Presentation is loading. Please wait.

Presentation is loading. Please wait.

Are you ready for a federated security incident?

Published byJason Dickerson Modified over 6 years ago

Similar presentations

Presentation on theme: "Are you ready for a federated security incident?"— Presentation transcript:

1 Are you ready for a federated security incident?
Hannah Short (CERN) on behalf of the REFEDS Sirtfi WG

2 Last year… We brought you Sirtfi
The Security Incident Response Trust Framework for Federated Identity

3 What does Sirtfi do? Provides security contact information for each participant Guarantees a baseline of operational security Guarantees confidential, reciprocal collaboration during a security incident So that an incident involving federated identities can be effectively and efficiently resolved

4 2016 Some federations in Europe were considering helping their members to adopt the framework

5 2017 15 national federations are supporting Sirtfi metadata extensions

6 2018 World domination? Shout out “World Domination?”

7 Is sirtfi enough?

8 Security Incidents will happen We must prepare for them!
Imagine the scenario…

9 CERN’s login page was hacked
Several weeks ago… CERN’s login page was hacked

10 Instead of users being directed to their IdPs

11 They were redirected to a crafty phishing site!

12 But it’s all fixed now! No worries! …

13 Last night Users visiting LIGO’s Wiki were redirected to a nasty gambling website

14 Last night After looking in the logs, they saw that the wiki had been altered by a federated user from the University of Chicago Talk ensued between LIGO and Chicago Seems like a simple compromised identity Following up with the user and password changed

15 This morning Nikhef’s Wiki directed people to the same nasty website!

16 This morning Logs revealed that the page was edited by a federated user from University of Glasgow Talk ensued between Nikhef and University of Glasgow Seems like a simple compromised identity Following up with the user and password changed

17 So far, the incidents are not linked

18 Parties involved Identity Providers Service Providers Federations
University of Chicago Glasgow University Identity Providers LIGO Wiki Nikhef Wiki Service Providers Incommon UK SurfConext Federations

19 Just now Again(!), users on the LIGO Wiki are being redirected to the same site! This time the user is from Lund University

20 This is worth escalating, there seems to be a wider impact

21 Hi Lund University, your user seems to be compromised
Hi Lund University, your user seems to be compromised. How were their credentials stolen? Could be spoken, or sent and put in bin?

22 Who is this? I don’t know you… probably spam. Delete.

23 Direct Relationships Needed
Communication might not be answered (or even understood!) Can leverage existing Federation trust model Federations and interfederation can provide the missing links, context and introductions

24 How can I let others know
How can I let others know? I guess I’ll have to use the community mailing list…

25 Dear all, We have seen suspicious activity related to nasty-gambling
Dear all, We have seen suspicious activity related to nasty-gambling.top… Stand in middle of stage and shout into microphone. “We are under attack!” Audience responds with panic

26 Panic! Panic! Dear all, We have seen suspicious activity related to nasty-gambling.top… Panic! Panic! Panic! Stand in middle of stage and shout into microphone. “We are under attack!” Audience responds with panic

27 Channels of Communication
We need these channels set up ahead of time Channels should be populated by security representatives, compliant with Sirtfi

28 Responsibility Whose responsibility is it?
Should LIGO have to limit damage, resolve the incident and find the cause?

29 After some time… IdPs and SPs have managed to share enough relevant information to discover that the cause of the compromises was CERN!

30 Well? What happened? I saw an issue on a REFEDS thread! Are we safe now?
Reporting – who is it shared with?

31 Reporting Learning from incidents is essential
Adjust technical decisions Alter policies and procedures to stop events from reoccurring

32 Are we ready? Direct Relationships Communication Channels
Responsibility Reporting

33 Ann Harding (SWITCH & GEANT) The army of volunteers!
Thank you Ann Harding (SWITCH & GEANT) The army of volunteers!

Download ppt "Are you ready for a federated security incident?"

Similar presentations

Online Access to Grades at Serra High School

Online Access to Grades at Serra High School
ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.

ICT & Crime Data theft, phishing & pharming. Data loss/theft Data is often the most valuable commodity any business has. The cost of creating data again.
Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.

Interfederation subgroup of InCommon Technical Advisory Committee (TAC) spaces.internet2.edu/display/incinterfed.
Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.

Title: The Internet LO: Security risks. Security risks Types of risks: 1.Phishing 2.Pharming 3.Spamming 4.Spyware 5.Cookies 6.Virus.
National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney

National Center for Supercomputing Applications University of Illinois at Urbana-Champaign Federated Incident Response Jim Basney
Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.

Information Security 2013 Roadshow. Roadshow Outline  Why We Care About Information Security  Safe Computing Recognize a Secure Web Site (HTTPS) How.
NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.

NASA NEX & OpenID -- Observations -- Andreas Matheus Secure Dimensions.
Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.

Trust and Security for FIM (Sirtfi/SCI) David Kelsey (STFC-RAL) FIM4R at CERN 4 Feb 2015.
IT Security for Users By Matthew Moody.

IT Security for Users By Matthew Moody.
Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.

Sirtfi David Kelsey (STFC-RAL) REFEDS at TNC15 14 June 2015.
Integrating with UCSF’s Shibboleth system

Integrating with UCSF’s Shibboleth system
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Rebecca Pritchard.
Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,

Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,
Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.

Information Systems Security New Faculty Orientation Day Queen’s University August 2011 George Farah, GIAC/GSEC Gold, CRISC, CISA University Information.
Security Vulnerabilities Linda Cornwall, GridPP15, RAL, 11 th January 2006

Security Vulnerabilities Linda Cornwall, GridPP15, RAL, 11 th January 2006
GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.

GOLD UNIT 4 - IT SECURITY FOR USERS (2 CREDITS) Kamran Didcote.
Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.

Mtivity Client Support System Quick start guide. Mtivity Client Support System We are very pleased to announce the launch of a new Client Support System.
Next Steps: becoming users of the NGS Mike Mineter

Next Steps: becoming users of the NGS Mike Mineter
Test your IdP

Test your IdP
Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,

Safe Computing Practices. Why would anyone want to hack me? 1 Krebs, Brian - “The Scrap Value of a Hacked PC, Revisited”, 12 Oct 2012,

Similar presentations

Ads by Google