RFC 2350

esCERT Service Description According to RFC 2350

1. About this document

1.1 Date of Last Update

This is version 2.0, published 2015-05-29.

1.2 Distribution List for Notifications

Currently esCERT-UPC does not use any distribution lists to notify about
changes in this document.

1.3 Locations where this Document May Be Found

The current version of this CSIRT description document is available from the
esCERT WWW site at:
http://escert.upc.edu/quienes-somos/CERT-profile
Please make sure you are using the latest version.

2. Contact Information

2.1 Name of the Team

CERT of the Polytechnic University of Catalonia (esCERT-UPC)

2.2 Address

Polytechnic University of Catalonia
c/ Jordi Girona 1-3
Barcelona School of Informatics, Modul B6
08034 Barcelona

2.3 Time Zone

GMT+0100/0200 DST

2.4 Telephone Number

+34 934017737

2.5 Facsimile Number

+34 934017040

2.6 Other Telecommunication

None available.

2.7 Electronic Mail Address

<cert@escert.upc.edu> This is a mail alias that relays mail to the human(s)
on duty on esCERT.

2.8 Public Keys and Other Encryption Information

The esCERT has a PGP key, whose KeyID is 0xDAF483F4 and whose fingerprint is
3897 6DD7 6994 C2D3 F5B0 E8F0 4652 1917 DAF4 83F4.
The key and its signatures can be found at the usual large public keyservers.

2.9 Team Members

Manel Medina is the esCERT Director.
Other members of the team are:
Antonia Gómez
Antonio Rodríguez
Manel Rodero
Alex Palazón

2.10 Other Information

General information about the esCERT, as well as links to various
recommended security resources, can be found at http://escert.upc.edu

2.11 Points of Customer Contact

The preferred method for contacting the esCERT is via e-mail at
<cert@escert.upc.edu>; e-mail sent to this address will "biff" the
responsible human, or be automatically forwarded to the appropriate backup
person, immediately. If you require urgent assistance, put "URGENTE" in
your subject line.
If it is not possible (or not advisable for security reasons) to use e-mail,
the esCERT can be reached by telephone during regular office hours.
Telephone messages are checked daily.

The esCERT's hours of operation are generally restricted to regular business
hours (09:00-17:00 Monday to Friday except holidays).

If possible, when submitting your report, use the form mentioned in section
6.

3. Charter

3.1 Mission Statement

The purpose of the esCERT is to assist members of UPC University community
in responding to such incidents when and if they occur.

EsCERT is also committed to proactively reduce the risk of computer security
providing vulnerability alters, proactive network scans, ID.s deployment and
related measures.

3.2 Constituency

The esCERT's constituency is the UPC University community and with partial
support to the Spanish Internet Community.

However, please note that, esCERT resolution services will be provided for
on-site UPC systems only.

3.3 Sponsorship and/or Affiliation

Initially UPC (Universitat Politècnica de Catalunya), CICYT (Comisión
Interministerial de Ciencia y Tecnología), Generalitat de Catalunya and CE
(Comisión Europea) provided funds which made possible esCERT-UPC.
Now-a-days esCERT-UPC provides for 100% of its operational costs.

UPC provides networking infrastructure, space on its campus and telephone
service to the esCERT.

esCERT maintains affiliations with various other CSIRTs on an as needed basis.

3.4 Authority

The esCERT operates under the auspices of, and with authority delegated by,
the Department of Computing Services of UPC University (UPCNet).

The esCERT expects to work cooperatively with system administrators and users
at UPC University, and, insofar as possible, to avoid authoritarian
relationships. However, should circumstances warrant it, the esCERT will
appeal to Computing Services to exert its authority, direct or indirect,
as necessary.

Members of the esCERT in contact with UPCNet which provides networking
infrastructure to the UPC community and has established protocols and
granted authority to enforce networking restrictions should the need arise.

4. Policies

4.1 Types of Incidents and Level of Support

The esCERT is authorized to address all types of computer security incidents
which occur, or threaten to occur, at its constituency.

The level of support given by esCERT will vary depending on the type and
severity of the incident or issue, the type of constituent, the size of the
user community affected, and the esCERT's resources at the time, though in
all cases some response will be made within two working days.

Incidents will be prioritised according to their apparent severity and
extent. These incidents will be assessed as to their relative severity at
esCERT's discretion.

No direct support other than general security information will be given to
end users; they are expected to contact their system administrator, network
administrator, or department head for assistance. The esCERT will support
the latter people.

While the esCERT understands that there exists great variation in the level
of system administrator expertise at UPC University, and while the esCERT
will endeavour to present information and assistance at a level appropriate
to each person, the esCERT cannot train system administrators on the fly but
it will perform system maintenance on their behalf when needed.

In most cases, the esCERT will provide pointers to the information needed to
implement appropriate measures if system administrators are capable of taking
appropriate measures by themselves.

The esCERT is committed to keeping the UPC University system administration
community informed of potential vulnerabilities, and where possible, will
inform this community of such vulnerabilities before they are actively
exploited. Distribution lists are available for such task.

4.2 Co-operation, Interaction and Disclosure of Information

esCERT defaults to keep all information relative to incidents confidential.
While appropriate measures will be taken to protect the identity of members
of our constituency and members of neighbouring sites where necessary,
the esCERT will otherwise share information freely when this will assist
others in resolving or preventing security incidents.

4.3 Communication and Authentication

In view of the types of information that the esCERT will likely be dealing
with, telephones will be considered sufficiently secure to be used even
unencrypted. Unencrypted e-mail will not be considered particularly secure,
but will be sufficient for the transmission of low-sensitivity data.

If it is necessary to send highly sensitive data by e-mail, PGP will be used.
Network file transfers will be considered to be similar to e-mail for these
purposes: sensitive data should be encrypted for transmission.

Where it is necessary to establish trust, for example before relying on
information given to the esCERT, or before disclosing confidential
information, the identity and bona fide of the other party will be
ascertained to a reasonable degree of trust. Within UPC University,
and with known neighbour sites, referrals from known trusted people will
suffice to identify someone. Otherwise, appropriate methods will be used,
such as a search of FIRST members, the use of WHOIS and other Internet
registration information, etc, along with telephone call-back or e-mail
mail-back to ensure that the party is not an impostor. Incoming e-mail
whose data must be trusted will be checked with the originator personally,
or by means of digital signatures (PGP in particular is supported and
recommended).

EsCERT Keys can be found here:
http://escert.upc.edu/index.php/web/es/nos_certificados.html

5. Services

5.1 Incident Response

esCERT will assist system administrators in handling the technical and
organizational aspects of incidents. In particular, it will provide
assistance or advice with respect to the following aspects of incident
management:

5.1.1 Incident Triage

- Investigating whether indeed an incident occurred.
- Determining the extent of the incident.

5.1.2 Incident Coordination

- Determining the initial cause of the incident (vulnerability exploited).
- Facilitating contact with other sites which may be involved.
- Facilitating contact with UPC University Security.
- Making reports to other CSIRTs.
- Composing announcements to users, if applicable.

5.1.3 Incident Resolution (only on the UPC community)

- Removing the vulnerability.
- Securing the system from the effects of the incident.

In addition, esCERT will collect statistics concerning incidents which occur
within or involve the UPC University community, and will notify the community
as necessary to assist it in protecting against known attacks.

5.2 Proactive Activities

The esCERT coordinates and maintains the following services to the extent
possible depending on its resources:

- Information services

- List of departmental security contacts, administrative and technical.
- Mailing lists to inform security contacts of new information relevant
computer security. These lists will be available only to UPC University
system administrators.
- Repository of security tools and documentation for use by sysadmins.
Where possible, precompiled ready-to-install versions will be supplied.
These will be supplied to the general public via www or ftp.

- Training services
- Members of the esCERT will give periodic seminars on computer security
related topics; these seminars will be open to UPC University system
administrators.
- On demand training will also be provided when resources are available.

- Archiving services
- Records of security incidents handled will be kept. While the records
will remain confidential, periodic statistical reports will be made
available to the UPC University and UPCNet.

6. Incident Reporting Forms

If possible, use the following form when reporting a security incident:
http://escert.upc.edu/index.php/web/es/serv_respuesta.html
(This form is only available in Spanish)

7. Disclaimers

While every precaution will be taken in the preparation of information,
notifications and alerts, esCERT assumes no responsibility for errors or
omissions, or for damages resulting from the use of the information
contained within.

esCERT forma part de

És membre de