DANCERT RFC2350 Description Date: 10-10-2014 Dissemination Level:



Similar documents
CSIRT Description for CERT OPL

CERT.AZ description as per RfC 2350

RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]

Version: 1.2 Date: March, HAN-CERT - RFC 2350 Hogeschool van Arnhem en Nijmegen (HAN University of Applied Sciences)

The current version of this document can always be found at

A BRAINSTORMING ON SECURITY FIRE DRILLS

Security Officer: An NREN Secondee Perspective

Network & Information Security Policy

Data Management & Protection: Common Definitions

ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT

UBC Incident Response Plan

Emerging Network Security Threats and what they mean for internal auditors. December 11, 2013 John Gagne, CISSP, CISA

Monitoring and Logging Policy. Document Status. Security Classification. Level 1 - PUBLIC. Version 1.0. Approval. Review By June 2012

Network Service, Systems and Data Communications Monitoring Policy

How To Protect A Network From Attack From A Hacker (Hbss)

OSU INSTITUTE OF TECHNOLOGY POLICY & PROCEDURES

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

INFORMATION GOVERNANCE POLICY: NETWORK SECURITY

The detailed process of becoming a FIRST member is described at

INFORMATION SECURITY INCIDENT MANAGEMENT PROCESS

How To Protect Gante From Attack On A Network With A Network Security System

Information Security Incident Management Guidelines

Powerful, customizable protection for web applications and websites running ModSecurity on Apache/Linux based web-servers

INSTANT MESSAGING SECURITY

CALNET 3 Category 7 Network Based Management Security. Table of Contents

Business & Finance Information Security Incident Response Policy

Security Management. Keeping the IT Security Administrator Busy

Exam 1 - CSIS 3755 Information Assurance

Incident Reporting Guidelines for Constituents (Public)

TASK TDSP Web Portal Project Cyber Security Standards Best Practices

O N L I N E I N C I D E N T R E S P O N S E C O M M U N I T Y

Incident Response Plan for PCI-DSS Compliance

CSIRT Introduction to Security Incident Handling

IBX Business Network Platform Information Security Controls Document Classification [Public]

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

Computer Security Incident Reporting and Response Policy

DNS Security Survey for National Computer Security Incident Response Teams December 2010

Incident categories. Version (final version) Procedure (PRO 303)

Bendigo and Adelaide Bank Ltd Security Incident Response Procedure

Information Security Plan May 24, 2011

CentralNic Privacy Policy Last Updated: July 31, 2012 Page 1 of 12. CentralNic. Version 1.0. July 31,

UMHLABUYALINGANA MUNICIPALITY FIREWALL MANAGEMENT POLICY

LAMAR STATE COLLEGE - ORANGE INFORMATION RESOURCES SECURITY MANUAL. for INFORMATION RESOURCES

PCI DSS Policies Outline. PCI DSS Policies. All Rights Reserved. ecfirst Page 1 of 7

United Tribes Technical College Acceptable Use Policies for United Tribes Computer System

Infor CloudSuite. Defense-in-depth. Table of Contents. Technical Paper Plain talk about Infor CloudSuite security

FORT HAYS STATE UNIVERSITY CREDIT CARD SECURITY POLICY

Network Security Policy

Building a Cyber Security Emergency Response Team (CERT) for the NREN Community The case of KENET CERT

Security Incident Management Essentials Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC

Payment Card Industry Data Security Standard (PCI DSS) Q & A November 6, 2008

COMPUTER SECURITY INCIDENT MANAGEMENT MANUAL

PART D NETWORK SERVICES

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

ensure prompt restart of critical applications and business activities in a timely manner following an emergency or disaster

Attachment A. Identification of Risks/Cybersecurity Governance

Tunisia s experience in building an ISAC. Haythem EL MIR Technical Manager NACS Head of the Incident Response Team cert-tcc

Retention & Destruction

How To Use A College Computer System Safely

Trends in Security Incidents and Hitachi s Activities

Protect your network: planning for (DDoS), Distributed Denial of Service attacks

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

UMHLABUYALINGANA MUNICIPALITY PATCH MANAGEMENT POLICY/PROCEDURE

Enrollment for Education Solutions Addendum Microsoft Online Services Agreement Amendment 10 EES

American International Group, Inc. DNS Practice Statement for the AIG Zone. Version 0.2

Microsoft Online Subscription Agreement/Open Program License Amendment Microsoft Online Services Security Amendment Amendment ID MOS10

8070.S000 Application Security

How To Protect Decd Information From Harm

Open Source Incident Management Tool for CSIRTs

Guidelines for Website Security and Security Counter Measures for e-e Governance Project

