The eduGAIN Security Team main duty is to provide a central coordination point at the inter-federation level for the security incident response. Moreover, the team will share information on security threats relevant for the eduGAIN community.
While each Federation Operator and Federation Participant provides security support within their respective domain of responsibility, inter-federation remains everybody's responsibility, which means no entity is effectively accountable to do the necessary work. Yet, when defending against global attacks targeting global services, inter-federation must be at the core of incident response strategy.
The eduGAIN Security Team supports this collective responsibility in inter-federation incident response within eduGAIN.
The eduGAIN Security Team is a central contact and support point for security incidents, and coordinates the investigation and resolution of suspected security incidents that affect Federation Operators and Federation Participants. This includes notifying Federation Participants and Federation Operators or any other relevant entity about attacks potentially affecting them.
The collective expertise and experience accumulated by the eduGAIN community as it defends against attacks is invaluable. The eduGAIN Security Team ensures that lessons learned, statistics, and other useful information are disseminated appropriately to improve our security posture as a global, united community.
eduGAIN Security Incident Response Handbook
The eduGAIN Security Team will share information on potential and actual security threats with the federation security contacts and if needed with the entities's Sirtfi security contacts.
This includes vulnerabilities, malicious indicators and exposed or compromised credentials ;
Whenever possible the eduGAIN Security Team will notify entities when information about exposed credentials surfaces. Although the origin of the compromise or its context may not be known, the available data is made available to the possibly affected entity, so that they can make their own determination.LEAKED CREDENTIAL PROCEDURE HERE
Trust is an essential part of threat information sharing and in eduGAIN, rely on two pillars by :
- Strictly abiding to the Traffic Light Protocol (TLP, https://www.first.org/tlp/), which is used in most communications to mark information being shared according to its sensitivity and the audience with whom it may be shared. TLP violations will be followed-up with the utmost severity.
- Urging all entities to adopt (and update their metadata accordingly) the Sirtfi framework (https://refeds.org/sirtfi). Federation Participants that support the Sirtfi framework (https://refeds.org/sirtfi) will receive full Incident Response information, more details on vulnerabilities or ongoing attacks, and support. Federation Participants that do not support Sirtfi will receive limited information and support.
For computer security emergencies or in case a security incident is suspected: