The current version of this document can always be found at http://www.nic.cz/csirt.

Similar documents
RFC 2350 CSIRT-TEHTRIS [CERT-TEHTRIS]

CSIRT Description for CERT OPL

DANCERT RFC2350 Description Date: Dissemination Level:

CERT.AZ description as per RfC 2350

Version: 1.2 Date: March, HAN-CERT - RFC 2350 Hogeschool van Arnhem en Nijmegen (HAN University of Applied Sciences)

Rules of Domain Names Registration under cctld.cz

Visa Smart Debit/Credit Certificate Authority Public Keys

SERVER CERTIFICATES OF THE VETUMA SERVICE

SERVER CERTIFICATES OF THE VETUMA SERVICE

HSR TRAINING COURSE REQUIREMENTS HSR Training Course Guidance Booklet 2

ASIA/PAC AERONAUTICAL TELECOMMUNICATION NETWORK SECURITY GUIDANCE DOCUMENT

Organizational internal computer security incident responding structure : CSIRT

ACCEPTABLE USE AND TAKEDOWN POLICY

USB HID to PS/2 Scan Code Translation Table

Indian Computer Emergency Response Team (CERT-In) Annual Report (2010)

Information Security Incident Management Guidelines

Registration Agreement

Understanding changes to the Trust Services Principles for SOC 2 reporting

Executive Summary Program Highlights for FY2009/2010 Mission Statement Authority State Law: University Policy:

DNS Security Survey for National Computer Security Incident Response Teams December 2010

.trustwave.com Updated October 9, 2007 TECHNICAL ASSISTANCE CENTER (TAC) SUPPORT GUIDE

Public Key Infrastructure. Certificates Standard X509v3

Quick Reference. Administrator Guide

ASV Scan Report Vulnerability Details PRESTO BIZ

SL-8800 HDCP 2.2 and HDCP 1.x Protocol Analyzer for HDMI User Guide

Patch and Vulnerability Management Program

HTC Communications Acceptable Use Policy High Speed Internet Service Page 1 of 5. HTC Communications

DNSSec Operation Manual for the.cz and e164.arpa Registers

Encryption. Administrator Guide

Council of the European Union Brussels, 5 March 2015 (OR. en)

SAMPLE RETURN POLICY

Acceptable Use Policy

Open Source Incident Management Tool for CSIRTs

How To Use Adobe Software For A Business

The detailed process of becoming a FIRST member is described at

Acceptable Use Policy. This Acceptable Use Policy sets out the prohibited actions by a Registrant or User of every registered.bayern Domain Name.

3. April 2013 IT ZERTIFIKATE. Zertifizierungsstellen / Certification Center. IT Sicherheit UNTERNEHMENSBEREICH IT

Acceptance Page 2. Revision History 3. Introduction 14. Control Categories 15. Scope 15. General Requirements 15

Applaud Solutions Technical Support Policies

Dilley State Bank RETAIL (Personal) ONLINE BANKING AGREEMENT - GENERAL TERMS AND CONDITIONS

Cyber security Country Experience: Establishment of Information Security Projects.

EMV (Chip-and-PIN) Protocol

TERMS OF SERVICE. This Agreement shall be construed in all respects in accordance with the laws of the province of Ontario and Canada.

Country Case Study on Incident Management Capabilities CERT-TCC, Tunisia

aecert Roadmap Eng. Mohammed Gheyath Director, Technical Affairs TRA

Online Banking Service Agreement

Policy Based Encryption E. Administrator Guide

Policy Based Encryption E. Administrator Guide

Track and Trace. Administration Guide

Network Security Policy

Data Management & Protection: Common Definitions

Security Incident Management Essentials Compiled as a service to the community by Internet2, EDUCAUSE, and REN-ISAC

NOTE: BY CLICKING TO AGREE AND BY USE OF THIS SERVICE YOU ARE CONCLUDING A LEGALLY BINDING AGREEMENT. READ CAREFULLY.

CALNET 3 Category 7 Network Based Management Security. Table of Contents

honeytarg Chapter Activities

How To Control Vcloud Air From A Microsoft Vcloud (Vcloud)

Data Management Policies. Sage ERP Online

Advanced Encryption Standard by Example. 1.0 Preface. 2.0 Terminology. Written By: Adam Berent V.1.7

The FBI and the Internet

McAfee. Firewall Enterprise. Application Note TrustedSource in McAfee. Firewall Enterprise. version and earlier

Advanced Encryption Standard by Example. 1.0 Preface. 2.0 Terminology. Written By: Adam Berent V.1.5

FAQ (Frequently Asked Questions)

1. Exercise: Triage and Basic Incident Handling

BROKERAGE AGREEMENT. THIS AGREEMENT is made on BETWEEN:

Computer Security Incident Response Plan. Date of Approval: 23- FEB- 2015

"HIGHER EDUCATION VALUES AND OPINIONS SURVEY" ADVANCED PLACEMENT TEACHERS and GUIDANCE COUNSELORS May-June 1994

Fraud and Abuse Policy

How To Manage Your Information Systems At Aerosoft.Com

DATA PROTECTION LAWS OF THE WORLD. India

Intel Security Certified Product Specialist Security Information Event Management (SIEM)

III. Services Required The following details the services to be provided to the Town of North Haven in the area of information services:

SERVICE LEVEL AGREEMENT. Open Source Support Desk B.V. Hargray, Inc.

NOTICE TO USERS OF CONSUMER REPORTS: OBLIGATIONS OF USERS UNDER THE FCRA I. OBLIGATIONS OF ALL USERS OF CONSUMER REPORTS

Transcription:

1 RFC 2350 1.1 1. Document Information This document contains a description of CZ.NIC-CSIRT according to RFC 2350. It provides basic information about the CSIRT team, the ways it can be contacted, describes its responsibilities and the services offered. 1.1. Date of Last Update This is version 1.1. as of 2015/02/20. 1.2. Distribution List for Notifications There is no distribution list for notifications. 1.3. Locations where this Document May Be Found The current version of this document can always be found at http://www.nic.cz/csirt. 1.2 2. Contact Information 1.2.1 2.1. Name of the Team CZ.NIC-CSIRT 1.2.2 2.2. Address CZ.NIC, z.s.p.o., CSIRT Team Milesovska 5 130 00 Prague 3 Czech Republic 1.2.3 2.3. Time Zone Time-zone (relative to GMT): GMT01/GMT02(DST) 1.2.4 2.4 Telephone Number +420 222 745 111 1.2.5 2.5 Facsimile Number +420 222 745 112 Milešovská 5, 130 00 Praha 3 DIČ CZ67985726 M +420 731 657 660 www.nic.cz 1/5

1.2.6 2.6 Other Telecommunication None. 1.2.7 2.7 Electronic Mail Address Please send incident reports to csirt@nic.cz 1.2.8 2.8 Public Keys and Encryption Information Every team member use his own PGP key. Fingerprints can be found in chapter 2.9. 1.2.9 2.9 Team Members The CZ.NIC-CSIRT team members are Martin Peterka, Ondrej Sury, Zuzana Duracinska, Pavel Basta, Edvard Rejthar and Michal Prokop Basic information about team members : Martin Peterka email : martin.peterka@nic.cz PGP key : A4BE 75CD B803 E20E 2B75 A7E6 E592 7502 DCEA 5E22 Ondřej Surý email: ondrej.sury@nic.cz PGP key: BF7C 46FD 71E3 ACBA A1A5 1D5F 6189 1931 7A1F DB7C Pavel Bašta email: pavel.basta@nic.cz PGP key: 433C A7C2 5AB8 0293 3581 7691 A964 C99A E040 4418 Michal Prokop email: michal.prokop@nic.cz PGP key: 437D EE6B 90BC FA94 274B C113 4AE0 CC78 D66E BB7F Zuzana Duračinská email: zuzana.duracinska@nic.cz PGP key: 9B1B 3668 F2F0 E132 A8CD 5F6F 064B 0DF5 F417 80DF Edvard Rejthar email: edvard.rejthar@nic.cz PGP key: 43B5 C63A E512 2B55 E241 11F6 BA3D 915E F50B CBD8 1.2.10 2.10 Other Information For our application MDM which use email address malware@nic.cz is PGP key fingerprint: 8DBE 52F4 BF24 3C5B 05D6 2ED0 016E 1403 267B 03EC Milešovská 5, 130 00 Praha 3 DIČ CZ67985726 M +420 731 657 660 www.nic.cz 2/5

