This is version 0.1, draft 2021/07/14
Notifications of updates are submitted to the eduGAIN Steering Group mailing list edugain-sg@lists.geant.org. The eduGAIN Steering Group mailing list is composed by all the delegates and deputies of the eduGAIN participants, the subscription is managed by the eduGAIN Service. The mailing list is not moderated.
The current version of this CSIRT description document is available from the eduGAIN-CSIRT WWW site; its URL is https://edugain.org/edugain-security/
Please make sure you are using the latest version.
This document has been signed with the eduGAIN-CSIRTs PGP key. The signatures are also on our Web site, under: https://edugain.org/edugain-security/
eduGAIN-CSIRT: The eduGAIN Computer Security Incident Response Team.
eduGAIN-CSIRT
PROBABLY THE GEANT
POSTAL ADDRESS
Europe/Amsterdam (GMT+0100, and GMT+0200 from April to October
+31 12345679 (SOME GEAN OFFICE NUMBER, where the Opertor at least knows what to do when contacted on security issues related to eduGAIN)
+31 12345679 (SOME GEANT OFFICE FAX NUMBER, where the Opertor at least knows what to do when contacted on security issues related to eduGAIN)
OTHER METHODS MONITORED BY THE eduGAIN CSIRT (keybase? slackchannel?)
abuse@edugain.org This address can be used to report all security incidents which relate to the eduGAIN participants. This is a mail alias that relays mail to the human(s) on duty for the eduGAIN-CSIRT.
The eduGAIN-CSIRT has a PGP key, whose KeyID is CE43BCB8 and whose fingerprint is
F9FF B82B 9700 72D1 F753 25CF 5E3C 31D7 CE43 BCB8.
The key and its signatures can be found at the usual large public keyservers.
eduGAIN-CSIRT is coordinated by the eduGAIN-CSIRT security officer. Other team members along with their contact information are listed at the eduGAIN-CSIRT web page: <eduGAIN-CSIRT.WEBPAGE.ORG>
eduGAIN security is in https://edugain.org/edugain-security/
General information about the XYZ-CERT, as well as links to various recommended security resources, can be found at
<eduGAIN-CSIRT.WEBPAGE.ORG>
NOTE: WE NEED TO DISCUS IF WE WANT OT RUN SUCH A PAGE
The eduGAIN-CSIRTs hours of operation are generally restricted to regular business hours (09:00-17:00 (CET/CEST) Monday to Friday except holidays).
The eduGAIN-CSIRT provides security incident coordination for eduGAIN and is the primary contact point for questions related to security issues affecting eduGAIN participants. Therefore eduGAIN-CSIRT operates and maintains a communications infrastructure and provides forensics support on request to end entities in coordination with the respective federations.
The eduGAIN constituency is the eduGAIN participants.
eduGAIN-CSIRT is part of eduGAIN.org.
eduGAIN-CSIRT is authorized by the eduGAIN Steering Group to coordinate incident response at the inter-federation level.
we do not really have an extended set of policies
The eduGAIN Security Team closely collaborates with the Identity Federations’ security operators and the National Research and Education Network CSIRTs and CERTs in eduGAIN to ensures that all security incidents are investigated as fully as possible.
The roles and interactions of the different entities relevant to incident response within eduGAIN are described in the
Security Incident Response Handbook Feedback
eduGAIN-CSIRT reports to the eduGAIN Steering Group (eSG)
ALL incoming information is handled confidentially by eduGAIN-CSIRT, regardless of its priority.
eduGAIN-CSIRT supports the Information Sharing Traffic Light Protocol (ISTLP – see https://www.trusted-introducer.org/ISTLPv11.pdf) - information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
eduGAIN-CSIRT will use the information you provide to help solve security incidents affecting eduGAIN. This means that by default the information will be distributed further to the appropriate parties – but only on a need-to-know base, and preferably anonymized.
eduGAIN-CSIRTs major incident management function is incident coordination across eduGAIN federations.
Support of the eduGAIN participants investigating whether indeed an incident occurred. Determining the extent of the incident. This ranges from a single entity, to multiple federations affected.
The incident resolution is ultimately the task of the organizations responsible for the end entities in eduGAIN (Service providers (SP), Identity Providers (IdP). If possible, edugain-CSIRT will support the end entities in coordination with the Federations on request.
We can't do much here I'm afraid
Incident Report temlates can be found in: https://aarc-project.eu/wp-content/uploads/2017/02/DNA3.2-Security-Incident-Response-Procedure-v1.0.pdf
{ THE TEMPLATES SHOULD BE EXTRACTED FROM THE PDF AND PUT ON THE WEBSITE (WITH A REFERENCE TO THE ORIGINAL DOC) }
While every precaution will be taken in the preparation of information, notifications and alerts, XYZ-CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.