XCI-783 Design and Security Review Discussions

7 posts / 0 new
Last post
XCI-783 Design and Security Review Discussions

Post design and security questions and feedback in this thread.

Design is OK - I'd like some mention of the AWS Security Controls and service configurations to be implemented and documented.

Thanks Derek. For AWS Security Controls are you referring to https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-sta... ? I'm looking at targeting the CIS AWS Foundations controls but costs of the AWS Security Hub service is a concern. I already tried enabling AWS GuardDuty and the cost was prohibitive. I know XSEDE has other services running in AWS, so I'd welcome any advice/experience/recommendations you can provide about these AWS security service options.

Happy to help in looking into the AWS policy and security configurations - I am not an expert at this, but others within our Security Ops group have done work recently on such for the XES in AWS. For the time being, I'd just like to see a line added in E.2.8 of the design doc saying that the AWS-specific policies and controls implemented to protect the services will be documented - even if, given possibly security-sensitive content, that document is maintained in a controlled, non-public place (private github?).

Will do. I think it fits in our (internal) Master Information Security Policy and Procedures doc as part of our (in-progress) adoption of the Trusted CI Framework. Thanks!

I've updated https://software.xsede.org/svn/xci/activities/xci-783/trunk/Deliverables... (v1.1) to include the additional documentation in Section E.2.8.


Some belated feedback:

  1. Should Figure 1 include Route 53 as explained in the text?
  2. Curious, what DB technology is currently used that is being replaced?
  3. Is the Syslog Collector and Splunk in Figure 2 already exist today and should be in Figure 1?
  4. E.2.1. Doesn't mention existing syslog and Splunk at NCSA.
  5. Is the new Aurora DB multi-instance across availability zones? If not, will regular backups be used to aid in recovery in case of an Aurora DB failure? This would be advisable not just for the unlikely case of a single instance failure, but also in the case of compromise and data destruction.
  6. E.2.12. Is Globus the only CILogon dependency that should be tested. If not, please list the rest.
Log in to post comments