1.2.11 2.11 Points of Customer Contact The preferred method to contact CZNIC-CSIRT team is to send an e-mail to the address csirt@nic.cz. This will create a ticket in our tracking system and alert the human on duty. In urgent cases you can use phone number +420 222 745 111. Days/Hours of Operation: 09:00 to 17:00 Monday to Friday 1.3 3. Charter 1.3.1 3.1 Mission Statement CZ.NIC-CSIRT solve incidents within.cz domain registry system and incidents in.cz domain names if they are used in a fashion that endangers the national or international computer security. 1.3.2 3.2 Constituency The constituency are CZ.NIC association and another CERTs and end users. 1.3.3 3.3 Sponsorship and/or Affiliation CZ.NIC-CSIRT is part of CZ.NIC z.s.p.o., the.cz domain name registry 1.3.4 3.4 Authority CZ.NIC-CSIRT is department of CZ.NIC association and operates with authority delegated by association. As described in 3.1., team is responsible for solving incidents within.cz registry and for preparing expertises in concrete cases of incidents in.cz domain names. For more information see chapter 4.1. 1.4 4. Policies 1.4.1 4.1 Types of Incidents and Level of Support CZ.NIC-CSIRT team is responsible for incident handling within AS25192 and incident relating to nameservers for.cz and 0.2.4.e164.arpa. The CZ.NIC association is entitled to invalidate the delegation of the Domain Name at its own discretion if the same is used in a fashion that endangers the national or international computer security, particularly if through the Domain Name or through the services which are made available by the same a harmful content (especially viruses, malware) is distributed or if the content of a different service is masqueraded (especially phishing), or if the hardware that is made available through the Domain Name becomes a control centre of interlinked hardware network distributing the harmful content (especially botnet). Milešovská 5, 130 00 Praha 3 DIČ CZ67985726 M +420 731 657 660 www.nic.cz 3/5

The CZ.NIC association is entitled to invalidate the delegation of the Domain Name for a period of up to 1 month, even repeatedly; however the association is not obliged to actively seek the Domain Names which would fit the definitions mentioned hereinabove. Decisions concerning the examination of conditions for invalidation of the delegation and the procedure of invalidation are determined by CZ.NIC-CSIRT. The procedure taken under this provision cannot be used to enforce the protection of the third parties property rights against spam distribution if the conditions given in the first sentence of this provision are not fulfilled. 1.4.2 4.2 Co-operation, Interaction and Disclosure of Information CZ.NIC-CSIRT is ready to cooperate with other organizations and teams. We operate under the restrictions imposed by Czech law. It involves especially Civil code and Data Protection law. 1.4.3 4.3 Communication and Authentication For normal communication not containing sensitive information we use unencrypted e-mail. For secure communication PGP-Encrypted e-mail will be used. 1.5 5. Services 1.5.1 5.1 Incident Response CZ.NIC-CSIRT will handle the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 1.5.1.1 5.1.1. Incident Triage Determining whether an incident is authentic Assessing and prioritizing the incident 1.5.1.2 5.1.2. Incident Coordination Determine the involved organizations Contact the involved organizations to investigate the incident and take the appropriate steps Facilitate contact to other parties which can help resolve the incident. 1.5.1.3 5.1.3. Incident Resolution Removing the vulnerability Securing the system from the effects of the incident Collecting evidence where criminal prosecution is contemplated Milešovská 5, 130 00 Praha 3 DIČ CZ67985726 M +420 731 657 660 www.nic.cz 4/5

CZ.NIC-CSIRT will also collect statistics about incidents within its constituency. 1.5.2 5.2 Proactive Activities CZ.NIC-CSIRT do not pursue proactive activities. 1.6 6. Incident Reporting Forms There are no local forms available yet. Please use our basic rules for creating incident report: A report must contain your contact and organizational information - name and organization name, e-mail, telephone number A report must contain IP address and and case type A report about scanning must contain a cut from a log showing the problem A report about spam or virus must contain a copy of the full mailheader from the e-mail which is considered to be a spam or virus A report about phishing or pharming must contain URL, and source of the web page if possible 1.7 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, CZ.NIC-CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. Milešovská 5, 130 00 Praha 3 DIČ CZ67985726 M +420 731 657 660 www.nic.cz 5/5