Așteptări de la CSIRT (RFC-2350)

asteptari de la csirt

1. About this document

1.1 Date of Last Update

This is version 2.0, published 17.04.2018

1.2 Distribution List for Notifications

None available

1.3 Locations where this Document May Be Found

The latest version of this CSIRT description document is available from the CERT-GOV-MD web site – www.cert.gov.md

Please make sure you are using the latest version.

2. Contact Information

2.1 Name of the Team

„Cyber Security Center CERT-GOV-MD”

2.2 Address

The State Chancellery of Republic of Moldova

Center of Special telecommunications S.E.

Cyber Security Center CERT-GOV-MD

Republic of Moldova

Piaţa Marii Adunări Naţionale, 1

mun. Chişinău, MD-2033

2.3 Time Zone

GMT+0200, and GMT+0300 from April to October

2.4 Telephone Number

(+373 22) 820-900 (ask for the CERT-GOV-MD)

2.5 Facsimile Number

(+373 22) 250 522

2.6 Other Telecommunication

None available

2.7 Electronic Mail Address

For incidents: incidents@cert.gov.md

For other questions: info@cert.gov.md

2.8 Public Keys and Other Encryption Information

The CERT-GOV-MD has a PGP key, whose details are:

User ID: CSC CERT-GOV-MD (Cyber Security Center CERT-GOV-MD Official Contact) <info@cert.gov.md>

KeyID: 0x0A921FED

Fingerprint: 1697 36E5 04BC EE1B 99F5 EA52 0D53 FFE2 0A92 1FED

Public key of CERT-GOV-MD is available from:

http://cert.gov.md/fileadmin/user_upload/pub_key/0x0A921FED.asc

2.9 Other Information

General information about the CERT-GOV-MD, as well as links to various recommended security resources, can be found at http://www.cert.gov.md/

2.10 Points of Customer Contact

The preferred method for contacting the CERT-GOV-MD is via e-mail at info@cert.gov.md; e-mail sent to this address will „biff” the responsible human, or be automatically forwarded to the appropriate backup person.  If you require urgent assistance, put „urgent” in your subject line.

If it is not possible (or not advisable for security reasons) to use e-mail, the CERT-GOV-MD can be reached by telephone during regular office hours.

The CERT-GOV-MD’s hours of operation are generally restricted to regular business hours (08:00-17:00 Monday to Friday except official holidays).

If possible, when submitting your report, use the form located at http://www.cert.gov.md/incidente/raportare-incidente.html

3. Charter

3.1 Mission Statement 

Our mission is to assist in protection of information, resources and telecommunication systems of our constituencies from unauthorized access, illegal usage and violations of it is confidentiality, integrity and availability.

The goals of the CERT-GOV-MD are:

  • To serve a single of point of contact for reporting cybersecurity incidents;
  • Handling of computer incidents reports, preliminary examination of the facts and the situation on the basis of received information, providing emergency assistance to users to prevent hacker and virus attacks to computer systems.
  • Timely notice to the competent organizations of the Republic of Moldova of emerging threats to computer security, distribute information to prevent them.
  • Interaction and cooperation with foreign CERT’s on legal support of information security, exchange information and experience with them.
  • Develop recommendations to users about the use of the most effective security practices to ensure the prevention of illegal break-in of information systems.

3.2 Constituency

CERT-GOV-MD’s constituency are central and regional state governance authorities, specialized organs of state security and telecommunications,  academies and universities of the Republic of Moldova as defined in the Government Decision № 840 of 26.07.2004 and its Annex №1.

Internet domain and/or IP address information describing the constituency: AS25319 and AS39279

3.3 Sponsorship and/or Affiliation

The CERT-GOV-MD is sponsored by the Center of Special Telecommunications S.E. It maintains affiliations with various CSIRTs on an as needed basis.

3.4 Authority

The CERT-GOV-MD authority spans on informational and telecommunication systems of public administration authorities (AS25319 and AS39279) and is limited by the role of its sponsoring organization S.E. CTS.

4. Policies

4.1 Types of Incidents and Level of Support

The CERT-GOV-MD is authorized to address all types of computer security incidents, which occur, or threaten to occur in Moldavian informational and telecommunication systems of public administration authorities and S.E. CTS networks and information systems.

The level of support given by CERT-GOV-MD will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the CERT-GOV-MD’s resources at the time, though in all cases some response will be made within one working day.

Note that no direct support will be given to end users; they are expected to contact their system administrator, network administrator, or department head for assistance.

4.2 Co-operation, Interaction and Disclosure of Information

CERT-GOV-MD exchanges all necessary information with other CSIRTs if they are CERT-GOV-MD partners in investigation of a security incident.

CERT-GOV-MD exchanges information with other parties only if all necessary measures were taken in order to prevent any form of identity disclosure, and, if this is not possible, only if CERT-GOV-MD is explicitly authorized by affected party.

All sensitive data and information (personal data, system/service configuration, vulnerabilities with their locations) are transmitted in encrypted form.

4.3 Communication and Authentication

In view of the types of information that the CERT-GOV-MD will likely be dealing with, telephones will be considered sufficiently secure to be used even unencrypted.  Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.  If it is necessary to send highly sensitive data by e-mail, PGP will be used.  Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.

Where it is necessary to establish trust, for example before relying on information given to the CERT-GOV-MD, or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable degree of trust.  Within CERT-GOV-MD, and with known neighbor sites, referrals from known trusted people will suffice to identify someone.  Otherwise, appropriate methods will be used, such as a search of FIRST members, the use of WHOIS and other Internet registration information, etc, along with telephone call-back or e-mail mail-back to ensure that the party is not an impostor.  Incoming e-mail whose data must be trusted will be checked with the originator personally, or by means of digital signatures (PGP in particular is supported).

5. Services

  • Alerts and warnings
  • Artifact response
  • Artifact response coordination
  • Incident analysis
  • Incident response support
  • Incident response coordination
  • Vulnerability analysis
  • Vulnerability response
  • Vulnerability response coordination
  • Intrusion detection services
  • Security-related information dissemination
  • Awareness building

6. Incident Reporting Forms

The current version of incident report form is available at cert.gov.md website.

7. Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, CERT-GOV-MD assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.