-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CSIRT Description for ACOnet CERT ================================= 1. About this document 1.1 Date of Last Update Version 1.1, Date: July 2nd, 2010 1.2 Locations where this document may be found The current version of this CSIRT description document is available from the ACOnet CERT Website http://cert.aco.net The URL of the Document is: http://www.aco.net/rfc2350.html Please make sure you are using the latest version. 1.3 Authenticating this Document The Document is signed with ACOnet CERT's Master Certification Key. 2. Contact Information 2.1 Name of the Team "ACOnet CERT": The Computer Emergency Response Team of ACOnet, the Austrian Academic Computer Network. ACOnet is operated by the Vienna University Computer Center. 2.2 Address ACOnet CERT Vienna University Computer Center Universitaetsstrasse 7 A-1010 Vienna AUSTRIA 2.3 Time Zone Central Europe Time (UTC+0100, UTC+0200 from last Sunday in March to last Sunday in October) 2.4 Telephone Number +43 1 4277 14045 (Please leave a Message if the call is not immediately handeld by a Team Member; The voice-box is avaliable 24/7) 2.5 Facsimile Number +43 1 4277 9140 (this is *not* a secure fax) 2.6 Other Telecommunication None. 2.7 Electronic Mail Address 2.8 Public Keys and Encryption Information The ACOnet CERT has a Master Signing Key, that is used to sign documents and the operational PGP-keys of the team and its members. Both keys are avaliable via keyservers and on ACOnet CERT Website: https://www.aco.net/cert_kontakt.html?&L=0 2.9 Team Members ACOnet CERT's Team Chair is Alexander Talos-Zens. Information about the Team Members is avaliable at: http://www.aco.net/cert_kontakt.html?&L=0 Management and supervision are provided by DI(FH) Ulf Busch, Director of the Vienna University Computer Center. http://www.univie.ac.at/ZID/staff/ 2.10 Other Information General information about the ACOnet CERT, as well as links to various recommended security resources, can be found at http://cert.aco.net 2.11 Points of Customer Contact ACOnet CERT's e-mail address is . Mail sent to this address will be stored in our trouble ticket system and will be taken care of by the duty team as soon as possible. This is the preferred way for reporting incients. If it is not possible to use e-mail, the ACOnet CERT can be reached by telephone during regular office hours phone (cf. 2.4) or by fax (cf. 2.5) ACOnet CERT's hours of operation are our regular business hours (09:00-17:00 Monday to Friday except public holidays). 3. Charter 3.1 Mission Statement The purpose of ACOnet CERT is to coordinate security efforts and Incident Response for security problems where customers of ACOnet are involved. The goal of ACOnet CERT is to solve security problems and assist our customers where necessary. 3.2 Constituency ACOnet CERT's constituency are the customers of ACOnet, the Austrian Academic Computer Network. An overview of the organisation and customers of ACOnet can be found at: http://www.aco.net. Although we do not use a framework of service level agreements, ACOnet CERT is committed to deliver its services on a best effort base. 3.3 Sponsorship and/or Affiliation ACOnet CERT is part of ACOnet's operations framework, and hosted by the Vienna University Computer Center. 3.4 Authority The ACOnet CERT expects to work cooperatively with the responsible staff of the ACOnet customers. The authority of the ACOnet CERT is established by the provisions in the customer contract and the gouverning AUP which can be found at: http://www.aco.net/antrag.html 4. Policies 4.1 Types of Incidents and Level of Support ACOnet CERT is authorized to address all types of computer security incidents which occur, or threaten to occur, in our constituency (cf. 3.2) The level of support given by ACOnet CERT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the ACOnet CERT's resources at the time. Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, department head and especially the organisation's security officer(s) for assistance. The ACOnet CERT will support the latter people. 4.2 Co-operation, Interaction and Disclosure of Information The ACOnet CERT cooperates with other organisations in the field of computer security. This cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless ACOnet CERT will protect the privacy of their customers, and therefore (under normal circumstances) pass on information in an anonymized way only. The ACOnet CERT operates under the restrictions imposed by Austrian law. Therefore it is also possible that - according to Austrian law - ACOnet CERT may be forced to disclose information due to a Court's order. Please note that ACOnet CERT is in no way obliged to report criminal offences to the police. 4.3 Communication and Authentication For normal communication not containing sensitive information ACOnet CERT will use conventional methods like unencrypted e-mail or fax. For secure communication PGP-Encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, ACOnet customers) or by other methods like call-back, mail-back or even face-to-face meeting if necessary. 5. Services 5.1 Incident Response ACOnet CERT coordinates incident prevention, handling and response within its constituency. 5.1.1. Incident Triage * determine wether an incident is authentic. * determine the customers involved 5.1.2. Incident Coordination * Contact the organisation(s) involved and ask them to investigate the incident and to take the appropriate steps. * Notify other CSIRTs if appropriate. 5.1.3. Incident Resolution * Assure the incident is handled properly by the affected organisation(s). Ask for feedback. * If necessary take appropriate steps within the Backbone Network of ACOnet (e.g. block ports, disconnect sites, etc. ) ACOnet CERT collects statistics about incidents within it's constituency. 5.2 Proactive Activities ACOnet CERT provides the following proactive services: * Information services * Database of Security Contacts * MailingLists to inform the Constituency of important issues. Further proactive services are provided within the framework of ArgeSecur, which is a group of security experts. It's activities include: * Technology watch and discussion. * Exchange of information and experience. * Building a Web of Trust. * Cooperate in security audits. * Building a corporate information platform regarding security information. 6. Incident Reporting Forms There are no local forms avaliable yet. If possible, please make use of the Incident Reporting Form of the CERT Coordination Center (Pittsburgh, PA). The current version is available from: http://www.cert.org/reporting/incident_form.txt 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, ACOnet CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained therein. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (Darwin) iD8DBQFMLcHDV1/K8X0rV+ERArKLAKC5OQshpd8voiCc1/TBavpTTG3skwCfUr5q eQwP6xuliexLNbNxrYwnzYQ= =WWYR -----END PGP SIGNATURE-----