You are here
Home > CSIRT specification for National CERT

1. About this document

1.1 Date of Last Update

This is version 4.0, published in September 2013.
   
1.2 Distribution List for Notifications

National CERT does not have specific mailing list for notifications about changes of this document.

1.3 Locations where this Document May Be Found

The current version of this CSIRT document is available from the National CERT WWW site. Its URL is: http://www.cert.hr/sites/default/files/rfc2350_en.txt

1.4 Authenticating this Document

This document has been signed with the National CERT’s PGP key. 
Public PGP key of National CERT is available at:
http://www.cert.hr/sites/default/files/ncert.asc

Digital signature of the document is available here.

2. Contact Information

2.1 Name of the Team

“Croatian National CERT”

2.2 Address

CARNet
Department for National CERT
Josipa Marohnica 5
10000 Zagreb
Croatia

2.3 Time Zone

CET – Central European Time UTC+0100
(Start: last Sunday in October at 02:00; End: last Sunday in March at 02:00)
CEST – Central European Summer Time: UTC+0200
(Start: last Sunday in March at 03:00; End: last Sunday in October at 03:00)

2.4 Telephone Number

+385-1-6661-650

2.5 Facsimile Number

+385-1-6661-767 (not to use for secure information)

2.6 Other Telecommunication

There’s none available.

2.7 Electronic Mail Address

cnre@tectrh.r – This is an official mail address that relays mail for the members of National CERT team.

2.8 Public Keys and Other Encryption Information

National CERT has a PGP key.
KeyID is: 0xFCA254BB
Fingerprint is: E54B B60A C4D1 45E7 0FF4 CC5B E35C DB85 FCA2 54BB

PGP key with signature is available at most of the servers for key exchange.
  
2.9 Other Information

General information about the National CERT, as well as links to various recommended security resources, can be found at: http://www.cert.hr

2.10 Points of Customer Contact

The preferred method for reporting the incident is via e-mail to niicedtnc@re.trh, and also via fax.
The procedure of reporting an incident is described at:
http://www.cert.hr/en/report_incident.

Received reports about an incident will be handled by National CERT team.
National CERT recommends encryption of confidential information with PGP when reporting an incident.

If it is not possible (or not advisable from security reasons) to use e-mail, the National CERT can be reached by telephone during regular office hours.

National CERT’s hours of operation are generally restricted to regular business hours (09:00-16:00 Monday to Friday).

3. Charter

3.1 Mission Statement

The purpose of the National CERT is, first, to assist users of the Internet in Croatia by implementing proactive activities in order to reduce the risks of computer security incidents, and second, to coordinate responding to such incidents when they occur.

3.2 Constituency

The National CERT’s constituency is the whole Croatian domain .hr and all IP ranges in Croatia, except the Government bodies.

3.3 Sponsorship and/or Affiliation

The National CERT is sponsored by the Croatian Academic and Research Network – CARNet and National CERT is one of CARNet departments.
 
National CERT is affiliated with FIRST (Forum of Incident Response Teams) since 2009.

National CERT is taking part in TERENA’s CSIRT Task Force.

3.4 Authority

National CERT is founded according to “law of information security in the Republic of Croatia” and due to the prime concern is to handle incidents on Internet and thus maintenance of information security in Croatia.

By the operations Policy of National CERT is handling and incident, in case when at least one of the sides involved in the incident resides in Croatia.

In its field of jurisdiction, National CERT has rights to give directives, guidelines, recommendations, advices and opinions.

4. Policies

4.1 Types of Incidents and Level of Support

National CERT is authorized to address all types of computer security incidents to its constituency, which occur, or threaten to occur.

National CERT policy defines the following types of incidents:

  • Denial of Service (DoS)
  • Server compromise
  • Unwanted network activities
  • Spam
  • Phishing
  • Other types of malicious attacks

National CERT with its resources, involves in solving major incidents due to this priorities:

a)    Incidents are potential jeopardize for human lives
b)    Incidents which include the infrastructure of the Internet in the Republic of Croatia
c)    Incidents of major importance
d)    New forms of computer malicious attacks
e)    Other Incidents

Croatian National CERT team has to respond to an incident report in two (2) days.

4.2 Co-operation, Interaction and Disclosure of Information

National CERT co-operates with:

  • Office of the National Security Council (UVNS)
  • Information Systems Security Bureau (ZSIS)
  • Republic of Croatia, Ministry of Interior.

National CERT modulates activities with the Office of the National Security Council (UVNS) in the area of computer security regulations and in the area of euro-Atlantic integrations as well as cooperating with the Information Systems Security Bureau (ZSIS) and Republic of Croatia, Ministry of Interior. It also cooperates with foreign CERTs through membership in Forum of Incident Response and Security Teams (FIRST) and the Working Group TF-CSIRT.

4.3 Communication and Authentication

National CERT uses Internet, telephone, fax, electronic media and written form for communication with other CERT’s and other authorities responsible for information security.

During the storing, publishing and sending of information, National CERT ensures protection and verification of information by methods of crypto protection and electronic signature.

The other ways for verifying CERT’s authenticity, involves checking the lists of FIRST and trusted-introducer members, the usage of WHOIS server information, checking information at proper Internet registration authorities, by phone call confirmation and feedback e-mail.

5. Services

5.1 Incident Response

National CERT gives support for the following technical and organizational aspects:

5.1.1. Incident Triage

  • determine whether an incident can  be classified as computer security incident due to the policy of National CERT
  • security warnings are being created and distributed publicly on the basis of collected information
  • determining the extent of the incident  

5.1.2 Incident Coordination

Coordination of solving major incidents when at least one side is in Croatia.

5.1.3 Incident Resolution

Reactive measures of incident resolution include:

  • Security warnings
  • Coordination during resolution of major incidents

In addition, National CERT collects statistical information about incidents from its field of jurisdiction and informs the public of any kind known attacks if needed.
To get help in solving computer security incidents, the incident should be reported by e-mail according to parameters specified in section 2.11.

National CERT support  will be as defined in the section 4.1.

5.2 Proactive Activities

Preventing or mitigating possible damages, National CERT provides proactive activities before the incidents occur.

Information about proactive activities are publicly announced.

Proactive activities are:

Security warnings: National CERT provides and announces security warnings based on the foreseen trends, due to on time preparation for new threats and possible damages.

Technology track in the field of computer security:  National CERT is following the new technologies in the computer security field, and disseminates information about them.

Dissemination of informations from computer security field: National CERT collects, aggregates, generates and disseminates relevant information and information security documents

Rising the awareness of computer security: National CERT works on education of wider publicity, rising the awareness of computer security and possible threats.

Education and training from computer security: National CERT prepares and provides education activities in the information security filed for particular groups of users.

6. