1 / 9

Federated Incident Response

Federated Incident Response. Jim Basney jbasney@illinois.edu. Motivation. Federated identity used for activities of consequence Access to NSF cyberinfrastructure (TeraGrid, …) Access to wireless networks ( eduroam , …) Access to federal grant management (NSF, NIH, …)

abie
Download Presentation

Federated Incident Response

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Federated Incident Response Jim Basneyjbasney@illinois.edu

  2. Motivation • Federated identity used for activities of consequence • Access to NSF cyberinfrastructure (TeraGrid, …) • Access to wireless networks (eduroam, …) • Access to federal grant management (NSF, NIH, …) • Access to commercial services (Dreamspark, …) • … • Effective security incident response in federated identity environments requires cross-organizational cooperation • Prepare now – stay ahead of the curve Federated Incident Response

  3. CIC IDM WG TeraGrid Pilot • Committee on Institutional Cooperation (www.cic.net) • Consortium of Big Ten universities plus U Chicago • U Nebraska joining July 2011 • CIC Identity Management Working Group • http://www.cic.net/Home/Projects/Technology/IdMgmt/Introduction.aspx • TeraGrid Pilot sub-group • Co-chairs: Von Welch, Keith Wessel (Illinois) • Active participants: Jim Basney (Illinois), Michael Grady (Illinois), Matt Kolb (Michigan State), Rob Stanfield (Purdue) • Drafting a Federated IDM Security Incident Response Policy • cic-it-idmgmt-teragrid@cic.net Federated Incident Response

  4. Federated Incident Response Policy • Draft documents at http://www.cic.net/Home/Reports.aspx • Does not supplant existing local policies, but augments them • Defines responsibilities and roles of identity providers, service providers, federation operators, and users • Service providers have ultimate authority to protect and control access to their services Federated Incident Response

  5. Security Incident Defined • An act of violating an explicit or implied security policy • Examples • Password theft • Computer compromise • Data privacy breach • … Federated Incident Response

  6. Federated Incident Response Philosophy • “Do for others as you would do for yourself.” • Treat a federated security incident like you would treat an internal security incident • Promptly acknowledge incident reports • Investigate incidents • Notify affected parties when incidents are resolved • Notify affected parties and share relevant information • Service Providers • Identity Providers • Federation Operators • Maintain the confidentiality of incident information • Keep audit logs to facilitate incident investigation Federated Incident Response

  7. Federated Incident Response Example • University Identity Provider + TeraGrid Service Provider • TeraGrid discovers account misuse caused by compromise of federated identity • Response process • TeraGrid disables user accounts at TeraGrid sites • TeraGrid contacts University • University investigates, contacts user, resets user password, etc. • University notifies TeraGrid when incident is resolved • TeraGrid re-enables user accounts at TeraGrid sites • Federated identity introduces need for coordination with home organization, rather than (just) direct interaction between TeraGrid security and TeraGrid users Federated Incident Response

  8. Proposed InCommon Operational Changes • Add security incident response contact information to • Participant Operational Practices (POP) documents • InCommon metadata • Security contact information can include • URL for incident response practices/policies and public keys • Email address • Telephone number Federated Incident Response

  9. For more information cic-it-idmgmt-teragrid@cic.net http://www.cic.net/Home/Projects/Technology/IdMgmt/Introduction.aspx http://www.cic.net/Home/Reports.aspx Federated Incident Response

More Related