Presentación

Presentación de esCERT UPC

esCERT Service Description According to RFC 2350

About this document

Date of Last Update

This is version 1.3, published 2009-11-16.

Distribution List for Notifications

Currently esCERT-UPC does not use any distribution lists to notify about changes in this document.

Locations where this Document May Be Found

The current version of this CSIRT description document is available from the esCERT WWW site at:

rfc2350esCERTv1_2.txt

Please make sure you are using the latest version.

 

Contact Information

Name of the Team

esCERT-UPC: The UPC University Computer Emergency Response Team.

Address

C/ Jordi Girona 1-3
Modul D6 007,
08034 Barcelona (SPAIN)

Time Zone

GMT+0100/0200 DST

Telephone Number

+34 934015795
+34 934016984

Facsimile Number

+34 934017055 (this is *not* a secure fax)

Other Telecommunication

None available.

Electronic Mail Address

<cert@escert.upc.edu>  This is a mail alias that relays mail to the human(s) on duty on esCERT.

Public Keys and Other Encryption Information

The esCERT has a PGP key, whose KeyID is 0xDAF483F4 and whose fingerprint is 3897 6DD7 6994 C2D3 F5B0 E8F0 4652 1917 DAF4 83F4.

The key and its signatures can be found at the usual large public keyservers.

Team Members

Manel Medina is the esCERT Director.
Other members of the team are:

-Manuel García-Cervigón

-Juan Berlanga

-Omar Carazo

-Jetzabel Serna

-Roberto Morales

Other Information

General information about the esCERT, as well as links to various recommended security resources, can be found at http://escert.upc.edu

Points of Customer Contact

The preferred method for contacting the esCERT is via e-mail at <cert@escert.upc.edu>; e-mail sent to this address will "biff" the responsible human, or be  automatically forwarded to the appropriate backup person immediately.  If you require urgent assistance, put "URGENTE" in your subject line.

If it is not possible (or not advisable for security reasons) to use e-mail, the esCERT can be reached by telephone during regular office hours.  Telephone messages are checked daily.

The esCERT's hours of operation are generally restricted to regular business hours (08:00-20:00 Monday to Friday except holidays).

If possible, when submitting your report, use the form mentioned in the Incident Reporting Form section .

 

Charter

Mission Statement

The purpose of the esCERT is to assist members of UPC University community in responding to security incidents when and if they occur.

EsCERT is also committed to proactively reduce the risk of computer security providing vulnerability alters, proactive network scans, IDSs deployment and related measures.

Constituency

The esCERT's constituency is the UPC University community and with partial support to the Spanish Internet Community.

However, please note that esCERT resolution services will be provided for on-site UPC systems only.

Sponsorship and/or Affiliation

Initially UPC (Universitat Politècnica de Catalunya), CICYT (Comisión Interministerial de Ciencia y Tecnología), Generalitat de Catalunya and CE (Comisión Europea) provided funds which made possible esCERT-UPC. Nowadays esCERT-UPC provides for 100% of its operational costs.

UPC provides networking infrastructure, space on its campus and telephone service to the esCERT.

esCERT maintains affiliations with various other CSIRTs on an as needed basis.

Authority

The esCERT operates under the auspices of, and with authority delegated by, the Department of Computing Services of UPC University (UPCNet).

The esCERT expects to work cooperatively with system administrators and users at UPC University, and, as far as possible, to avoid authoritarian  relationships.  However, should circumstances warrant it, the esCERT will appeal to Computing Services to exert its authority, direct or indirect, as necessary.

Members of the esCERT in contact with UPCNet which provides networking infrastructure to the UPC community and has established protocols and granted authority to enforce networking restrictions should the need arise.
 

Policies

Types of Incidents and Level of Support

The esCERT is authorized to address all types of computer security incidents which occur, or threaten to occur, at its constituency.

The level of support given by esCERT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the esCERT's resources at the time, though in all cases some response will be made within two working days.

Incidents will be prioritised according to their apparent severity and extent. These incidents will be assessed as to their relative severity at esCERT's discretion.

No direct support other than general security information will be given to end users; they are expected to contact their system administrator, network  administrator, or department head for assistance.  The esCERT will support the latter people.

While the esCERT understands that there exists great variation in the level of system administrator expertise at UPC University, and while the esCERT will endeavour to present information and assistance at a level appropriate to each person, the esCERT cannot train system administrators on the fly but it will perform system maintenance on their behalf when needed.

In most cases, the esCERT will provide pointers to the information needed to implement appropriate measures if system administrators are capable of taking appropriate measures by themselves.

The esCERT is committed to keeping the UPC University system administration community informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited. Distribution lists are available for such task.

Co-operation, Interaction and Disclosure of Information

esCERT defaults to keep all information relative to incidents confidential.

While appropriate measures will be taken to protect the identity of members of our constituency and members of neighbouring sites where necessary, the esCERT will otherwise share information freely when this will assist others in resolving or preventing security incidents.

Communication and Authentication

In view of the types of information that the esCERT will likely be dealing with, telephones will be considered sufficiently secure to be used even unencrypted.  Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.

If it is necessary to send highly sensitive data by e-mail, PGP will be used.  Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.

Where it is necessary to establish trust, for example before relying on information given to the esCERT, or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable degree of trust.  Within UPC University, and with known neighbor sites, referrals from known trusted people will suffice to identify someone.  Otherwise, appropriate methods will be used, such as a search of FIRST members, the use of WHOIS and other Internet registration information, etc, along with telephone call-back or e-mail mail-back to ensure that the party is not an impostor. Incoming e-mail whose data must be trusted will be checked with the originator personally, or by means of digital signatures (PGP in particular is supported and recommended).

EsCERT Keys can be found here: http://escert.upc.edu/index.php/web/es/nos_certificados.html

 

Services

Incident Response

esCERT will assist system administrators in handling the technical and organizational aspects of incidents.  In particular, it will provide assistance or advice with respect to the following aspects of incident management:

Incident Triage

  • Investigating whether indeed an incident occurred.
  • Determining the extent of the incident.

Incident Coordination 

  • Determining the initial cause of the incident (vulnerability exploited).
  • Facilitating contact with other sites which may be involved.
  • Facilitating contact with UPC University Security.
  • Making reports to other CSIRTs.
  • Composing announcements to users, if applicable.

Incident Resolution (only on the UPC community)

  • Removing the vulnerability.
  • Securing the system from the effects of the incident.

In addition, esCERT will collect statistics concerning incidents which occur within or involve the UPC University community, and will notify the community as necessary to assist it in protecting against known attacks.

Proactive Activities

The esCERT coordinates and maintains the following services to the extent possible depending on its resources:

  • Information services
  • List of departmental security contacts, administrative and technical.
    • Mailing lists to inform security contacts of new information relevant computer security. These lists will be available only to UPC University system  administrators.
    • Repository of security tools and documentation for use by sysadmins.  Where possible, precompiled ready-to-install versions will be supplied.  These will be supplied to the general public via www or ftp.
      • Training services
      • Members of the esCERT will give periodic seminars on computer security related topics; these seminars will be open to UPC University system administrators.
      • On demand training will also be provided when resources are available.
      • Archiving services
      • Records of security incidents handled will be kept. While the records will remain confidential, periodic statistical reports will be made available to the UPC University and UPCNet.

 

Incident Reporting Forms

If possible, use the following form when reporting a security incident: (This form is only available in Spanish)

http://escert.upc.edu/content/respuesta-incidentes-0

 

Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, esCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

 

PGP/Certificados

Para asegurar una comunicación electrónica segura, esCERT-UPC proporciona su clave PGP, así como sus certificados raíz.

Clave Pública PGP certescert.upc.edu

key ID: 0xDAF483F4

Fingerprint: 3897 6DD7 6994 C2D3 F5B0 E8F0 4652 1917 DAF4 83F4

Clave Pública PGP mgarciacescert.upc.edu

key ID: 0x4869A491

Fingerprint: 168E A272 53C1 382E 1EC3 FF0D 77F0 2853 4869 A491

Clave Pública PGP ocarazoescert.upc.edu

key ID: 0x82CAEB70

Fingerprint: 196F F765 56F2 3CBE 3962 A141 3341 CDAF 82CA EB70 

Clave Pública PGP jberlangaescert.upc.edu

key ID: 0x845A73A3

Fingerprint: 6A1A FBA8 435A C693 853E 228D 13E6 2C65 845A 73A3

 

Certificados Raíz

esCERT-UPC está involucrado en distintos proyectos relacionados con PKIX (Public Key Infrastructure X.509) y administra varias Autoridades de Certificación, cuyos certificados raíz pueden encontrarse en los siguientes enlaces:

Certificados UPC

Si desea solicitar un certificado para un servidor de la UPC, acceda a la web https://peticions.escert.upc.edu:8080

Encuentre más información aquí.

Foros

 

esCERT es miembro de TF-CSIRT (Task Force-Collaboration of Incident Response Teams) y junto con otros equipos de seguridad como los de las compañías Telia o British Telecom cuenta con el LEVEL 2.

En el ámbito internacional, esCERT-UPC participa en el FIRST, principal foro de coordinación de los diferentes CERTs de todo el mundo, así como con TERENA, más centrada a nivel europeo.  A nivel nacional, esCERT-UPC forma parte de CSIRT-ES, grupo de colaboración entre los equipos de seguridad españoles. En la misma línea, se participa en el Foro ABUSES, formado por un grupo de colaboración entre los equipos que gestionan incidentes de abuse de operadores españoles

También en Europa se colabora con ESRIF (European Security Research & Innovation Forum), que asesora a la Comissión Europea sobre el contenido de los programas de financiación de la I+D+i, los tipos de proyectos y tecnologias que se deben desarrollar.

esCERT-UPC colabora también con entidades nacionales como el Institut d'Estudis de Seguretat (IES), organización dedicada a estimular y difundir desde una perspectiva transdisciplinar las problemáticas sociales bajo el ámbito conceptual de la seguridad.

Finalmente, esCERT-UPC participa en la iniciativa "I secure Internet", en colaboración con INTECO y otros grupos dedicados a la seguridad informática, con el propósito de incentivar una navegación segura por Internet para todos.

 

 

Team Members

Team members are:

  • Manel Medina Llinàs  -  medinaescert.upc.edu
  • Manuel García-Cervigón Gutiérrez  -  mgarciacescert.upc.edu
  • Omar Carazo Torres  -  ocarazoescert.upc.edu
  • Juan Berlanga Fuentes  -  jberlangaescert.upc.edu
  • Roberto Morales Pacheco  -  rmoralesac.upc.edu
  • Jetzabel M. Serna Olvera  -  jetzabelac.upc.edu

 

esCERT UPC

esCERT-UPC ayuda y asesora en temas de seguridad informática y gestión de incidentes en redes telemáticas. Los principales objetivos de nuestra organización son:

  • Informar sobre vulnerabilidades de seguridad y amenazas.
  • Divulgar y poner a disposición de la comunidad información que permita prevenir y resolver incidentes de seguridad.
  • Realizar investigaciones relacionadas con la seguridad informática.
  • Educar a la comunidad en general sobre temas de seguridad.

De esta forma esCERT pretende mejorar la seguridad de los sistemas informáticos y a su vez aumentar el nivel de confianza de las empresas y de los usuarios en las redes telemáticas. Se puede colaborar con nosotros:

  • Prescribiendo nuestros servicios
  • Reportando incidentes
  • Constituyendo equipos de Respuesta a Incidentes
  • Contratando nuestros servicios
  • Colaborando en la divulgación de la Seguridad Informática
  • Patrocinando la coordinación de incidentes

 

Historia

A principios de la década de los noventa surge en Europa una iniciativa dispuesta a crear Equipos de Respuestas a Incidentes de Seguridad en Ordenadores. Gracias al apoyo del programa técnico TERENA se empiezan a crear CSIRT europeos, es entonces cuando aparece, concretamente a finales de 1994, esCERT-UPC (Equipo de Seguridad para la Coordinación de Emergencias en Redes Telemáticas) como primer centro español dedicado a asesorar, prevenir y resolver incidencias de seguridad en entornos telemáticos.

Contact Information

Name of the Team

esCERT-UPC: The UPC University Computer Emergency Response Team.

Electronic Mail Address

This is a mail alias that relays mail to the human(s) on duty on esCERT.

  • certescert.upc.edu

Time Zone GMT+0100/0200 DST

Telephone Number (+34 934015795)

Fax (+34 934016984)

Facsimile Number (+34 934017055) (this is *not* a secure fax)

Address

       C/ Jordi Girona 1-3

       Modul D6 007, 08034

       Barcelona (SPAIN) 


View Larger Map

esCERT Service Description According to RFC 2350

About this document

Date of Last Update

This is version 1.3, published 2009-11-16.

Distribution List for Notifications

Currently esCERT-UPC does not use any distribution lists to notify about changes in this document.

Locations where this Document May Be Found

The current version of this CSIRT description document is available from the esCERT WWW site at:

rfc2350esCERTv1_2.txt

Please make sure you are using the latest version.

 

Contact Information

Name of the Team

esCERT-UPC: The UPC University Computer Emergency Response Team.

Address

C/ Jordi Girona 1-3
Modul D6 007,
08034 Barcelona (SPAIN)

Time Zone

GMT+0100/0200 DST

Telephone Number

+34 934015795
+34 934016984

Facsimile Number

+34 934017055 (this is *not* a secure fax)

Other Telecommunication

None available.

Electronic Mail Address

<cert@escert.upc.edu>  This is a mail alias that relays mail to the human(s) on duty on esCERT.

Public Keys and Other Encryption Information

The esCERT has a PGP key, whose KeyID is 0xDAF483F4 and whose fingerprint is 3897 6DD7 6994 C2D3 F5B0 E8F0 4652 1917 DAF4 83F4.

The key and its signatures can be found at the usual large public keyservers.

Team Members

Manel Medina is the esCERT Director.
Other members of the team are:

-Manuel García-Cervigón

-Juan Berlanga

-Omar Carazo

-Jetzabel Serna

-Roberto Morales

Other Information

General information about the esCERT, as well as links to various recommended security resources, can be found at http://escert.upc.edu

Points of Customer Contact

The preferred method for contacting the esCERT is via e-mail at <cert@escert.upc.edu>; e-mail sent to this address will "biff" the responsible human, or be  automatically forwarded to the appropriate backup person immediately.  If you require urgent assistance, put "URGENTE" in your subject line.

If it is not possible (or not advisable for security reasons) to use e-mail, the esCERT can be reached by telephone during regular office hours.  Telephone messages are checked daily.

The esCERT's hours of operation are generally restricted to regular business hours (08:00-20:00 Monday to Friday except holidays).

If possible, when submitting your report, use the form mentioned in the Incident Reporting Form section .

 

Charter

Mission Statement

The purpose of the esCERT is to assist members of UPC University community in responding to security incidents when and if they occur.

EsCERT is also committed to proactively reduce the risk of computer security providing vulnerability alters, proactive network scans, IDSs deployment and related measures.

Constituency

The esCERT's constituency is the UPC University community and with partial support to the Spanish Internet Community.

However, please note that esCERT resolution services will be provided for on-site UPC systems only.

Sponsorship and/or Affiliation

Initially UPC (Universitat Politècnica de Catalunya), CICYT (Comisión Interministerial de Ciencia y Tecnología), Generalitat de Catalunya and CE (Comisión Europea) provided funds which made possible esCERT-UPC. Nowadays esCERT-UPC provides for 100% of its operational costs.

UPC provides networking infrastructure, space on its campus and telephone service to the esCERT.

esCERT maintains affiliations with various other CSIRTs on an as needed basis.

Authority

The esCERT operates under the auspices of, and with authority delegated by, the Department of Computing Services of UPC University (UPCNet).

The esCERT expects to work cooperatively with system administrators and users at UPC University, and, as far as possible, to avoid authoritarian  relationships.  However, should circumstances warrant it, the esCERT will appeal to Computing Services to exert its authority, direct or indirect, as necessary.

Members of the esCERT in contact with UPCNet which provides networking infrastructure to the UPC community and has established protocols and granted authority to enforce networking restrictions should the need arise.
 

Policies

Types of Incidents and Level of Support

The esCERT is authorized to address all types of computer security incidents which occur, or threaten to occur, at its constituency.

The level of support given by esCERT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the esCERT's resources at the time, though in all cases some response will be made within two working days.

Incidents will be prioritised according to their apparent severity and extent. These incidents will be assessed as to their relative severity at esCERT's discretion.

No direct support other than general security information will be given to end users; they are expected to contact their system administrator, network  administrator, or department head for assistance.  The esCERT will support the latter people.

While the esCERT understands that there exists great variation in the level of system administrator expertise at UPC University, and while the esCERT will endeavour to present information and assistance at a level appropriate to each person, the esCERT cannot train system administrators on the fly but it will perform system maintenance on their behalf when needed.

In most cases, the esCERT will provide pointers to the information needed to implement appropriate measures if system administrators are capable of taking appropriate measures by themselves.

The esCERT is committed to keeping the UPC University system administration community informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited. Distribution lists are available for such task.

Co-operation, Interaction and Disclosure of Information

esCERT defaults to keep all information relative to incidents confidential.

While appropriate measures will be taken to protect the identity of members of our constituency and members of neighbouring sites where necessary, the esCERT will otherwise share information freely when this will assist others in resolving or preventing security incidents.

Communication and Authentication

In view of the types of information that the esCERT will likely be dealing with, telephones will be considered sufficiently secure to be used even unencrypted.  Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.

If it is necessary to send highly sensitive data by e-mail, PGP will be used.  Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.

Where it is necessary to establish trust, for example before relying on information given to the esCERT, or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable degree of trust.  Within UPC University, and with known neighbor sites, referrals from known trusted people will suffice to identify someone.  Otherwise, appropriate methods will be used, such as a search of FIRST members, the use of WHOIS and other Internet registration information, etc, along with telephone call-back or e-mail mail-back to ensure that the party is not an impostor. Incoming e-mail whose data must be trusted will be checked with the originator personally, or by means of digital signatures (PGP in particular is supported and recommended).

EsCERT Keys can be found here: http://escert.upc.edu/index.php/web/es/nos_certificados.html

 

Services

Incident Response

esCERT will assist system administrators in handling the technical and organizational aspects of incidents.  In particular, it will provide assistance or advice with respect to the following aspects of incident management:

Incident Triage

  • Investigating whether indeed an incident occurred.
  • Determining the extent of the incident.

Incident Coordination 

  • Determining the initial cause of the incident (vulnerability exploited).
  • Facilitating contact with other sites which may be involved.
  • Facilitating contact with UPC University Security.
  • Making reports to other CSIRTs.
  • Composing announcements to users, if applicable.

Incident Resolution (only on the UPC community)

  • Removing the vulnerability.
  • Securing the system from the effects of the incident.

In addition, esCERT will collect statistics concerning incidents which occur within or involve the UPC University community, and will notify the community as necessary to assist it in protecting against known attacks.

Proactive Activities

The esCERT coordinates and maintains the following services to the extent possible depending on its resources:

  • Information services
  • List of departmental security contacts, administrative and technical.
    • Mailing lists to inform security contacts of new information relevant computer security. These lists will be available only to UPC University system  administrators.
    • Repository of security tools and documentation for use by sysadmins.  Where possible, precompiled ready-to-install versions will be supplied.  These will be supplied to the general public via www or ftp.
      • Training services
      • Members of the esCERT will give periodic seminars on computer security related topics; these seminars will be open to UPC University system administrators.
      • On demand training will also be provided when resources are available.
      • Archiving services
      • Records of security incidents handled will be kept. While the records will remain confidential, periodic statistical reports will be made available to the UPC University and UPCNet.

 

Incident Reporting Forms

If possible, use the following form when reporting a security incident: (This form is only available in Spanish)

http://escert.upc.edu/content/respuesta-incidentes

 

Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, esCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

 

Quienes somos?

En esCERT contamos con un equipo experto en el ámbito de la seguridad informática. A continuación presentamos los componentes del equipo:

  • Manel Medina Llinàs  -  medinaescert.upc.edu
  • Manuel García-Cervigón Gutiérrez  -  mgarciacescert.upc.edu
  • Omar Carazo Torres  -  ocarazoescert.upc.edu
  • Juan Berlanga Fuentes  -  jberlangaescert.upc.edu
  • Roberto Morales Pacheco  -  rmoralesac.upc.edu
  • Jetzabel M. Serna Olvera  -  jetzabelac.upc.edu