CYBER SECURITY INFORMATION SHARING & COLLABORATION

SB 1386 / AB 1298 California State Senate Bill 1386 / Assembly Bill 1298

Achieving PCI-Compliance through Cyberoam

Research and Educational Networking Information Analysis and Sharing Center (REN-ISAC)

New River Community College. Information Technology Policy and Procedure Manual

Report of Independent Auditors

PCI DSS Requirements - Security Controls and Processes

HIPAA Compliance Evaluation Report

Incident Categories (Public) Version (Final)

1B1 SECURITY RESPONSIBILITY

Creating and Managing Computer Security Incident Response Teams (CSIRTs)

WORKING WITH WINDOWS FIREWALL IN WINDOWS 7

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

OCIE CYBERSECURITY INITIATIVE

Information Technology Cyber Security Policy

Organizational Issues of Implementing Intrusion Detection Systems (IDS) Shayne Pitcock, CISSP First Data Corporation

Data Management Policies. Sage ERP Online

The Evolution of Information Security at Wayne State University

Electronic Messaging Policy. 1. Document Status. Security Classification. Level 4 - PUBLIC. Version 1.0. Approval. Review By June 2012

ORDER OF THE DIRECTOR OF THE COMMUNICATIONS REGULATORY AUTHORITY OF THE REPUBLIC OF LITHUANIA

Transcription:

10-10-2014 Date: 10-10-2014 Dissemination Level: Owner: Authors: Public DANCERT DANTE

Document Revision History Version Date Description of change Person 1.0 10-10-14 First version issued Jan Kohlrausch Dissemination Level: Public

Table of Contents 1 Document Information 5 1.1 Date of Last Update 5 1.2 Distribution List for Notifications 5 1.3 Locations where this Document May Be Found 5 2 Contact Information 5 2.1 Name of the Team 5 2.2 Address 5 2.3 Time Zone 5 2.4 Telephone Number 5 2.5 Facsimile Number 6 2.6 Other Telecommunication 6 2.7 Electronic Mail Address 6 2.8 Public Keys and Encryption Information 6 2.9 Team Members 6 2.10 Other Information 6 2.11 Points of Customer Contact 6 3 Charter 7 3.1 Mission Statement 7 3.2 Constituency 7 3.3 Sponsorship and/or Affiliation 7 3.4 Authority 7 4 Policies 8 4.1 Types of Incidents and Level of Support 8 4.2 Co-operation, Interaction and Disclosure of Information 8 4.3 Communication and Authentication 9 5 Services 9 5.1 Incident Response 9 5.2 Incident Triage 9 5.3 Incident Coordination 9 5.4 Incident Resolution 9 5.5 Proactive Activities 9 Dissemination Level: Public iii

6 Incident Reporting Forms 10 7 Disclaimers 10 Dissemination Level: Public iv

1 DOCUMENT INFORMATION 1.1 DATE OF LAST UPDATE 2014-11-06 1.2 DISTRIBUTION LIST FOR NOTIFICATIONS Not Applicable 1.3 LOCATIONS WHERE THIS DOCUMENT MAY BE FOUND http://www.dante.net/dancert/dante_rfc2350.pdf 2 CONTACT INFORMATION 2.1 NAME OF THE TEAM Official name: DANCERT Short name: DANCERT 2.2 ADDRESS DANCERT City House 126-130 Hills Road Cambridge CB2 1PQ, UK 2.3 TIME ZONE Time zone is UTC 2.4 TELEPHONE NUMBER Main number: +44 1223 866 140 Dissemination Level: Public 5

Emergency number: +44 1480 484694 2.5 FACSIMILE NUMBER Fax number: +44 1480 484680 2.6 OTHER TELECOMMUNICATION Not applicable 2.7 ELECTRONIC MAIL ADDRESS Please send incident reports which relate to the GÉANT or DANTE network to cert@oc.geant.net. Alternative address: dancert@dante.net 2.8 PUBLIC KEYS AND ENCRYPTION INFORMATION User ID: DANCERT SECURITY TEAM <cert@oc.geant.net> Key ID: 0x2636B332 Key type: RSA Key size: 2048 Expires: never Fingerprint: 19C1 7A82 AEB3 11FE 6960 8559 3963 F3EB 2636 B332 2.9 TEAM MEMBERS 2.10 OTHER INFORMATION Other information is available at the Trusted Introducer directory at http://trusted-introducer.org/directory/teams/dancert.html 2.11 POINTS OF CUSTOMER CONTACT The preferred method for contacting is via e-mail: Dissemination Level: Public 6

