Our Rules | Rules |
|
|
|
|
1. About this document 1.1 Date of Last Update This is version 1.00, published on 19 December 2006. 1.2 Distribution List for Notifications Currently CERT Moldova does not use any distribution lists to notify about changes in this document. 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available from the CERT Moldova WWW site; its URL is http://cert.acad.md/index.php?option=com_content&task=view&id=5&Itemid=6 Please make sure you are using the latest version. 1.4 Authenticating this document Not Available
2. Contact Information 2.1 Name of the Team "CERT Moldova ": Computer Emergency Response Team Moldova 2.2 Address CERT Moldova RENAM ul. Akademiceskaia 18 02-12 Kishinev Moldova 2.3 Time Zone East European Time (GMT+0200, GMT+0300 from April to October) 2.4 Telephone Number +373 22 739827 2.5 Facsimile Number +373 22 739827 2.6 Other Telecommunication None available. 2.7 Electronic Mail Address < This e-mail address is being protected from spam bots, you need JavaScript enabled to view it > This is a mail alias that serves the human(s) on duty for CERT Moldova. 2.8 Public keys and Other Encryption Information None available. 2.9 Team Members Alexei Altuhov Golubev Alexandr Kiparush Serghei 2.10 Other Information General information about CERT Moldova, as well as links to various recommended security resources, can be found at http://cert.acad.md/ 2.11 Points of Customer Contact The preferred method for contacting CERT Moldova is via e-mail at < This e-mail address is being protected from spam bots, you need JavaScript enabled to view it >; e-mail sent to this address will be handled by the responsible human. We encourage our customers to use PGP encryption when sending any sensitive information to CERT Moldova. If it is not possible (or not advisable for security reasons) to use e-mail, CERT Moldova can be reached by telephone during regular office hours. Off these hours incoming phone calls are transmitted to an answering machine. All messages recorded are checked ASAP. CERT Moldova hours of operation are generally restricted to regular business hours (08:00 - 17:00 CET Monday to Friday except holidays). If possible, when submitting your report, use the form mentioned in section 6.
3. Charter 3.1 Mission Statement The purpose of CERT Moldova is to assist Moldavian Internet users in implementing proactive measures to reduce the risks of computer security incidents and to assist them in responding to such incidents when they occur. CERT Moldova also handles incidents that originate in Moldavian networks and are reported by any Moldavian or foreign persons or institutions. 3.2 Constituency CERT Moldova constituency is all hosts in .md 3.3 Sponsorship and/or Affiliation CERT Moldova is financially maintained by the Research and Education Network Association from Moldova (RENAM) which it is formally a part of. 3.4 Authority CERT Moldova operates under the auspices of, and with authority delegated by, Research and Education Network Association from Moldova (RENAM). CERT Moldova expects to work cooperatively with system administrators and customers of RENAM. All members of CERT Moldova are employees of RENAM and thus have wide possibilities of interacting with RENAM System Administrators. CERT Moldova does its best to closely cooperate with all large ISP's abuse teams, establish direct contacts and exchange necessary data in order to prevent and recover from security incidents that affect their networks.
4. Policies 4.1 Types of Incidents and Level of Support CERT Moldova is authorized to address all types of computer security incidents which occur, or threaten to occur, in Moldavian networks. The level of support given by CERT Moldova will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the CERT Moldova‘s resources at the time, though in all cases some response will be made within two working days. Incidents will be prioritized according to their apparent severity and extent. End users are expected to contact their systems administrator, network administrator, or department head for assistance. CERT Moldova will give full support to the letter people. Only limited support can be given to end users. 4.2 Co-operation, Interaction and Disclosure of Information CERT Moldova exchanges all necessary information with other CSIRT's as well as with affected parties' administrators. No personal nor overhead data are exchanged unless explicitly authorized. All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if the must be transmitted over unsecured environment as stated below. 4.3 Communication and Authentication In view of the types of information that CERT Moldova deals with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data. If it is necessary to send highly sensitive data by e-mail,PGP will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission. Where it is necessary to establish trust, for example before relying on information given to CERT Moldova, or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable level of trust. Within NASK, and with known neighbor sites, referrals from known trusted people will suffice to identify someone. Otherwise, appropriate methods will be used, such as a search of FIRST members, the use of WHOIS and other Internet registration information, etc, along with telephone call-back or e-mail mail-back to ensure that the party is not an impostor. Incoming e-mail whose data must be trusted will be checked with the originator personally, or by means of digital signatures (PGP in particular is supported).
5. Services 5.1 Incident Response CERT Moldova will assist system administrators in handling the technical and organizational aspects of the incidents. In particular, it will provide assistance or advice with respect to the following aspects of incidents management: 5.1.1 Incident Triage - Investigating whether indeed an incident occurred. - Determining the extent of the incident. 5.1.2 Incident Coordination - Determining the initial cause of the incident (vulnerability exploited) - Facilitating contact with other sites which may be involved. - Facilitating contact with appropriate law enforcement officials, if necessary. - Making reports to other CSIRTs - Composing announcements to users, if applicable 5.1.3 Incident Resolution CERT Moldova will give advice but no physical support whatsoever to customers from outside of RENAM internal network with respect to the incident resolution. - Removing the vulnerability. - Securing the system from the effects of the incident. - Collecting the evidence of the incident. In addition, CERT Moldova will collect statistics concerning incidents processed, and will notify the community as necessary to assist it in protecting against known attacks. To make use of CERT Moldova 's services please refer to section 2.11 for points of contact. Please remember that amount of assistance will vary as described in section 4.1 5.2 Proactive Services CERT Moldova coordinates and mantaines the following services to the extent possible depending in its resources: - Information services such as: list of security contacts, repository of security-related patches for various operating systems - Training and educational services CERT Moldova organizes annual Secure conference covering current important security issues which is open for all interested parties. Detailed information about obtaining these services is available from CERT Moldova website at: http://.cert.acad.md/
6. Incident Reporting Forms CERT Moldova had created a local form designated for reporting incidents to the team. We strongly encourage anyone reporting an incident to fill it out, although this is never required. The current version of the form is available from: http://cert.acad.md/index.php?option=com_wrapper&Itemid=8
7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, CERT Moldova assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
|
