MetaCentrum security policy

From MetaCentrum
Jump to navigation Jump to search

Metacentrum, its services and users are subject to the following security conditions:

  • Accurate contact information is provided for every Metacentrum service. The information should be maintained in the Metacentrum identity management system.
  • System maintainers are held responsible for the safe and secure operation of their services. The services shall not be detrimental to the Metacentrum nor to any of its users.
  • System maintainers follow IT security best practices including pro-actively applying updates or configuration changes related to security.
  • Metacentrum operators, system maintainers and users apply due diligence in maintaining the confidentiality of user credentials and of any data they hold where there is a reasonable expectation of privacy. Personal data processing conforms with the CESNET and e-Infra Personal Data Processing stipulations.
  • Services in Metacentrum collect and retain system logs to support detection of incidents and their resolution. Due diligence is applied in maintaining the confidentiality of logged information.
  • All Metacentrum users are subjected to an Acceptable Use Policy, which stipulates essential security conditions for the user, see the MetaCentrum Rules of Use
  • Metacentrum operators and individual service maintainers may limit access of users' to their services.
  • Information maintained to fulfill this policy shall be retained for six months upon retirement of a service.
  • System maintainers and users must report to the Metacentrum security team any identifed or suspected security incidents they identify. They shall follow the instructions of the Metacentrum security team aimed at resolution of the incident and provide any assistance needed.

This policy is loosely based on the AARC Service Operations Security Policy

Incident response

All incidents have to be reported to the Metacentrum security team (as per the conditions above).

The Metacentrum security team shall react to every incident report that is reported. The team coordinates the response with the affected parties in Metacentrum. When necessary it reports to the CESNET security (as per CESNET rules) and mediates contacts outside Metacentrum. The security team prepares a final report of the incident once its investigation has been closed.

The team can be reached via the security queue of the ticketing system or sending a mail to abuse@metacentrum.cz. All provided information is handled properly, honouring the specified TLP level. If sensitive data needs to be shared, the Metacentrum security team will provide alternatives for secure communication.

Procedure for incident response:

  1. Detecting and report via RT system
  2. Initial analysis of the incident
  3. Restriction of further incident spreading
  4. A detailed analysis of origin of the incident
  5. Recovery from the incident
  6. Lessons from the incident
  7. Final report


Obsolete policy:


This topic explains concepts and procedures for resolving a security incident in MetaCentrum.

Concepts

  • Security incident & ndash ; suspicious behaviour of a service or a machine offered by MetaCentrum, administrator or user account abusing
  • Security group & ndash ; a group of MetaCentrum administrators which supervises RT system and responds to all reports of a potential attack. Its main goal is coordination during an incident and preparing final report.

Duties

Administrator of a service or a machine offered by MetaCentrum has to report every incident which might potentially affect another server, machine or user identity in MetaCentrum.

Administrator of a service or a machine offered by MetaCentrum has to respond to every incident which contains his local resources, services or user identities in relation with MetaCentrum.

Security group has to react to every initiative of an incident which is reported to RT system.

Communication

All communication has to be done via email address meta@cesnet.cz. An email creates new ticket in MetaCentrum RT system. Copy of information sent to CSIRT teams has to be also sent to the email adress. It would be great if you could send compressed source code of malfunction software as well.

Responsibility

Responsible persons during an incident are: administrator of machine, which was attacked and security team of MetaCentrum. The administrator has to provide all necessary information to security team via email (see Communication above). The security team has to prepare final report of the incident.

Data protection

The email address mentioned in Communication above is read just by a few MetaCentrum administrators and delivered emails are not public. The RT system is authenticated. In the case of an exchange of very sensitive data (passwords, private user data) it is necessary to use a secure channel, which will be selected after consultation with the MetaCentrum security group (again through RT system).

Procedure at detecting an incident

  1. Detecting and report via RT system
  2. Initial analysis of the incident
  3. Restriction of further incident spreading
  4. A detailed analysis of origin of the incident
  5. Recovery from the incident
  6. Lessons from the incident
  7. Final report