SecurityIncidentResponse

From Kiwiarena

Contents 1 Overview 2 In event of a security incident 3 Minor Incidents 4 Major Incidents

Overview

This is a quick fire drill type procedure for anyone who has some form of Administrative rights.

A security breach can range from being very minor and innocent to being very serious and poses a current real threat.

Minor incidences can be dealt with very simply and effectively, whereas serious incidences may need NZ Police and the NZ Police assistance may have already been instigated by the victim or a third party (ie. victims parents).

In event of a security incident

It is very important that Kiwiarena's Security Point of Contact is contacted in event of a security incident.

It would be extremely helpful to obtain the following information...

1. Find out the player name and, if possible, the real name.
2. Find out the source IP Address.
3. Gather as much information as you can (dialogues, actions, etc).

Minor Incidents

Minor incidents are incidents that are resolved internally without any further implications.

These incidents include...

• Spamming Forums and/or wiki pages.
• People from outside New Zealand and Australia becoming a nuisence on Mumble.
• People violating the AUP with no malicious intentions.
• People violating the AUP but genuinely believe that they weren't.
• Other infringements that we believe at the time are minor.

In event of the incident, if you're an administrator, you can do the following...

• You can warn the player/user of their actions.
• You can kick or ban the player/user.
• You can remove the offending content on the forums/wiki if you have sufficient access.
• You can, by doing a whois lookup, find out which country the offender resides in.

If the offender is outside New Zealand and Australia, our actions are limited to blocking the entire allocated subnet block belonging to the offenders ISP, which is sufficient action as the Kiwiarena service is aimed at New Zealanders and Australians.

However, if the offender resides within New Zealand or Australia, blocking the entire allocated subnet block belonging to the offenders ISP is not effective as we will risk blocking off other players. The action here is to find out who the ISP is and send an email to their Security POC explaining their actions.

After that the Kiwiarena Security PoC will...

• update the firewall access control lists and/or contact the offenders ISP security PoC.
• verify that the offending content is removed on the wiki/forums.
• follow up on the incident.

Major Incidents

A Major incident, is one that we don't want to happen on Kiwiarena. It is one that is currently under a serious threat. If you have fallen victim to this and feel under serious threat (eg. someone just told you that they know where you live and the outcast gang are on their way), contact the Police and don't touch your computer.

The best thing to do is the following...

• contact Kiwiarena's Security Point of Contact.
• do nothing on the server - don't touch it or go any further.
• follow any instructions from Kiwiarena's Security Point of Contact.