CSIRT Description for ACOnet-CERT
1. About this document
1.1 Date of Last Update
Version 1.1, Date: July 2nd, 2010
1.2 Locations where this document may be found
The current version of this CSIRT description document is available from
the ACOnet CERT Website: www.aco.net/cert.html
The URL of the Document is: www.aco.net/rfc2350.html
Please make sure you are using the latest version.
1.3 Authenticating this Document
The Document is signed with ACOnet CERT's Master Certification Key.
2. Contact Information
2.1 Name of the Team
"ACOnet CERT": The Computer Emergency Response Team of ACOnet,
the Austrian Academic Computer Network. ACOnet is operated by
the Vienna University Computer Center.
Vienna University Computer Center
2.3 Time Zone
Central Europe Time (UTC+0100, UTC+0200 from last Sunday
in March to last Sunday in October)
2.4 Telephone Number
+43 1 4277 14045 (Please leave a message if the call is not immediately
handeld by a Team Member; the voice-box is avaliable 24/7)
2.5 Facsimile Number
+43 1 4277 9140 (this is *not* a secure fax)
2.6 Other Telecommunication
2.7 Electronic Mail Address
2.8 Public Keys and Encryption Information
The ACOnet CERT has a Master Signing Key, that is used to sign documents
and the operational PGP-keys of the team and its members.
Both keys are available via keyservers and on ACOnet CERT Website:
2.9 Team Members
ACOnet CERT's Team Chair is Alexander Talos-Zens. Information about the
Team Members is available at: www.aco.net/cert_kontakt.html
Management and supervision are provided by DI(FH) Ulf Busch, Director of
the Vienna University Computer Center: https://zid.univie.ac.at/zid-mitarbeiterinnen/
2.10 Other Information
General information about the ACOnet CERT, as well as links to various
recommended security resources, can be found at: https://cert.aco.net
2.11 Points of Customer Contact
ACOnet CERT's e-mail address is cert(at)aco.net. Mail sent to this address
will be stored in our trouble ticket system and will be taken care of by
the duty team as soon as possible. This is the preferred way for
If it is not possible to use e-mail, the ACOnet CERT can be reached
during regular office hours by phone (cf. 2.4) or by fax (cf.2.5)
ACOnet CERT's hours of operation are our regular business hours
(09:00-17:00 Monday to Friday except public holidays).
3.1 Mission Statement
The purpose of ACOnet CERT is to coordinate security efforts and
Incident Response for security problems where customers of ACOnet are
The goal of ACOnet CERT is to solve security problems and assist our
customers where necessary.
ACOnet CERT's constituency are the customers of ACOnet, the Austrian
Academic Computer Network.
An overview of the organisation and customers of ACOnet
can be found at: www.aco.net
Although we do not use a framework of service level agreements, ACOnet
CERT is committed to deliver its services on a best effort base.
3.3 Sponsorship and/or Affiliation
ACOnet CERT is part of ACOnet's operations framework, and hosted by
the Vienna University Computer Center.
The ACOnet CERT expects to work cooperatively with the responsible
staff of the ACOnet customers. The authority of the ACOnet CERT is
established by the provisions in the customer contract and the
governing AUP which can be found at: www.aco.net/antrag.html
4.1 Types of Incidents and Level of Support
ACOnet CERT is authorized to address all types of computer security
incidents which occur, or threaten to occur, in our constituency (cf.
The level of support given by ACOnet CERT will vary depending on the
type and severity of the incident or issue, the type of constituent,
the size of the user community affected, and the ACOnet CERT's
resources at the time.
Note that no direct support will be given to end users; they are
expected to contact their system administrator, network administrator,
department head and especially the organisation's security officer(s)
for assistance. The ACOnet CERT will support the latter people.
4.2 Co-operation, Interaction and Disclosure of Information
The ACOnet CERT cooperates with other organisations in the field of
computer security. This cooperation also includes and often requires
the exchange of vital information regarding security incidents and
vulnerabilities. Nevertheless ACOnet CERT will protect the privacy of
their customers, and therefore (under normal circumstances) pass on
information in an anonymized way only.
The ACOnet CERT operates under the restrictions imposed by Austrian
law. Therefore it is also possible that - according to Austrian law -
ACOnet CERT may be forced to disclose information due to a Court's
order. Please note that ACOnet CERT is in no way obliged to report
criminal offences to the police.
4.3 Communication and Authentication
For normal communication not containing sensitive information ACOnet
CERT will use conventional methods like unencrypted e-mail or fax.
For secure communication PGP-Encrypted e-mail or telephone will be
used. If it is necessary to authenticate a person before
communicating, this can be done either through existing webs of trust
(e.g. FIRST, TI, ACOnet customers) or by other methods like call-back,
mail-back or even face-to-face meeting if necessary.
5.1 Incident Response
ACOnet CERT coordinates incident prevention, handling and response
within its constituency.
5.1.1. Incident Triage
- determine wether an incident is authentic.
- determine the customers involved
5.1.2. Incident Coordination
- Contact the organisation(s) involved and ask them to investigate the
incident and to take the appropriate steps.
- Notify other CSIRTs if appropriate.
5.1.3. Incident Resolution
- Assure the incident is handled properly by the affected
organisation(s). Ask for feedback.
- If necessary take appropriate steps within the Backbone Network of
ACOnet (e.g. block ports, disconnect sites, etc. )
ACOnet CERT collects statistics about incidents within it's
5.2 Proactive Activities
ACOnet CERT provides the following proactive services:
- Information services
- Database of Security Contacts
- MailingLists to inform the Constituency of important issues.
Further proactive services are provided within the framework of
ArgeSecur, which is a group of security experts.
It's activities include
- Technology watch and discussion.
- Exchange of information and experience.
- Building a Web of Trust.
- Cooperate in security audits.
- Building a corporate information platform regarding security
6. Incident Reporting Forms
There are no local forms in use. If possible, please make use
of the Incident Reporting Form of the CERT Coordination Center
(Pittsburgh, PA). The current version is available from: www.cert.org
While every precaution will be taken in the preparation of
information, notifications and alerts, ACOnet CERT assumes no
responsibility for errors or omissions, or for damages resulting from
the use of the information contained therein.
The signed version can be found at:
- RFC2350.txt(7.4 kB)