KazRena - Ассоциация пользователей научно-образовательной компьютерной сети Казахстана
Поделиться:
выберите язык:

CERT - CSIRT Description for KAZRENA-CERT

RFC-2350: CSIRT Description for KAZRENA-CERT

- --------------------------------------------

 

1. About this document

 

1.1 Date of Last Update

 

This is version 1.0, 2015-01-13.

 

1.2 Distribution List for Notifications

 

Members of the constituency are informed of changes through their

closed channels.

 

1.3 Locations where this Document May Be Found

 

The current version of this CSIRT description document is

available from the KazRENA website; its URL is

http://www.kazrena.kz/security/KazRENA-CERT.txt

Please make sure you are using the latest version.

 

1.4 Authenticating this Document

 

This document has been signed with KazRENA-CERT's PGP key.

 

2. Contact Information

 

2.1 Name of the Team

 

"KazRENA-CERT": the KazRENA Computer Emergency Response Team.

 

2.2 Address

 

KAZRENA-CERT

KAZRENA

Room 717,

16-18-18a Satpaev Street,

Almaty,

Kazakhstan

050013

 

2.3 Time Zone

 

ALMT:

Winter GMT+0600

Summer GMT+0600

 

2.4 Telephone Number

 

+7 727 262 2372

2.5 Facsimile Number

 

+7 727 262 1725(this is *not* a secure fax)

 

2.6 Other Telecommunication

 

Video conferencing is available on request.

 

Members of the constituency have access to closed, secure communication

and collaboration platforms.

 

2.7 Electronic Mail Address

 

Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript .  This address will reach our team mailbox which is

monitored during working hours.

 

2.8 Public Keys and Other Encryption Information

 

KAZRENA-CERT has a PGP key, whose KeyID is A0B47A0C and

whose fingerprint is

FEDB 1037 0598 DF59 0B3F  AC02 B1C9 8454 A0B4 7A0C

The key and its signatures can be found at the public keyservers as

well as on the Web site:

http://www.kazrena.kz/security/contact/

 

2.9 Team Members

 

KAZRENA-CERT is operated by dedicated staff.  It can fall back to other

employes of KAZRENA for special needs.

 

2.10 Other Information

 

General public information about KazRENA-CERT is found on the Web site:

http://www.kazrena.kz/security/

 

2.11 Points of Customer Contact

 

Normal contact is through e-mail using the address < Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript >.

In urgent cases and emergencies customers as well as other CERTs can

use the phone numbers given above.

 

KAZRENA-CERT follows standard Kazakhstan office-hours on working days:

9:00 - 18:00

Outside of these hours as well as on weekends, public holidays in

Kazakhstan,services are offered on a best effort basis and are not guaranteed.

 

3. Charter

 

3.1 Mission Statement

 

KAZRENA-CERT supports members of its constituency (see below) with

reactive and proactive services in the field of IT security.

 

KAZRENA-CERT provides support to third parties for problems originating

in AS41419 (the Kazakhstan research and education network).

 

KAZRENA-CERT supports the kazrena.kz registries with

reactive and proactive services in the field of IT security.

 

KAZRENA-CERT provides best-effort services for incidents involving

kazrena.kz domains or with other links to Kazakhstan.

 

3.2 Constituency

 

KAZRENA-CERT serves the following customers:

 

- - All sites part of AS41419, the Kazakhstan research and education network.

- - Selected third parties which have SLAs with KAZRENA-CERT.

 

3.3 Sponsorship and/or Affiliation

 

KAZRENA-CERT is operated by KAZRENA.

 

3.4 Authority

 

KAZRENA-CERT coordinates security incidents for its constituency.  It

does not have any formal authority over constituency members. Rather,

it is operating in an advisory capacity.

 

4. Policies

 

4.1 Types of Incidents and Level of Support

 

Incidents are prioritized according to their severeness.  Incidents

directly affecting members of the constituency are treated with higher

priority.

 

4.2 Co-operation, Interaction and Disclosure of Information

 

All requests to KAZRENA-CERT are treated with due care.  KAZRENA-CERT

adheres to the traffic light protocol (TLP).  See

 

https://tiw.trusted-introducer.org/links/ISTLP-v1.1-approved.pdf

 

for a description.  Classified messages should be tag in the subject as

[TLP Color].  A similar stamp should be clearly visible in other

documents, such as PDF files etc, sent to KAZRENA-CERT.  If contact is

through phone or video conference, the TLP classifications should be

stated prior to the delivery of the information.

 

It is recommended to encrypt sensitive information with the PGP key

mentioned above.  Unless required by law, KAZRENA-CERT will never

release information provided by third parties without their consent.

Other encryption methods are available upon request.

 

4.3 Communication and Authentication

 

See 4.2.  To ensure authenticity of information use PGP signatures.

 

5. Services

 

5.1 Incident Response

 

KAZRENA-CERT will assist its customers in the following areas.

KAZRENA-CERT requires an official security contact from each member of

its constituency, typically the site security team.  In particular, it

will provide assistance or advice with respect to the following aspects

of incident management:

 

5.1.1 Incident Triage

 

- Investigating whether indeed an incident occurred.

- Does the incident belong to our constituency.

- Determining the extent of the incident.

 

5.1.2 Incident Coordination

 

- Analyzing available information.

- Contact the organization affected.

- Facilitating contact with other sites which may be involved.

- Support the organization affected with intelligence and

additional information related to the incident.

- Performing specialized tasks, such as forensic analysis, malware

reverse engineering etc. if requested.

 

5.1.3 Incident Resolution

 

- Resolving incidents is primarily the customers' responsibility.

KAZRENA-CERT will provide support, where applicable.

 

5.2 Monitoring

 

- KAZRENA-CERT monitors the AS41419 backbone for malicious traffic.

- Where feasible KAZRENA-CERT monitors attack infrastructure.

 

5.3 Proactive Activities

 

KAZRENA-CERT provides the following proactive services:

 

- Information services

- Closed mailing-lists.

- Alerts for highly critical threats.

- Awareness materials.

- Proof of Concept demonstrations.

 

- Training services

- KAZRENA-CERT conducts trainings on current issues for members of

its constituency.

 

- Meetings

- KAZRENA-CERT organizes periodic meetings for members of its

constituency to facilitate information exchange and inform about

latest trends.

 

6. Incident Reporting Forms

 

There are no forms available.  The preferred way of reporting incidents

is by email.

 

7. Disclaimer

 

While every precaution will be taken in the preparation of information,

notifications and alerts, KAZRENA-CERT assumes no responsibility for

errors or omissions, or for damages resulting from the use of the

information contained within.

 

All information in this document is Copyright 2015, KAZRENA.  This

document may not be redistributed, in whole or in part, without the

explicit, written permission of KAZRENA.  Please use the URL given under

1.3 for redistribution.

 

 
Наши партнеры: