GARR-CERT Information

https://www.cert.garr.it
This page is signed by PGP

 

1. Document Information

1.1 Date of Last Update

Version 1.2, published 26 June 2003.

1.2 Distribution List for Notifications

Notifications of updates are submitted to the mailing list (in italian) <sicurezza@garr.it>.

More details can be found at: http://www.cert.garr.it/mailing.php3

1.3 Locations where this Document May Be Found

The current version of this document is available from the GARR-CERT WWW site: http://www.cert.garr.it/GARR-CERT-descr-rfc.html

1.4 Authentication of this document

This document has been signed with the GARR-CERT PGP Master Key.

1.5 Revision History

1.0 - First release.
1.1 - New address and phone number.
1.2 - New phone numbers.

2. Contact Information

2.1 Name of the Team

GARR-CERT: the GARR Network Computer Emergency Response Team.

2.2 Address

GARR-CERT c/o
INFN, Sezione di Firenze
Servizio Calcolo e Reti
Via G. Sansone 1
I 50019 Sesto Fiorentino (FI)
ITALY

2.3 Time Zone

Central European (GMT+0100 and GMT+0200 from the last Sunday of March to the last Sunday of October)

2.4 Telephone Number

+39 055 4572113
+39 055 4572723
+39 055 4572724

>2.5 Facsimile Number

+39 055 4572121

2.6 Other Telecommunication

None available.

2.7 Electronic Mail Address

<cert@garr.it>
Messages sent to this address are received by all GARR-CERT members.

2.8 Public Keys and Encryption Information

GARR-CERT has a PGP Master Key, used to sign GARR-CERT's official documents (including this one), whose characteristics are:
Type Bits/KeyID Date User ID
pub 1024/65126042 2009/07/03 GARR-CERT Master Key <cert@garr.it>
   Fingerprint: C6A5 D891 E4CA ACB5 A701 1876 C19C 4C93 6512 6042
It can be found at the GARR-CERT PGP page or at the PGP Public Key Servers.

Details on the PGP keys of GARR-CERT members can be found at: http://www.cert.garr.it/PGP/

2.9 Team Members

Roberto Cecchini of INFN, Section of Florence, is the GARR-CERT coordinator.

The other team members are listed at: http://www.cert.garr.it/membri.php3

2.10 Other Information

General information (in Italian) about GARR-CERT can be found at: http://www.cert.garr.it/

2.11 Points of Customer Contact

GARR-CERT can be contacted:
  • via e-mail at <cert@garr.it>
    messages sent to this address will be received by all the GARR-CERT members;
  • by telephoneduring regular office hours (Mon-Fri, 8.00-17:00);
  • by fax;
  • by web using the form mentioned in Section 6.

3. Charter

3.1 Mission Statement

The purposes of GARR-CERT are:
  1. to assist the users of the GARR Networkin implementing proactive measures to reduce the risk of computer security incidents;
  2. to assist the users of the GARR network in responding to such incidents when they occur.

3.2 Constituency

The GARR-CERT constituency is the community of the users of the GARR Network, the Italian Academic and Research Network.

3.3 Sponsorship

GARR-CERT is an operative service of the GARR Network.

3.4 Authority

GARR-CERT operates under the auspices of the GARR members and the supervision of the GARR management.

In case of missing support from the local APM, it has authority to obtain from GARR NOC the filtering of the involved node(s) on the GARR network border routers.

4. Policies

4.1 Types of Incidents and Level of Support

GARR-CERT is authorized to address all types of computer security incidents that occur at nodes connected to the GARR network.

The level of support given by GARR-CERT will vary according to the severity of the incident and the GARR-CERT's resources at the time. Every effort will be done to give some response within one working day.

No direct support will be given to end-users, as they are expected to contact their system administrators.

GARR-CERT expects that the APM of the sites involved in security incidents will cooperate in the resolution of the problem.

The incident handling procedure, which, in extreme cases, will lead to filtering the compromised node(s) on the GARR network border routers -- as approved by the OTS GARR -- can be found at (in Italian): http://www.cert.garr.it/incidenti.php3

GARR-CERT is committed to keeping its constituency informed of potential vulnerabilities, possibly before they are actively exploited.

4.2 Co-operation, Interaction and Disclosure of Information

GARR-CERT, unless explicitly authorized, will not divulge the identity of nodes victims of computer security incidents.

4.3 Communication and Authentication

Telephone and unencrypted e-mail are considered sufficient for the transmission of low-sensitivity data. If it is necessary to send high sensitivity data by e-mail, PGP will be used. Network file transfers will be considered similar to e-mail for these purposes.

5. Services

5.1 Incident Response

GARR-CERT will help system administrators of nodes connected to the GARR network in handling computer security incidents. In particular:
  • investigating the nature and extent of the incident;
  • determining the initial cause (e.g. vulnerability exploited);
  • keeping contacts with other sites involved;
  • reporting to other CSIRTs;
  • helping in removing the vulnerability.

To make use of GARR-CERT's incident response services, please use the methods listed in Section 2.11.

5.2 Proactive Activities

GARR-CERT coordinates and maintains the following services to the extent possible depending on its resources:
  • mailing lists.
  • auditing services;
  • dissemination of information about vulnerabilities and recommended security measures;
  • testing and developing security tools.

6. Incident Reporting Forms

If possible, use the following form to report a security incident: http://www.cert.garr.it/incident-report-form.php3

7. Disclaimers

While every precaution will be taken in the preparation of information, notification and alerts, GARR-CERT assumes no responsibility for errors or omissions, or for damages resulting fron the use of the information contained within.

 

This page is signed by PGP

 

 

Stampa