Versions Compared

Old Version 8

changes.mady.by.user Sven Gabriel

Saved on

compared with

New Version 9

changes.mady.by.user Sven Gabriel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Description for eduGAIN-CSIRT

About this document

This is version 0.1, draft 2021/07/14

...

The current version of this CSIRT description document is
available from the eduGAIN -CSIRT WWW site; its URL is
<URL OF THE .txt VERSION OF THE RFC> https://edugain.org/edugain-security/
 
Please make sure you are using the latest version.

...

This document has been signed with the eduGAIN-CSIRTs PGP key.  The signatures are
also on our Web site, under:
 <URL OF OUR TEAM_KEY.asc>https://edugain.org/edugain-security/

Contact Information

Name of the Team

...

Electronic Mail Address

abuse@edugain.org This address can be used to report all security incidents which relate to the eduGAIN participants. This is a mail alias that relays mail
to the human(s) on duty for the eduGAIN-CSIRT.

...

eduGAIN-CSIRT is coordinated by the eduGAIN-CSIRT security officer. Other team members along with their contact information are listed at the eduGAIN-CSIRT web page: <eduGAIN-CSIRT.WEBPAGE.ORG>

Other Information

eduGAIN security is in https://edugain.org/edugain-security/

General information about the XYZ-CERT, as well as links to
various recommended security resources, can be found at
<eduGAIN-CSIRT.WEBPAGE.ORG>
NOTE: WE NEED TO DISCUS IF WE WANT OT RUN SUCH A PAGE

...

Sponsorship and/or Affiliation

eduGAIN-CSIRT is abcpart of eduGAIN... the role of federations in eduGAIN goes here probably as wellorg.

Authority

eduGAIN-CSIRT is authorized by the eduGAIN Steering Group to investigate any activity within its Terms of Reference and, in coordination with the federations,  take all necessary controlling actions to contain and mitigate suspected and confirmed computer incidents to limit the extend of possible service degradation or reputation damage to eduGAINcoordinate incident response at the inter-federation level.

Policies

we do not really have an extended set of policies

...

Co-operation, Interaction and Disclosure of Information

federations and comm flows go here, also comms to eSG

Communication and Authentication

TLP adherence and optional encrypted comms go here

Services

Incident Response

This the service a CSIRT has to provide

Incident Triage

The eduGAIN Security Team closely collaborates with the Identity Federations’ security operators and the National Research and Education Network CSIRTs and CERTs in eduGAIN to ensures that all security incidents are investigated as fully as possible.

The roles and interactions of the different entities relevant to incident response within eduGAIN are described in the

Security Incident Response Handbook Feedback



eduGAIN-CSIRT reports to the eduGAIN Steering Group (eSG)

Communication and Authentication

ALL incoming information is handled confidentially by eduGAIN-CSIRT, regardless of its priority.

eduGAIN-CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP – see https://www.trusted-introducer.org/ISTLPv11.pdf) - information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.

eduGAIN-CSIRT will use the information you provide to help solve security incidents affecting eduGAIN. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably anonymized.


Services

Incident Response

eduGAIN-CSIRTs major incident management function is incident coordination across eduGAIN federations.

Incident Triage

Support of the eduGAIN participants investigating- Investigating whether indeed an incident occuredoccurred.
- Determining the extent of the incident. Single This ranges from a single entity, orto multiple federations affected.

Incident Coordination


Incident Resolution

The incident resolution is ultimately the task of the organizations responsible for the end entities in eduGAIN (Service providers (SP), Identity Providers (IdP). If possible, edugain-CSIRT will support the end entities in coordination with the Federations  on request.

Proactive Activities

We can't do much here I'm afraid

Incident Reporting Forms

Incident Report temlates can be found in:  https://aarc-project.eu/wp-content/uploads/2017/02/DNA3.2-Security-Incident-Response-Procedure-v1.0.pdf

{ THE TEMPLATES SHOULD BE EXTRACTED FROM THE PDF AND PUT ON THE WEBSITE (WITH A REFERENCE TO THE ORIGINAL DOC) } Link to possible incident-report templates


Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, XYZ-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

...