An introduc/on to Sir0i

Similar documents
AARC Assurance Profiles

Raising Security and Trust in our Inter-Federated World

WP3: Policy and Best Practice Harmonisation

User Community Driven Development in Trust and Identity Services

Security Incident Response Trust Framework for Federated Identity (Sir-T-Fi) David Kelsey (STFC-RAL) REFEDS, Indianapolis 26 Oct 2014

AARC Overview. Licia Florio, David Groep. 21 Jan presented by David Groep, Nikhef.

Can R&E federations trust Research Infrastructures? - The Snctfi Trust Framework

Scalable Negotiator for a Community Trust Framework in Federated Infrastructures (Snctfi)

Fundamentals of Federated Iden0ty Infrastructure

Identity Harmonisation. Nicole Harris REFEDS Coordinator GÉANT.

Grid Security Policy

Crea%ng a SARNET Alliance by applying the Service Provider Group Framework and by using the Ciena/GENI testbed

EGI Check-in service. Secure and user-friendly federated authentication and authorisation

Sirtfi for Security Incidents in a Federated Context. Tom Barton, UChicago & Internet2

Welcome to this Clean Sky Info Day on how to become a Partner in Clean Sky 2. This presenta=on will explain how to prepare a proposal and submit it

Composite Compliance: Demonstra1ng Suitability of Cloud Layering for Sensi1ve and Regulated Workloads

WP JRA1: Architectures for an integrated and interoperable AAI

Table of Contents. PCI Information Security Policy

Con$nuous Audi$ng and Risk Management in Cloud Compu$ng

AARC. Christos Kanellopoulos AARC Architecture WP Leader GRNET. Authentication and Authorisation for Research and Collaboration

The Common Controls Framework BY ADOBE

The challenges of (non-)openness:

Grids and Security. Ian Neilson Grid Deployment Group CERN. TF-CSIRT London 27 Jan

SECURITY & PRIVACY DOCUMENTATION

Google Cloud & the General Data Protection Regulation (GDPR)

Intro to Federated Iden2ty with eduroam and edugain

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

External Supplier Control Obligations. Cyber Security

2.4. Target Audience This document is intended to be read by technical staff involved in the procurement of externally hosted solutions for Diageo.

Cyber Security Program

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

GÉANT Community Programme

Vol. 1 Technical RFP No. QTA0015THA

The Fedlet: Real World Examples

UT HEALTH SAN ANTONIO HANDBOOK OF OPERATING PROCEDURES

Checklist: Credit Union Information Security and Privacy Policies

What It Takes to be a CISO in 2017

University of Pittsburgh Security Assessment Questionnaire (v1.7)

13967/16 MK/mj 1 DG D 2B

Policy and Best Practice Harmonisation ( NA3 ) from the present to the future

Data Protection and GDPR

INFORMATION ASSURANCE DIRECTORATE

STANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange

TURNING THE TABLE THROUGH FEDERATED INFORMATION SHARING

LBI Public Information. Please consider the impact to the environment before printing this.

Security

SAFECOM SECUREWEB - CUSTOM PRODUCT SPECIFICATION 1. INTRODUCTION 2. SERVICE DEFINITION. 2.1 Service Overview. 2.2 Standard Service Features APPENDIX 2

ENISA EU Threat Landscape

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

Cloud Security Standards

Information Security Management Systems Standards ISO/IEC Global Opportunity for the Business Community

AUTHORITY FOR ELECTRICITY REGULATION

Information Technology Branch Organization of Cyber Security Technical Standard

CYBER RESILIENCE & INCIDENT RESPONSE

SOC-2 Requirement Solution Brief. EventTracker 8815 Centre Park Drive, Columbia MD SOC-2

Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud

AAI in EGI Current status

The Meter-ON project. Marco Baron Enel Distribuzione. Steering the implementation of smart metering solutions throughout Europe

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

Secure Messaging Mobile App Privacy Policy. Privacy Policy Highlights

Crises Control Cloud Security Principles. Transputec provides ICT Services and Solutions to leading organisations around the globe.

Shepherd s Presentation Draft Policy Allocation of IPv4 and IPv6 Address Space to Out-of-region Requestors

Directive on security of network and information systems (NIS): State of Play

Federated Security Incident Response. Tom Barton, University of Chicago Jim Basney, NCSA Vincente Brillault, CERN Scott Koranda, LIGO

GDPR Update and ENISA guidelines

1.3 More information about eduroam is available at the relevant eduroam Service Provider (ESP) website detailed in Schedule 1 of this document.

