Alert.png The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.

Difference between revisions of "SEC03 EGI-CSIRT Critical Vulnerability Handling"

From EGIWiki
Jump to navigation Jump to search
(Deprecate page, content moved to CSIRT space in confluence)
Tag: Replaced
 
(26 intermediate revisions by 5 users not shown)
Line 4: Line 4:
[[Category:Operations Procedures]]
[[Category:Operations Procedures]]


{{Ops_procedures
{{DeprecatedAndMovedTo|new_location=https://confluence.egi.eu/display/EGIPP/SEC03+EGI-CSIRT+Critical+Vulnerability+Handling}}
|Doc_title =  EGI-CSIRT Critical Vulnerability Handling
|Doc_link = https://documents.egi.eu/document/283
|Version = 8
|Policy_acronym = EGI-CSIRT
|Policy_name = EGI-CSIRT
|Contact_group =  csirt@mailman.egi.eu
|Doc_status = <span style="color:#FF0000"> '''DRAFT''' </span>
|Approval_date =
|Procedure_statement = The scope of this procedure is to maintain a properly patched infrastructure and make sure that CRITICAL Vulnerabilities are handled adequately by all involved entities.
}}
 
= Overview  =
 
After a problem has been assessed as critical, and a solution or a mitigation is available then sites are required to take action. This document primarily defines the procedure from this time, when sites are asked to take action, and what steps are taken if they do not respond or do not take action.
If a site fails to take action, this may lead to site suspension.
 
= Definitions  =
 
Please refer to the [[Glossary|EGI Glossary]] for the definitions of the terms used in this procedure.
 
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", “MAY", and "OPTIONAL" in this document are to be interpreted as described in RFC 2119.
 
= Entities involved in the procedure  =
 
*'''SVG''': svg-rat at mailman.egi.eu
*'''EGI-CSIRT/Security Officer''':  irtf at mailman.egi.eu
*'''NGI-Security-Officer''':  ngi-security-contacts at mailman.egi.eu
*'''Resource Center Security Contact''': as defined in goc-db
 
= Requirements  =
 
This procedure applies to Vulnerabilities assessed as CRITICAL by EGI-CSIRT/SVG.  The assessment process and the resulting required steps to handle vulnerablities is described in: described in the [[SEC02|Vulnerability issue handling process]].
 
= Steps  =
 
== Vulnerability affecting Resource Center services or resources ==
 
{| class="wikitable"
!Step#
!Responsible
!Action
!Prerequisites, if any
!Time to comply
|- style="background:LightCyan"
|1
|EGI-CSIRT / SVG
|Send advisory as per [[SEC02|Vulnerability issue handling process]]
|SVG and/or EGI-CSIRT assessed the vulnerability as CRITICAL.
|*
|- style="background:Ivory"
|2
|Resource Center
|Upgrade the affected software to a non vulnerable version or apply mitigations
|Non-vulnerable version available or mitigation described in the advisory
|7 Calendar days after Step 1
|- style="background:LightCyan"
|3
|EGI-CSIRT / Security Monitoring
|Update Security Monitoring to check for vulnerable software versions/configurations
|Vulnerability detectable via Pakiti or other external probles
|7 Calendar days after Step 1
|- style="background:LightCyan"
|4
|EGI-CSIRT/Security Officer on Duty
|For each RC who failed to comply to step 2 within 7 calendar days, the Security Officer on Duty opens an RT-IR ticket against the RC and adds the NGI Security Officer in Cc
|Failure to comply to step 2
|*
|- style="background:Ivory"
|5
|Resource Center
|Any notified RC has to comply to the actions required by the Security Officer on Duty to resolve the vulnerability, in particular, when applicable, manually running the Pakiti client on the vulnerable system after fixing it and respond to the ticket.
|Vulnerable site notified during step 4
|3 working days after step 4
|- style="background:Ivory"
|5 a
| NGI-Security-Officer
| NGI Security Officer/Management should coordinate the activities in their NGI, in particular follow up with unresponsive sites within the given target times.
|
|*
|- style="background:LightCyan"
|6
|EGI-CSIRT Security Officer
|For each RC who failed to comply to step 5, the EGI-CSIRT Security Officer temporarily suspends it from the infrastructure by setting the ''Certification Status'' of this RC to ''Suspended'' in GOC-DB. The EGI-CSIRT Security Officer will inform the NGI and EGI Operations of this action
|RC failing to comply to step 5
|*
|- style="background:Ivory"
|7
|Resource Center
|Suspended RCs might request recertification as per [[PROC09]]
|RC suspended in step 6
|*
|}
 
A diagram representing this procedure is available [https://wiki.egi.eu/w/images/e/e5/SEC03-RC.pdf as an pdf].
 
= Revision History  =
{| class="wikitable"
|-
! Version !! Authors !! Date !! Comments
|-
| 8
| Sveng
| 16. Jul. 2015
|
|-
| 8
| Vincent Brillault
| 27. Jul. 2015
| Split in two
|}

Latest revision as of 10:41, 10 December 2021