AzScienceCERT RFC 2350

 

1. About this document
This document contains a description of AzScienceCERT according to RFC 2350. It provides basic information about the AzScienceCERT, the ways it can be contacted, describes its responsibilities and the services offered.

1.1 Date of last Update
This is version 1.3 published 28th March, 2011.

1.2 Localization where this document my be found
The current version of this document is available on the AzScienceCERT web site:
http://www.sciencecert.az/en/rfc-2350en.html.
Please make sure you are using the latest version.

1.3 Distribution List for Document
The current version of this profile is always available on: http//www.sciencecert.az/en/
Any specific questions or remarks please address to the AzScienceCERT mail address.

1.4 Authenticating this Document
Azerbaijanian and English versions of this document are signed with AzScienceCERT cryptographic key. AzScienceCERT public key can be found at AzScienceCERT web site.


2. Contact Information

2.1 Name of the Team
AzScienceCERT: CSIRT team for AzScienceNet, Azerbaijan National Academy of sciences

2.2 Address
Az 1141

2.3 Time Zone
CET - Central European Time zone: UTC+0300
Daylight saving time: UTC+0400 (from the last Sunday in March till the last Sunday in October)

2.4 Telephone Number
+994125104253

2.5 Facsimile Number
+994124396121
(This is not a secure fax)

2.6 Other Telecommunication
Not in use at the moment.

2.7 electronic Mail Address
info@sciencecert.az

2.8 Public Keys and Encryption information
AzScienceCERT uses PGP for digital signatures and to encrypt information/ our public PGP key is available on PGP/GPG keyservers and at http://www.sciencecert.az/publickey.html. Information about the key:
Key-id: 0x43CF0606
Fingerprint: 4873 54C4 4B5F 1698 DFC3 C302 007A AC53 43CF 0606
Please use this key to encrypt messages sent to AzscienceCERT. Sign your message using your own key pleases. It helps if that key is verifiable using the public key servers. Messages from AzScienceCERT will in due cases be signed using the same AzScienceCERT key. Its credentials can be checked by you on the public key servers.

2.9 Team Members
Dr. Yadigar Imamverdiyev is the Team Manager of AzScenceCERT. A full list of other members of AzScienceCERT is not publicly available. Team members will identify themselves to the reporting party with their full name in an official communication regarding an incident.

2.10 Other Information
General information about the AzScienceCERT as well as links to various
Recommended security resources, can be found at: www.sciencecert.az
 
2.11 Points of Contact with Customer
The preferred method for contacts with AzScienceCERT is via electronic mail info@sciencecert.az.
E-mail messages send to info@sciencecert.az shall be processed by CERT staff. Messages containing classified information shall be encrypted with public PGP or GPG cryptographic key.
If it is not possible to send e-mail or security circumstances do not allow doing so, AzScienceCERT can be reached via telephone within operation hours.
AzScienceCERT activities, apart from extraordinary situations, are performed within operation hours from 09:00 to 18:00 local time (Monday to Friday except holidays).
Off these hours incoming phone calls are transmitted to an answering machine. All messages recorded are checked as soon as possible.


3. Charter
3.1 Mission Statement
AzScienceCERT offers assistance in computer and network security incident handling and provides incident coordination functions for all incidents involving system and networks connected to AzScienceNet.
AzScienceCERT also handles incidents that originate in Azerbaijani networks and reported by any Azerbaijani or foreign persons or institutions.
In various ways AzScienceCERT helps raising awareness on issue of network and information security and provides advisories and alerts to the general public.

3.2 Constituency
The AzScienceCERT offers full CSIRT services to all organizations connected by AzScienceNet.
AzScienceNet provides advanced communication services to the scientific community and national universities. It is funded by the Azerbaijan National Academy of sciences (ANAS). Main users are staff and PhD students of the ANAS instituions.

3.3 Sponsorship and/or affiliation
ANAS or Azerbaijan National Academy of Sciences is established by the Government of the Republic of Azerbaijan. AzScienceCERT is part of ANAS. ANAS is funded by the Republic of Azerbaijan state budget.

3.4. Authority
AzScienceCERT operates under the auspices of, and with authority delegated by, the president of ANAS.
The AzScienceCERT expects to work cooperatively with system administrators and users at AzScienceNet connected institutions, and, insofar as possible, to avoid authoritarian relationship. However and according to the AzScienceNet AUP, should circumstances warrant it, AzScienceCERT has the authority to take the measures it deems appropriate to properly handle a computer security related incident.


4. Policies
 4.1. Types of Incidents and Level of Support
AzScienceCERT is authorized to addresses all types of computer security incidents which occurs at its constituency.
AzScienceCERT may act upon requests of one of its constituents or may act if its constituents is involved in a computer security incident.
The level of support given by AzScienceCERT will vary depending in the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and AzScienceCERT's resources at the time.

Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or department head for assistance. AzScienceCERT will support the latter people.

AzScienceCERT is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.

4.2. Co-operation, Interaction and Disclosure of Information
All incoming information is handled confidentially by AzScienceCERT, regardless of its priority.
Information that is evidently very sensitive in nature is only communicated in an encrypted fashion. When reporting an incident of very sensitive nature, please state so explicitly (e.g. by using the label VERY SENSITIVE in the subject filed of e-mail) and use encryption as well.

AzScienceCERT will cooperate with other organizations in the field of computer security. This cooperation also includes and often requires the exchange of information regarding security incidents and vulnerabilities. Nevertheless AzScienceCERT will protect the privacy of its constituency and therefore (under normal circumstances) pass on information in an anonymized way only.
AzScienceCERT discloses information to other bodies only in accordance with applicable the Azerbaijan Republic legislation when presented with a court order.
AzScienceCERT does not report incidents to law enforcement, unless the Azerbaijan Republic law requires so as in the case of first-degree crime. Likewise, AzScienceCERT cooperates with law enforcement in the course of an official investigation only, meaning a court order is present, AND in case a AzScienceCERT constituent requests that AzScienceCERT cooperates in an investigation. In the latter case, when a court order is absent, AzScienceCERT will only provide information on a need-to-know base.

4.3. Communication and Authentication
For communication not containing sensitive information AzScienceCERT will use conventional methods like telephone, unencrypted e-mail or fax.
If it is necessary to send high sensitivity data by e-mail, PGP will be used. Network file transfers will be considered similar to e-mail for these proposes: sensitive data should be encrypted for transmission.
If it is necessary to authenticate a person before communicating, this can be done by methods like call-back, mail-back or even face-to-face meeting if necessary.


5.Services
5.1 Incident Response
AzScienceCERT will assist its constituency in handling the technical and organization aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:

5.1.1 Incident triage
AzScienceCERT Incident triage includes:
Determining whether an incident is authentic.
Assessing and prioritizing the incident.

5.1.2 Incident Coordination
AzScienceCERT Incident Coordination includes:
Determining the initial cause of the incident (exploited vulnerability).
Contacting the involved organizations to investigate the incident and take appropriate steps.
Facilitating contact to other parties which can help resolve the incident.
Facilitating contact with appropriate security teams and/or law enforcement officials if necessary.
Composing announcements to users (members of the constituency), if applicable.

5.1.3 Incident Resolution
AzScienceCERT incident resolution services include:
Technical Assistance. This may include analysis of compromised systems.
Recommendation on Eradication or Elimination of the cause of security incident (vulnerability exploited), and its effects.
Recovery Aid in resorting affected systems and services to their status before.
Suggestions in securing the system from the effects of the incident.

AzScienceCERT will also collect statistic about incidents which occur within or involve its constituency and will notify the community as necessary to assist it in protecting against known attacks.

5.2 Proactive Activities
Proactive services provide means to reduce the number of actual incidents by giving proper and suitable information concerning potential incidents to the constituency. AzScienceCERT additional proactive services include:

5.2.1 Announcements
AzScienceCERT will provide its constituency with information about ongoing attacks, security vulnerabilities, alert in the general sense, and short-term recommended course of action for dealing with the resulting problems.

5.2.2 Vulnerability Analysis
AzScienceCERT will assist its constituency in reaction to the discovery of new vulnerabilities. A database is maintained collecting information of vulnerabilities, automatically, via network scans scan and by other means.

5.2.3 User Awareness Program
AzScienceCERT will attempt to provide valuable educational materials aimed at increasing the awareness of security as well as improving the overall knowledge of security techniques among the members of the constituency. These materials in electronic formats will be distributed through the official website.

5.2.4 Archiving services
Records of security incidents handled will be kept. While the records will remain confidential, periodic statistical reports will be made available to the AzScienceCERT constituency.

5.3 Security Quality Management Services
In order to supervise and to increase the quality of the offered services, the following services are performed:
Awareness Building
Education/Training

5.3.1 Documentation
A documentation is maintained, dealing with the following topics:
The procedures being part of the services are documented.
Results of Incident Management and Incident Analysis are documented, resulting in suggestions how to improve the services or systems, respectively.

5.3.2 Statistics
This service provides statistics of the offered services. The statistics serve as a base for evaluating the quality the services and, if possible, improving them.

5.3.3 Education and Training
Team members are constantly trained to enhance their skills and capacities.


6. Incident Reporting Forms
If possible, use the following from when reporting a security incident:
http//www.sciencecert.az/incident.php (Azerbaijani version)
http//www.sciencecert.az/en/incident.php (English version)

 

7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, AzScienceCERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

 Contacts:
 Phone: (994 12) 5104253
 E-mail: info at sciencecert dot az
2013 ©  Institute of Information Technology of ANAS
All rights reserved. Any use of information in the website should be accompanied by an acknowledgement of sciencecert.az as the source.