WORKSHARE SECURITY OVERVIEW

IBM Managed Security Services - Vulnerability Scanning

Anonymity on the Internet. Cunsheng Ding HKUST Hong Kong

ISAO SO Product Outline

TRACKVIA SECURITY OVERVIEW

RFC 2350 YOROI-CSDC. Expectations for Computer Security Incident Response. Date 2018/03/26. Version 1.0

Cloud Security Standards and Guidelines

EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites

GENERAL DATA PROTECTION REGULATION (GDPR)

DROPBOX.COM - PRIVACY POLICY

ehealth Ontario Entitlement Management Procedures Manual Version: 1.1 Document Owner: Manager, Business Delivery

PERSONAL DATA PROTECTION ACT 2010 IMPLEMENTATION PHASE : WHAT NEXT FOR MALAYSIA BY

Federated Authentication for E-Infrastructures

Assessing Medical Device. Cyber Risks in a Healthcare. Environment

GDPR Compliance. Clauses

Schedule Identity Services

Trust Service Provider Technical Best Practices Considering the EU eidas Regulation (910/2014)

Putting the Pieces Together:

Nebraska CERT Conference

New PCI DSS Version 3.0: Can it Reduce Breaches? Dharshan Shanthamurthy, CEO, SISA Informa2on Security Inc. Core Competencies C11

PROCEDURE COMPREHENSIVE HEALTH SERVICES, INC

A company built on security

Business Case Components

The rise of major Adversaries is the most relevant trend in 2014, targeting Government and Critical Services

Network Security Policy

HPE DATA PRIVACY AND SECURITY

Oracle Cloud Forum. Ken Bond Vice President, Investor Rela?ons June 25, 2014

The new perfsonar: a global tool for global network monitoring

October 5 th 2010 NANOG 50 Jason Zurawski Internet2

Cloud Security Standards Supplier Survey. Version 1

Product Security Program

Recommendations on the grouping of entities and their deployment mechanisms in scalable policy negotiation

Information Security Controls Policy

Post-Secondary Institution Data-Security Overview and Requirements

Transcription:

Authen4ca4on and Authorisa4on for Research and Collabora4on An introduc/on to Sir0i Addressing Federated Security Incident Response Hannah Short CERN hannah.short@cern.ch TF-CSIRT May, 2016

Agenda Federated Security Incident Response The problem The solu4on Security Incident Response Trust Framework for Federa4on Iden4ty Management A history Trust Framework Requirements SirOi Metadata Find out more 2

What if? an incident spread throughout the federated R&E community via a single compromised iden4ty? h"ps://technical.edugain.org/ 3

Federated Security Incident Response What if? How could we determine the scale of the incident? Do useful logs exist? Could logs be shared? Who should take responsibility for resolving the incident? How could we alert the iden4ty providers and service providers involved? Could we ensure that informa4on is shared confiden4ally, and reputa4ons protected? edugain numbers Federa/ons: 38 All en//es: 3232 IdPs: 2037 s: 1197 Standalone AAs: 3 4

Federated Security Incident Response The problem Clearly an invi4ng vector of a"ack The lack of a centralised support system for security incident response is an iden4fied risk to the success of edugain We will need par4cipants to collaborate during incident response this may be outside their remit Federa4on 2 Federa4on 1 IdP IdP IdP IdP All I need is one iden4ty IdP Federa4on 3! 5

It all seems like common sense IdP no4ces suspicious jobs executed by a handful of users from an IdP No#fies IdP IdP iden4fies over 1000 compromised iden44es IdP iden4fies all s accessed No#fies s 12/05/16 6

but in reality no4ces suspicious jobs executed by a handful of users from an IdP No#fies IdP X IdP IdP iden4fies over 1000 compromised iden44es Small IdP may not have capability to block users, or trace their usage!!! Large does not share details of compromise, for fear of damage to reputa4on s are not bound to abide by confiden4ality protocol and disclose sensi4ve informa4on IdP iden4fies all s accessed X X X No#fies s No security contact details!! 12/05/16 7

Federated Security Incident Response The solu/on Inviting new vector of attack Uncertainty in security capability of participants Lack of trust A"acks inevitable L But we can make security capability transparent and build rela4onships between organisa4ons and people J We need a trust framework! 8

Security Incident Response Trust Framework for FIM A history and the future FIM4R Paper Security for Collabora4ng Infrastructures (SCI) REFEDS Working Group AARC SirOi v1.0 Published First Round Deployment RFC AARC2 Second Round Deployment 2012 2013 2014 2015 2016 2017 2018 2019 9

Security Incident Response Trust Framework for FIM Sir0i status The SCI document formed the basis for the Security Incident Response Trust Framework for Federated Iden4ty ü Ar4culate framework requirements ü Complete Community Consulta4on ü Publish SirOi framework ü Create Training material ü Confirm metadata extensions q Begin adop4on q Support filtering based on SirOi 10

Security Incident Response Trust Framework for FIM Sir0i summary Operational Security Require that a security incident response capability exists with sufficient authority to mitigate, contain the spread of, and remediate the effects of an incident. Incident Response Assure confidentiality of information exchanged Identify trusted contacts Guarantee a response during collaboration Traceability Improve the usefulness of logs Ensure logs are kept in accordance with policy Participant Responsibilities Confirm that end users are aware of an appropriate AUP 11