For security incidents to cert@oc.geant.net For Network, server, service issues dnoc@dante.net For application related issues to systems@dante.net 3 CHARTER 3.1 MISSION STATEMENT DANCERT is the Computer Emergency Response Team (CERT) of DANTE serving users of services delivered by DANTE. The main constituents are National Research and Education Networks (NRENs) in the GEANT project. It deals with computer and network security incidents related to DDOS, Bots, Spamming and infrastructure vulnerabilities that involve services operated by DANTE - for example the GEANT network. 3.2 CONSTITUENCY The primary constituency are NRENs and associated CERTs participating in the GÈANT project and/or connected to the GÉANT network. 3.3 SPONSORSHIP AND/OR AFFILIATION DANTE (Delivery of Advanced Network Technology to Europe) was established in 1993 to coordinate pan- European research and education (R&E) networking on behalf of Europe s National Research and Education Networks (NRENs). GÉANT, the flagship project, serves some 50 million users across Europe, reaches over 100 countries worldwide and is the most advanced international network of its type. Like many of our projects it is cofunded by the European Commission along with European NRENs. 3.4 AUTHORITY The DANCERT operates under the auspices of, and with authority delegated by, the Delivery of Advanced Network Technology to Europe (DANTE). DANCERTs assists NRENs and associated CSIRTs to analyse, resolve, and to mitigate network based attacks. As such, it provides services to detect anomalies and attacks on the backbone and to apply network filter to mitigate distributed denial of service attacks. Dissemination Level: Public 7

4 POLICIES 4.1 TYPES OF INCIDENTS AND LEVEL OF SUPPORT DANCERT is authorized to address all types of computer security incidents which occur, or threaten to occur, on the DANTE or GÉANT network. These include, for example, distributed denial of service attacks, network scans, and compromised machines. The level of support given by DANCERT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the DANCERT's resources at the time. Resources will be assigned according to the following priorities, listed in decreasing order: Incident affecting the confidentiality and integrity of data or systems in the DANTE or GÉANT network. Incidents that seriously affect the operation and availability of the GÈANT network Incidents that affect the NREN networks (e.g. distributed denial of service attacks) All other attacks that affect the NREN networks DANCERT assists the NRENs to mitigate or to resolve from these incidents which includes, for example, to block malicious traffic. Furthermore, the NRENs are informed about security incident that have been detected on the GÈANT network and are related to their network. Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or department head for assistance. The DANCERT will support the latter people. 4.2 CO-OPERATION, INTERACTION AND DISCLOSURE OF INFORMATION DANCERT strives to closely collaborate with the NREN and CSIRT community to protect the infrastructure and data of the GÉANT project. If not agreed otherwise, supplied information are kept confidential. Only data that is required to resolve from the specific incident are disclosed to concerned parties (need to know). DANCERT provide means to support encryption and integrity of data that is submitted to or disclosed by DANCERT. For data classification, DANCERT supports the Information Sharing Traffic Light Protocol that comes in with the tags WHITE, GREEN, AMBER or RED. The data will be handled appropriately. A description can be found at http://www.terena.org/activities/tf-csirt/publications/istlp-v1.1.pdf Dissemination Level: Public 8

4.3 COMMUNICATION AND AUTHENTICATION DANCERT supports PGP for encrypted mails whereas the usage of PGP in all cases where sensitive information is involved is highly recommended. The details of the current PGP key can be found in Sec. 2.8. Requests for information or security controls such as firewall filters are restricted to authorised NREN or associated CSIRT members. For authentication issues, DANTE maintains information about authorised representatives or use other means (e.g. telephone call back) to authenticate a person. 5 SERVICES 5.1 INCIDENT RESPONSE DANCERT will assist system administrators and NREN CSIRTs in handling the technical and organizational aspects of security incidents on the GÈANT and DANTE network. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.2 INCIDENT TRIAGE Assessment of the severity of the incident. If required the incident will be escalated to the General Management. Hand off to the appropriate team (e.g. GÉANT NOC) 5.3 INCIDENT COORDINATION Determining the cause and extend of the incident and involved sites (e.g. DDoS) Dissemination of incident reports to NRENs 5.4 INCIDENT RESOLUTION Providing advice to affected sites Removing the vulnerability Securing the system from the effects of the incident Application of network filters, if applicable 5.5 PROACTIVE ACTIVITIES Dissemination Level: Public 9

Network monitoring to detect attacks as early as possible Sharing information with the CSIRT community and constituency 6 INCIDENT REPORTING FORMS There are no reporting forms available. 7 DISCLAIMERS While every precaution will be taken in the preparation of information, notifications and alerts, DANTE Ltd assumes no responsibility for errors or omissions, or for damage resulting from the use of the information contained within. Dissemination Level: Public 10

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information