1. Document Information
This document contains a description of CERT.at according to RFC 2350. It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered.
1.1 Date of Last Update
This is version 0.6 as of 2008/06/23.
1.2 Distribution List for Notifications
There is no distribution list for notifications as of 2008/02.
1.3 Locations where this Document May Be Found
The current version of this document can always be found at http://www.cert.at/about/rfc2350/.
For validation purposes, a GPG signed ASCII version of this document is located at http://www.cert.at/static/rfc2350.txt. The key used for signing is the CERT.at key as listed under
2.8.
2. Contact Information
2.1 Name of the Team
CERT.at
2.2 Address
CERT Team nic.at Karlsplatz 1/2/9 1010 Wien Austria
2.3 Time Zone
We are located in the central European timezone (CET) which is GMT+0100 (+0200 during day-light saving time).
2.4 Telephone Number
+43 1 5056416 78
2.5 Facsimile Number
+43 1 5056416 79
2.6 Other Telecommunication
None.
2.7 Electronic Mail Address
Please send incident reports to
reports@cert.at.
Non-incident related mail should be addressed to
team@cert.at.
2.8 Public Keys and Encryption Information
CERT.at uses a master signing key to sign all keys used for operational purposes. This trust anchor is:
pub 1024D/242EFA2F 2008-02-12 [expires: 2013-02-10]
Key fingerprint = 0F71 E5DB 5A23 22AE D6A3 5706 A5A2 AC28 242E FA2F
uid cert.at master key <cert@cert.at>
sub 4096g/BA63C2F4 2008-02-12 [expires: 2013-02-10]
and can be found on most key-servers. Please do not use this key for communications with us.
All official communication by CERT.at will be signed by the current operations key, which is as of 2008/02:
pub 1024D/5C384328 2008-02-13
uid team CERT.at (general communications) <team@cert.at>
uid reports@cert.at (general communication key. For incident reports) <reports@cert.at>
sub 4096g/D7071014 2008-02-13
Encrypted communications with CERT.at should use this operational key.
All keys (including the keys of individual team members) can be found
http://www.cert.at/static/pgpkeys.asc
2.9 Team Members
The CERT team leader is Otmar Lendl. Other team members, along with their areas of expertise and contact information, are listed in the CERT.at web pages, at
Das Team.
Management, liaison and supervision are provided by Robert Schischka, Technical Manger of
nic.at.
2.10 Other Information
2.11 Points of Customer Contact
The preferred method for contacting CERT.at is via e-mail. For incident reports and related issues please use
reports@cert.at. This will create a ticket in our tracking system and alert the human on duty.
For general inquiries please send e-mail to
team@cert.at.
If it is not possible (or advisable due to security reasons) to use e-mail, you can reach us via telephone at +43 1 5056416 700.
CERT.at's hours of operation are generally restricted to regular business hours.
Please use our
incident reporting form (or if you prefer there is also a
german one).
3. Charter
3.1 Mission Statement
The purpose of CERT.at is to coordinate security efforts and incident response for IT-security problems on a national level in Austria.
3.2 Constituency
The constituency are IT-security teams and local CERTs in Austria.
Pro-active and educational material will be provided for SMEs and the general public as well.
3.3 Sponsorship and/or Affiliation
CERT.at is an initiative of nic.at, the Austrian domain registry.
Funding is provided by nic.at
3.4 Authority
CERT.at's main purpose in incident handling is the coordination of incident response. As such, we only advise local CERTs and have no authority to demand certain actions.
We have indirect authority over AS35492 and are in very close contact with the
ACONet CERT.
4. Policies
4.1 Types of Incidents and Level of Support
CERT.at is authorized to address all types of computer security incidents which occur, or threaten to occur, in our Constituency (see
3.2) and which require cross-organizational coordination.
The level of support given by CERT.at will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and CERT.at's resources at the time. Special attention will be give to issues affecting critical infrastructure.
Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or department head for assistance. CERT.at will support the latter people.
CERT.at is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.
4.2 Co-operation, Interaction and Disclosure of Information
CERT.at will cooperate with other Organisations in the Field of Computer Security. This Cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless CERT.at will protect the privacy of their customers, and therefore (under normal circumstances) pass on information in an anonymized way only unless other contractual agreements apply.
CERT.at operates under the restrictions imposed by Austrian law. This involves careful handling of personal data as required by Austrian Data Protection law, but it is also possible that - according to Austrian law - CERT.at may be forced to disclose information due to a Court's order.
4.3 Communication and Authentication
For normal communication not containing sensitive information CERT.at will use conventional methods like unencrypted e-mail or fax.
For secure communication PGP-Encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST, TI, …) or by other methods like call-back, mail-back or even face-to-face meeting if necessary.
5. Services
5.1 Incident Response
CERT.at will assist IT-security team in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1. Incident Triage
-
Determining whether an incident is authentic.
-
Assessing and prioritizing the incident.
5.1.2. Incident Coordination
-
Determine the involved organizations.
-
Contact the involved organizations to investigate the incident and take the appropriate steps.
-
Facilitate contact to other parties which can help resolve the incident.
-
Send reports to other CERTs
5.1.3. Incident Resolution
-
Advise local security teams on appropriate actions.
-
Follow up on the progress of the concerned local security teams.
-
Ask for reports.
-
Report back.
CERT.at will also collect statistics about incidents within its constituency.
5.2 Proactive Activities
-
CERT.at tries to raise security awareness in its constituency.
-
Collect contact information of local security teams.
-
Publish announcements concerning serious security threats.
-
Observer current trends in technology and distribute relevant knowledge to the constituency.
-
Provide fora for community building and information exchange within the constituency.
6. Incident Reporting Forms
If possible, please make use of the Incident Reporting Form, the current version is available from:
http://www.cert.at/static/form.txt (also available in German:
http://www.cert.at/static/form_de.txt).
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CERT.at assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.