Versions Compared

Old Version 14

changes.mady.by.user Sven Gabriel

Saved on

compared with

New Version 15

changes.mady.by.user Sven Gabriel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Description for eduGAIN-CSIRT

REMARK: This needs to be synced with https://edugain.org/edugain-security/

in particular the

  • Constituency
  • Incident response procedure is a link to a AARC deliverable which has an a bit generic irp for distributed infras

About this document

This is version 0.1, draft 2021/07/14

...

Locations where this Document May Be Found

The

...

current

...

version

...

of

...

this

...

CSIRT

...

description

...

document

...

is

...

available

...

from

...

the

...

eduGAIN-CSIRT

...

WWW

...

site;

...

its

...

URL

...

is

...

https://edugain.org/edugain-security/

...

Please

...

make

...

sure

...

you

...

are

...

using

...

the

...

latest

...

version.

...

Authenticating this Document

This

...

document

...

has

...

been

...

signed

...

with

...

the

...

eduGAIN-CSIRTs

...

PGP

...

key.

...

The

...

signatures

...

are

...

also

...

on

...

our

...

Web

...

site,

...

under:

...

https://edugain.org/edugain-security/

Contact Information

Name of the Team

...

Telephone Number

+31 12345679 (SOME GEAN OFFICE NUMBER, where the Opertor Operator at least knows what to do when contacted on security issues related to eduGAIN)

Facsimile Number

+31 12345679 (SOME GEANT OFFICE  FAX NUMBER, where the Opertor Operator at least knows what to do when contacted on security issues related to eduGAIN)

Other Telecommunication/Instant messaging

OTHER METHODS MONITORED BY THE eduGAIN-CSIRT (keybase? slackchannel?) 

Electronic Mail Address

abuse@edugain.org

...

This

...

address

...

can

...

be

...

used

...

to

...

report

...

all

...

security

...

incidents

...

which

...

relate

...

to

...

the

...

eduGAIN

...

participants.

...

This

...

is

...

a

...

mail

...

alias

...

that

...

relays

...

mail

...

to

...

the

...

human(s)

...

on

...

duty

...

for

...

the

...

eduGAIN-CSIRT.

Public Keys and Other Encryption Information

...

The eduGAIN-CSIRTs hours of operation are generally restricted to regular business hours (09:00-17:00 (CET/CEST)) Monday to Friday except holidays). <ADD A STATEMENT ABOUT "BEST EFFORT" OUTSIDE BUSINESS HOURS ?>

Charter

Mission Statement

The eduGAIN-CSIRT provides security incident coordination for eduGAIN on the federation level and ensures that security incident resolution process does not stall. Details are laid-out in eduGAIN-CSIRTs Term of References available at <HERE A LINK TO THE TOR>

Constituency

eduGAIN consists of identity federations, which which members are the federation participants,  an association of organisations organizations that exchange information as appropriate about their users and resources to enable collaborations and transactions.  With regard to security incident response the identity and service providers (IdP and SP)  registered in a federation.

...

eduGAIN-CSIRT reports to the eduGAIN Steering Group (eSG).

Communication and Authentication

...

eduGAIN is a federation of identity federations, in which different organisations organizations operate SPs and IdPs. Usually the mandate and scope of the SPs IdPs  security teams are  limited to the home organisationorganization. The same holds for the federations participating in eduGAIN. eduGAN-CSIRT will organise organize the security incident communications across affected participants and coordinate the local response activities to allow for an efficient containment and subsequently resolution of security incidents.

...

The incident resolution is ultimately the task of the organizations responsible for the end entities in eduGAIN (Service providers (SP), Identity Providers (IdP)). If possible, edugain-CSIRT will support the end entities with in coordination with the Federations  on request.

Proactive Activities

<THIS <THIS HAS A RISK OF GETTING TIME CONSUMING MORE THEN WE CAN SQUEZE IN>SPEND ON IT>

Incident Reporting Forms

Incident Report temlates templates can be found in:  https://aarc-project.eu/wp-content/uploads/2017/02/DNA3.2-Security-Incident-Response-Procedure-v1.0.pdf

< THE TEMPLATES SHOULD BE EXTRACTED/EDITED FROM THE PDF AND PUT ON THE WEBSITE (WITH A REFERENCE TO THE ORIGINAL DOC) >


Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, eduGAIN-CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

...