CERT OSIRIS Description - RFC 2350 1. About this document 1.1 Date of Last Update This is version 1.1, published 2019/11/18. 1.2 Distribution List for Notifications None available. 1.3 Locations where this Document May Be Found The current and latest version of this document is available from: https://cert-osiris.unistra.fr/cert-osiris-rfc2530.txt 1.4 Authenticating this Document This document has been signed with the PGP key of CERT OSIRIS and the signature of this document can be found online under: https://cert-osiris.unistra.fr/cert-osiris-rfc2530.txt.asc For details on the PGP key, see section 2.8 of this document. 1.5 Document Identification Title: "cert-osiris-rfc2530.txt" Version: 1.1 Document date: 2019/11/18 Expiration: This document is valid until superseded by a later version 2. Contact Information 2.1 Name of the Team "CERT OSIRIS". 2.2 Address CERT OSIRIS Universite de Strasbourg, Direction du numerique 4 rue Blaise Pascal CS 90032 67081 Strasbourg France 2.3 Time Zone CET/CEST 2.4 Telephone Number +33 368850688 2.5 Facsimile Number None available. 2.6 Other Telecommunication None available. 2.7 Electronic Mail Address All incidents should be reported to . 2.8 Public Keys and Other Encryption Information The CERT OSIRIS has a PGP key, whose fingerprint is: 94B2 4921 CAD9 5758 2446 2149 A146 8BC0 CB86 C154 The public key may be found at the usual public keyservers and is also available at: https://cert-osiris.unistra.fr/cert-osiris.txt 2.9 Team Members The coordinator of the CERT OSIRIS is Guy Brand and he can be reached by email at . The list of the team members is not publicly available. 2.10 Other Information General information about the CERT OSIRIS, as well as links to various recommended security resources, can be found at: https://cert-osiris.unistra.fr/ 2.11 Points of Customer Contact The preferred method for contacting the CERT OSIRIS is via e-mail at ; e-mail sent to this address will be forwarded to the team. If you require urgent assistance, put "urgent" in your subject line. Commercial mail is discarded. If it is not possible (or not advisable for security reasons) to use e-mail, the CERT OSIRIS can be reached by telephone during regular office hours. The CERT OSIRIS's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays). 3. Charter 3.1 Mission Statement As a CSIRT, the purpose of the CERT OSIRIS is, first, to assist members and partners connected to the metropolitan academic network (Osiris) of Strasbourg in implementing proactive measures to reduce the risks of computer security incidents, and second, to assist the Osiris community in responding to such incidents when they occur. 3.2 Constituency The CERT OSIRIS's constituency is the community of all members of community Osiris as described in: https://services-numeriques.unistra.fr/documentations/toutes-les-documentations/services-dinfrastructure-et-reseau/reseau/osiris.html 3.3 Affiliation The CERT OSIRIS is affiliated to Universite de Strasbourg and Delegation Alsace of the CNRS (Centre National de la Recherche Scientifique). 3.4 Authority The CERT OSIRIS operates under the auspices of, and with authority delegated by, the board of Osiris network (COPIL Osiris). The CERT OSIRIS expects to work cooperatively with system administrators and users from partners connected to the Osiris network, and, insofar as possible, to avoid authoritarian relationships. However, should circumstances warrant it, the CERT OSIRIS will exert its authority, direct or indirect, as necessary. 4. Policies 4.1 Types of Incidents and Level of Support The CERT OSIRIS is authorized to address all types of computer security incidents which occur, or threaten to occur, on any computer or device connected to the Osiris academic network. This includes in particular all equipment belonging to the Universite de Strasbourg or CNRS. Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or helpdesk service. The CERT OSIRIS supports the latter people. 4.2 Co-operation, Interaction and Disclosure of Information CERT OSIRIS takes appropriate measures to protect the identity of members of our constituency and members of neighbouring sites. CERT OSIRIS shares information and cooperates with others CSIRTs in resolving or preventing security incidents. Law enforcement officers will receive full cooperation from the CERT OSIRIS, including any information they require to pursue an investigation, in accordance with EU and French legislation. 4.3 Communication and Authentication In view of the types of information that the CERT OSIRIS will likely be dealing with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data. If it is necessary to send highly sensitive data by e-mail, PGP will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission. 5. Services 5.1 Incident Response CERT OSIRIS will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1 Incident Triage - Investigating whether indeed an incident occurred. - Determining the extent of the incident. 5.1.2 Incident Coordination - Determining the initial cause of the incident - Coordination with other sites which may be involved. - Facilitating contact with head of University or appropriate law enforcement officials, if necessary. - Making reports to other CSIRTs. - Composing announcements to users, if applicable. 5.1.3 Incident Resolution - Removing the vulnerability. - Securing the system from the effects of the incident. - Evaluating whether certain actions are likely to reap results in proportion to their cost and risk, in particular those actions aimed at an eventual prosecution or disciplinary action: collection of evidence after the fact, observation of an incident in progress, setting traps for intruders, etc. - Collecting evidence where criminal prosecution, or disciplinary action, is contemplated. In addition, CERT OSIRIS will collect statistics concerning incidents which occur within or involve the Osiris community. 5.2 Proactive Activities The CERT OSIRIS coordinates and maintains the following services to the extent possible depending on its resources: - Information services - List of security contacts (CSSI). - Mailing lists to inform security contacts (CSSI). - Training services - Members of the CERT OSIRIS will give seminars on computer security related topics; these seminars will be open to security contacts (CSSI). - Members of the CERT OSIRIS will take part in training campaigns for system and network administrators or users. These trainings are opened to all members of the Osiris community. - Archiving services - Central logging service: incoming log entries will be watched by an automated log analysis program, and events or trends indicative of a potential security problem will be reported to the affected system administrators. - Records of security incidents handled will be kept. While the records will remain confidential, periodic statistical reports will be generated. 6. Incident Reporting Forms There are no local forms developed for reporting incidents to CERT OSIRIS. All incidents should be reported by e-mail at . 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, CERT OSIRIS assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.