NORDUnet CERT RFC 2350 Profile

1. Document Information

This document complies with RFC 2350.

1.1. Date of Last Update

This is version 1.3 as of September 30, 2016.

1.2. Distribution List for Notifications

This profile is kept up-to-date in the location specified in section 1.3.
E-mail notification of updates are sent to NORDUnet CERT management and investigators.
Please send any questions about updates to the NORDUnet CERT team e-mail address: cert@nordu.net

1.3. Locations where this Document May Be Found

The current version of this profile is always available at NORDUnet CERT RFC 2350 Profile

 

2. Contact Information

1. Name of the Team

Full name: NORDUnet CERT Computer Emergency Response Team.
Short name: NORDUnet CERT

2.2. Addresses

2.2.1 Mail address

NORDUnet CERT
NORDUnet A/S
Kastruplundgade 22
DK-2770 Kastrup
Denmark

2.2.2 Visiting address

NORDUnet CERT
Tulegatan 11

 Stockholm, Sweden

2.3. Time Zone

GMT+1 (GMT+2 in Summer Time)

2.4. Telephone Number

NORDUnet CERT regular telephone number: +46 8 20 78 60
NORDUnet CERT emergency telephone number: +46 8 20 78 60

2.5. Facsimile Number

NORDUnet CERT facsimile number: +45 45 76 23 66

2.6. Other Telecommunication

Not applicable.

2.7. Electronic Mail Address

Please send incident reports that relate to NORDUnet, including copyright issues, spam and abuse to abuse@nordu.net.
For encrypted communication cert@nordu.net should be used, see further below.

2.8. Public Keys and Encryption Information

Please encrypt any sensitive e-mail with the NORDUnet CERT PGP key with 

PGP keyed 0x1B5F345C
and
PGP fingerprint 7C20 828D DC71 88BD 7317  0E61 CA58 FBC2 1B5F 34

and send it to cert@nordu.net

Please sign messages using a key that is verifiable using the public keyservers. Because all NORDUNET CERT investigators can read mail encrypted with the cert@nordu.net key, individuals can use it if they cannot find a key for a specific NORDunet CERT team member.

2.9. Team Members

No public information is provided about NORDUnet CERT team members.

2.10. Other Information

Further information about the NORDUnet CERT can be found at NORDUnet CERT

NORDUnet CERT is listed by the Trusted Introducer (TI) for CERTs in Europe and has been registred as "TI Accredidited CERT" since 31 Aug 2000; see https://www.trusted-introducer.org/teams/nordunet-cert.html for details. NORDUnet CERT is a member of Forum for Incident Response and Security Teams (FIRST); see http://www.first.org/members/teams/nordunet for details.

2.11. Points of Customer Contact

The preferred method for contacting NORDUnet CERT is e-mail.

  • For general inquiries, please send e-mail to: cert@nordu.net
  • For abuse or security issues, please use abuse@nordu.net
  • For network, server, or service issues, please use noc@nordu.net
  • In an emergency, contact NORDUnet CERT on +46 8 20 78 60

 

NORDUnet CERT's hours of operation are generally restricted to regular business hours, or 07:00 to 19:00 Monday to Friday except public holidays.

 

3. Charter

3.1. Mission Statement

The NORDUnet CERT mission is to:

  • Coordinate and inform about information security incidents for all NORDUnet's customers.
  • Detect and respond to information security incidents and vulnerabilities for NORDUnet services.

3.2. Constituency

NORDUnet serves its own infrastructure and its member organisations where applicable.

The NORDUnet AS-number is: 2603

3.3. Sponsoring Organisation / Affiliation

NORDUnet CERT operates with the authority delegated by NORDUnet.

3.4. Authority

NORDUnet CERT operates under the auspices of the NORDUnet members and the supervision of the NORDUnet management.
 

 

4. Policies

4.1. Types of Incidents and Level of Support

All incidents classified in CERT - Security Severity Guidelines

4.2. Co-operation, Interaction, and Disclosure of Information

NORDUnet CERT strives to closely collaborate with the NREN and CSIRT community to protect the infrastructure and data of NORDUnet and its members. Only data that is required to resolve from the specific incident are disclosed to concerned parties (need to know). NORDUnet CERT provide means to support encryption and integrity of data that is submitted to or disclosed by NORDUnet CERT

When reporting an incident of sensitive nature, please state so explicitly by using an appropriate label in the Subject field (for example, SENSITIVE, EMERGENCY, etc.) and if possible, use encryption as well.
NORDUnet CERT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.trusted-introducer.org/links/ISTLP-v1.1-approved.pdf); information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.

4.3. Communication and Authentication

See section 2.8; usage of PGP in all cases where sensitive information is involved is highly recommended.

 

5. Services

5.1. Incident Response (Triage, Coordination, and Resolution)

NORDUnet CERT can assist system administrators in handling the technical and organizational aspects of computer security incidents.

 

6. Incident Reporting Forms

Not available; please report using e-mail. When reporting an incident of sensitive nature use encrypted e-mail.

 

7. Disclaimers

None.

None.

Highlights