[GlueX-Collaboration-Oct-2015|October 8-10]] | ||
#* [[GlueX-Collaboration-May-2015|Previous Collaboration Meeting]] | #* [[GlueX-Collaboration-May-2015|Previous Collaboration Meeting]] | ||
| + | # Cyber Security | ||
| + | #* Network Scanning [[#NetworkScanning|(see below)]] | ||
# ROL modifications | # ROL modifications | ||
#* SYNC events | #* SYNC events | ||
| Line 38: | Line 40: | ||
# Readout Config. parameters in CCDB (RCDB?) | # Readout Config. parameters in CCDB (RCDB?) | ||
# AOT | # AOT | ||
| + | |||
| + | |||
| + | |||
| + | <div class="toccolours mw-collapsible mw-collapsed" id="NetworkScanning" style="width:600px"> | ||
| + | Network Scanning (click "Expand" -->) | ||
| + | <div class="mw-collapsible-content"> | ||
| + | <pre> | ||
| + | David, | ||
| + | |||
| + | As POC for computing services in Hall D, I am contacting you in order to | ||
| + | start a conversation regarding a computer security enhancement across | ||
| + | the lab. Given the results of the last several independent computer | ||
| + | security audits performed here at Jefferson Lab, we have been directed | ||
| + | to intensify our network vulnerability scanning so as to detect problems | ||
| + | before they cause security issues. Lab management would like to have a | ||
| + | plan in place within the next couple of weeks to address this shortcoming. | ||
| + | |||
| + | Please note that this is not an exercise where the results are be shared | ||
| + | with lab or DOE management, only with you and your team. The aim is to | ||
| + | mitigate all vulnerabilities detected in a timely fashion without | ||
| + | incurring work slowdown. | ||
| + | |||
| + | In order to fulfill this mission, we would like to do two types of | ||
| + | scanning on a regular basis. Both are network based and the intent is to | ||
| + | cause as little disruption as possible while still achieving a measure | ||
| + | of success. | ||
| + | |||
| + | 1. Weekly Nessus and Netsparker scanning of the webservers, both | ||
| + | internal and external. The testing will include any systems on the | ||
| + | 129.57.64.x subnet, along with other webservers identified by the | ||
| + | security team residing on subnets: 129.57.26.0/23, 129.57.135.0/24, | ||
| + | 129.57.172.0/22, and 129.57.194.0/24. | ||
| + | |||
| + | 2. Occasional Nessus vulnerability scanning of the entire Hall D network | ||
| + | address space. This will be coordinated to occur during the summer and | ||
| + | winter down periods. All results will be shared with the hall leaders, | ||
| + | especially when security issues have been noticed. The scanning will | ||
| + | include all systems located on subnets: 129.57.26.0/23, 129.57.135.0/24, | ||
| + | 129.57.172.0/22, and 129.57.194.0/24. | ||
| + | |||
| + | These scans have to potential to cause performance problems on the | ||
| + | system being scanned, so coordination between both hall and security | ||
| + | personnel is essential. In order to start the ball rolling on | ||
| + | implementing a scanning schedule, I would like to initially propose the | ||
| + | following: | ||
| + | |||
| + | Website scanning on Tuesday starting at about 10 am. We expect this to | ||
| + | take 2-4 hours. | ||
| + | |||
| + | Full Nessus scan during the next winter down period. Depending upon the | ||
| + | number of devices, we expect this to take approximately 8 hours. | ||
| + | |||
| + | Please let me know if you have any questions. | ||
| + | |||
| + | Thanks, | ||
| + | |||
| + | Greg Nowicki<br> | ||
| + | Computer Security Manager | ||
| + | |||
| + | </pre></div></div> | ||
= Minutes = | = Minutes = | ||
'''TBD''' | '''TBD''' | ||
Revision as of 15:30, 22 September 2015
Location and Time
Room: Hall-D Conference Room Note room change!!
Time: 1:30pm-2:30pm
Connection
You can connect using BlueJeans Video conferencing (ID: 120390084). (Click "Expand" to the right for details -->):
(if problems, call phone in conference room: 757-269-6460)
- To join via Polycom room system go to the IP Address: 199.48.152.152 (bjn.vc) and enter the meeting ID: 120390084.
- To join via a Web Browser, go to the page https://bluejeans.com/120390084.
- To join via phone, use one of the following numbers and the Conference ID: 120390084
- US or Canada: +1 408 740 7256 or
- US or Canada: +1 888 240 2560
- More information on connecting to bluejeans is available.
Previous Meeting
Agenda
- Announcements
- GlueX Collaboration Meeting October 8-10
- Cyber Security
- Network Scanning (see below)
- ROL modifications
- SYNC events
- TS info for physics events (L1 latch word, unix timestamp)
- DAQ system development
- L3 development
- Readout Config. parameters in CCDB (RCDB?)
- AOT
Network Scanning (click "Expand" -->)
David, As POC for computing services in Hall D, I am contacting you in order to start a conversation regarding a computer security enhancement across the lab. Given the results of the last several independent computer security audits performed here at Jefferson Lab, we have been directed to intensify our network vulnerability scanning so as to detect problems before they cause security issues. Lab management would like to have a plan in place within the next couple of weeks to address this shortcoming. Please note that this is not an exercise where the results are be shared with lab or DOE management, only with you and your team. The aim is to mitigate all vulnerabilities detected in a timely fashion without incurring work slowdown. In order to fulfill this mission, we would like to do two types of scanning on a regular basis. Both are network based and the intent is to cause as little disruption as possible while still achieving a measure of success. 1. Weekly Nessus and Netsparker scanning of the webservers, both internal and external. The testing will include any systems on the 129.57.64.x subnet, along with other webservers identified by the security team residing on subnets: 129.57.26.0/23, 129.57.135.0/24, 129.57.172.0/22, and 129.57.194.0/24. 2. Occasional Nessus vulnerability scanning of the entire Hall D network address space. This will be coordinated to occur during the summer and winter down periods. All results will be shared with the hall leaders, especially when security issues have been noticed. The scanning will include all systems located on subnets: 129.57.26.0/23, 129.57.135.0/24, 129.57.172.0/22, and 129.57.194.0/24. These scans have to potential to cause performance problems on the system being scanned, so coordination between both hall and security personnel is essential. In order to start the ball rolling on implementing a scanning schedule, I would like to initially propose the following: Website scanning on Tuesday starting at about 10 am. We expect this to take 2-4 hours. Full Nessus scan during the next winter down period. Depending upon the number of devices, we expect this to take approximately 8 hours. Please let me know if you have any questions. Thanks, Greg Nowicki<br> Computer Security Manager
Minutes
TBD