Sir0i Security contact details Who to choose? h"ps://wiki.refeds.org/display/sirtfi/choosing+a+siroi+contact Individual/group who will perform SirOi requirements on behalf of the en4ty (en4ty = federated iden4ty-provider/service-provider/ ) Can leverage CERTs and other exis4ng external teams What to include? Mandatory GivenName and EmailAddress Can add addi4onal telephone numbers and email addresses if desired <ContactPerson contacttype="other" xmlns:remd="http://refeds.org/metadata" remd:contacttype="http://refeds.org/metadata/contacttype/security"> <GivenName>Security Response Team</GivenName> <EmailAddress>security@institution.edu</EmailAddress> </ContactPerson> Credit to David Groep (Nikhef) for this slide 12

Sir0i Security contact choice Yes Is my organisa4on SirOi compliant? No Is my organisa4on covered by an external incident response team? Improve opera4onal security prac4ces Yes No Do they agree to support SirOi on behalf of my organisa4on? Does my organisa4on have a computer security (or equivalent) team? No No Yes No Yes Does this team have sufficient FIM knowledge to support SirOi? Yes No Do En4ty Operator representa4ves have security knowledge? Yes External Security Team Organisa4on s Security Team En4ty Operator Team or Individual 13

Sir0i Security contact expecta/ons Framework requirements Use and respect the Traffic Light Protocol (TLP) during all incident response correspondence Promptly acknowledge receipt of a security incident report As soon as circumstances allow, inves4gate incident reports regarding resources, services, or iden44es for which they are responsible The Sirtfi contact should be the primary point of contact during incident response and is expected to involve secondary contacts as necessary 14

Sir0i Expressing compliance Asser4ng compliance via standard OASIS assurance profile specifica4on Applied to register with IANA <attr:entityattributes> <saml:attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:uri" Name="urn:oasis:names:tc:SAML:attribute:assurance-certification > <saml:attributevalue>https://refeds.org/sirtfi</saml:attributevalue> </saml:attribute> </attr:entityattributes> 15

Sir0i The benefits IdPs Gain access to useful services that only allow authentication from Sirtfi compliant IdPs s Gain users whose home organisations only allow authentication at Sirtfi compliant s Guarantee an efficient and effective response from partner organisations during incident response Raise the bar in operational security across edugain 16

Sir0i Find out more Home Page h"ps://refeds.org/siroi 17

Sir0i Find out more Technical Wiki h"ps://wiki.refeds.org/display/sirtfi/sirtfi+home 18

Conclusions The Security Incident Response Trust Framework for Federated Iden4ty (SirOi) has been developed to address the gap in security response capability within federated compu4ng. By crea4ng a sub-network of security conscious en44es, and providing contact informa4on for each member, the group raises its mutual trust and is able to establish contact with each other should the need arise. 19

Thank you Any Ques4ons? hannah.short@cern.ch GÉANT on behalf of the AARC project. The work leading to these results has received funding from the European Union s Horizon 2020 research and innova4on programme under Grant Agreement No. 653965 (AARC).

Appendix, Sir0i Asser/ons 21

Opera/onal security [OS1] Security patches in opera4ng system and applica4on sotware are applied in a 4mely manner. [OS2] A process is used to manage vulnerabili4es in sotware operated by the organisa4on. [OS3] Mechanisms are deployed to detect possible intrusions and protect informa4on systems from significant and immediate threats [OS4] A user s access rights can be suspended, modified or terminated in a 4mely manner. [OS5] Users and Service Owners (as defined by ITIL [ITIL]) within the organisa4on can be contacted. [OS6] A security incident response capability exists within the organisa4on with sufficient authority to mi4gate, contain the spread of, and remediate the effects of a security incident. 12/05/16 22

Incident response [IR1] Provide security incident response contact informa4on as may be requested by an R&E federa4on to which your organiza4on belongs. [IR2] Respond to requests for assistance with a security incident from other organisa4ons par4cipa4ng in the SirOi trust framework in a 4mely manner. [IR3] Be able and willing to collaborate in the management of a security incident with affected organisa4ons that par4cipate in the SirOi trust framework. [IR4] Follow security incident response procedures established for the organisa4on. [IR5] Respect user privacy as determined by the organisa4ons policies or legal counsel. [IR6] Respect and use the Traffic Light Protocol [TLP] informa4on disclosure policy. 12/05/16 23

Traceability [TR1] Relevant system generated informa4on, including accurate 4mestamps and iden4fiers of system components and actors, are retained and available for use in security incident response procedures. [TR2] Informa4on a"ested to in [TR1] is retained in conformance with the organisa4on s security incident response policy or prac4ces. 12/05/16 24

Par/cipant responsibili/es [PR1] The par4cipant has an Acceptable Use Policy (AUP). [PR2] There is a process to ensure that all users are aware of and accept the requirement to abide by the AUP, for example during a registra4on or renewal process. 12/05/16 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback