1. Document Information
1.1 Date of Last Update
1.2 Distribution List for Notifications
More details can be found at: http://www.cert.garr.it/mailing.php3
1.3 Locations where this Document May Be Found
1.4 Authentication of this document
1.5 Revision History
1.1 - New address and phone number.
2. Contact Information
2.1 Name of the Team
INFN, Sezione di Firenze
Servizio Calcolo e Reti
Via G. Sansone 1
I 50019 Sesto Fiorentino (FI)
2.3 Time Zone
2.4 Telephone Number
+39 055 4572723
+39 055 4572724
>2.5 Facsimile Number
2.6 Other Telecommunication
2.7 Electronic Mail Address
Messages sent to this address are received by all GARR-CERT members.
2.8 Public Keys and Encryption Information
Type Bits/KeyID Date User ID pub 1024/65126042 2009/07/03 GARR-CERT Master Key <email@example.com> Fingerprint: C6A5 D891 E4CA ACB5 A701 1876 C19C 4C93 6512 6042It can be found at the GARR-CERT PGP page or at the PGP Public Key Servers.
Details on the PGP keys of GARR-CERT members can be found at: http://www.cert.garr.it/PGP/
2.9 Team Members
The other team members are listed at: http://www.cert.garr.it/membri.php3
2.10 Other Information
2.11 Points of Customer Contact
- via e-mail at <firstname.lastname@example.org>
messages sent to this address will be received by all the GARR-CERT members;
- by telephoneduring regular office hours (Mon-Fri, 8.00-17:00);
- by fax;
- by web using the form mentioned in Section 6.
3.1 Mission Statement
- to assist the users of the GARR Networkin implementing proactive measures to reduce the risk of computer security incidents;
- to assist the users of the GARR network in responding to such incidents when they occur.
In case of missing support from the local APM, it has authority to obtain from GARR NOC the filtering of the involved node(s) on the GARR network border routers.
4.1 Types of Incidents and Level of Support
The level of support given by GARR-CERT will vary according to the severity of the incident and the GARR-CERT's resources at the time. Every effort will be done to give some response within one working day.
No direct support will be given to end-users, as they are expected to contact their system administrators.
GARR-CERT expects that the APM of the sites involved in security incidents will cooperate in the resolution of the problem.
The incident handling procedure, which, in extreme cases, will lead to filtering the compromised node(s) on the GARR network border routers -- as approved by the OTS GARR -- can be found at (in Italian): http://www.cert.garr.it/incidenti.php3
GARR-CERT is committed to keeping its constituency informed of potential vulnerabilities, possibly before they are actively exploited.
4.2 Co-operation, Interaction and Disclosure of Information
4.3 Communication and Authentication
5.1 Incident Response
- investigating the nature and extent of the incident;
- determining the initial cause (e.g. vulnerability exploited);
- keeping contacts with other sites involved;
- reporting to other CSIRTs;
- helping in removing the vulnerability.
To make use of GARR-CERT's incident response services, please use the methods listed in Section 2.11.
5.2 Proactive Activities
- mailing lists.
- auditing services;
- dissemination of information about vulnerabilities and recommended security measures;
- testing and developing security tools.
6. Incident Reporting Forms