Difference between revisions of "WI07 Security Vulnerability handling"
Jump to navigation
Jump to search
(Fix title) |
(Update Security Dashboard URL) |
||
(8 intermediate revisions by 3 users not shown) | |||
Line 5: | Line 5: | ||
= Work instruction to follow Security Vulnerability handling RT tickets = | = Work instruction to follow Security Vulnerability handling RT tickets = | ||
The purpose of this page is to provide instructions to the EGI Operations team members on how to handle Security Vulnerability identified by [[IRTF]]. | The purpose of this page is to provide instructions to the EGI Operations team members part of the operations-vulnerability-handling SSO group on how to handle Security Vulnerability identified by [[IRTF]]. | ||
The main idea behind this handling is to make sure that sites are aware of the issue and working on it. | The main idea behind this handling is to make sure that sites are aware of the issue and working on it. | ||
Line 17: | Line 17: | ||
| 1 | | 1 | ||
| [[IRTF]] is responsible for: | | [[IRTF]] is responsible for: | ||
* looking at [https://pakiti.egi.eu/ Pakiti] and [https://operations-portal.egi.eu/ | * looking at [https://pakiti.egi.eu/ Pakiti] and [https://operations-portal.egi.eu/ROD#csi Security dashboard]. | ||
* looking for false positives | * looking for false positives | ||
* creating new [https://rt.egi.eu/ RT] tickets in the Vulnerability Handling queue with a due date of 3 days. | * creating new [https://rt.egi.eu/ RT] tickets in the Vulnerability Handling queue with a due date of 3 days. | ||
Line 23: | Line 23: | ||
| 2a | | 2a | ||
| If there is no acknowledgement or answer from the site: | | If there is no acknowledgement or answer from the site: | ||
* 1 working day before the due date, EGI Operations send another reminder via [ | * 1 working day before the due date, EGI Operations send another reminder via the [http://go.egi.eu/rt_vulnhand Vulnerability Handling Queue in RT] using the '''Reply''' action. | ||
<nowiki>Dear security contact for XX-XX-XXX, | |||
This is a friendly reminder that we didn't receive any update about this ticket! | |||
Thanks,</nowiki> | |||
* .5 working day before the due date, EGI Operations send a last reminder, potentially including operational contacts in addition to security contacts. In such case, in case of an answer, verify that the security contact is still valid | * .5 working day before the due date, EGI Operations send a last reminder, potentially including operational contacts in addition to security contacts. In such case, in case of an answer, verify that the security contact is still valid | ||
* After the due date, suspend the site | * After the due date, suspend the site |
Revision as of 15:19, 28 April 2021
Main | EGI.eu operations services | Support | Documentation | Tools | Activities | Performance | Technology | Catch-all Services | Resource Allocation | Security |
EGI Infrastructure Operations Oversight menu: | Home • | EGI.eu Operations Team • | Regional Operators (ROD) |
Work instruction to follow Security Vulnerability handling RT tickets
The purpose of this page is to provide instructions to the EGI Operations team members part of the operations-vulnerability-handling SSO group on how to handle Security Vulnerability identified by IRTF.
The main idea behind this handling is to make sure that sites are aware of the issue and working on it. Usually, sites that are showing good intention are not penalized even if the progress is not strictly within the procedure: SEC03.
Step | Action |
---|---|
1 | IRTF is responsible for:
|
2a | If there is no acknowledgement or answer from the site:
Dear security contact for XX-XX-XXX, This is a friendly reminder that we didn't receive any update about this ticket! Thanks,
|
2b | If there is an acknowledgement, but no solution announced:
|
3 | After the due date, if there is still no answer/solution announced, EGI Operations suspend the site |
4 | If a solution is said to be deployed:
|