MinSec Check: SaaS/PaaS: Logging and Auditing #27
Labels
content
Web site content
Milestone
Comments
akkornel
added a commit
that referenced
this issue
May 6, 2018
For Medium Risk, we need TLS version 1.1 or later, and we need to "Enable any available application logging that would assist in a forensic investigation in the event of a compromise." Both of these things can be done in GridFTP configuration, so instructions are added to enable both. We have to put the instructions here, because /var/lib/globus-connect-server only gets created when globus-connect-server-setup is run. Updates #25 and #27
|
Point 1 is addressed by commit 5880275. For point 2, I have opened Globus support ticket 309614. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
In MinSec for SaaS/PaaS, the Logging and Auditing item has the following:
1. Enable any available application logging that would assist in a forensic investigation in the event of a compromise. Seek vendor or ISO guidance as needed.2. Contractually ensure that the provider can export logs at the request of Stanford within five days.For point 1, endpoints can already be made to log the transfer of individual files, with references back to a transfer ID. The Server docs can be updated to enable this logging. General transfer details are stored with Globus, and we are able to query them directly already, using their API.
The only missing logs are logs of endpoint activations, and logs of metadata activity. For metadata activity, that's going to be logged starting with Globus Connect Server 5.1. So, Medium Risk users should move to 5.1 once it's out. And for endpoint activation logs, we'll have to get that from Globus when needed.
For point 2, we'll have to check in to this. For example, if all needed logs are available on the endpoints, then it would be up to the endpoint sysadmin (someone else at Stanford) to retrieve them.
The text was updated successfully, but these errors were encountered: