Page tree
Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 10 Next »

Introduction

Goal of this challenge is to assess the communication infrastructure available to the eduGAIN security team. In this first round the security contact addresses of Participants (see below) were tested. The security contacts email addresses were retrieved from the eduGAIN Database using the APIs published on the technical site. The procedure used to retrieve the email addresses is available on the GEANT gitlab:

https://gitlab.geant.org/edugain/edugain-contacts/-/blob/master/identity_federations_security_contacts.py

The security contacts stored in the eduGAIN Database can also be browsed on the Member Federations page:

https://technical.edugain.org/status

Participants

In the eduGAIN CommsChallenge2020-12 the following eduGAIN participants were challenged:

AAF, AAI-EDUHR, ACONET, AZSCINET, CAF, CYNET-IF, DFN-AAI, EDUID-CZ, FENIX, GRNET, HAKA, IDEM, INCOMMON, LEAF, LITNET-FEDI, LK-LIAF, PIONIER-ID, RIF, ROEDUNETID, SAFIRE, SIR, SURFCONEXT, SWAMID, SWITCHAAI, TAAT, TUAKIRI, UK-FEDERATION, WAYF

eduGAIN participants that didn't communicate their security contacts were excluded from the challenge.

Challenge announcement and start

The challenge has been officially announced to the eduGAIN Steering Group on the 4th of December via the eSG mailing list. In the announcement it was not specified the exact date of the challenge, but only a three days interval, from the 15th to the 17th of December.

The challenge started the 16th of December around 13:11pm UTC, with all communication challenge messages sent between 13:11:06 and 13:12:54.

What was assessed

Besides the validity of the available contact addresses also the reaction time was measured. This information was collected to be used as input for a later discussion on response times. The community would need to define target reaction times, which are regarded to be useful to be used in security incident coordination situations.

Validity of the contact addresses

Assuming that all contacted participants received the challenge mail and understood what action was expected from them we have a 86% success rate, in absolute numbers, 24 participants out of 28 have reacted.

Reaction times

The graph above shows that the all reactions were recorded within 10h the majority within approx 2h. Given that almost all time zones were covered in this global exercise the reaction times are very good and indicate that the security contact addresses of the participants are also monitored during out-of-office hours.

Follow Up

The participants that have not reacted to the challenge mail will be contacted via alternative channels and a solution for the communication issues will be implemented and tested.

  • No labels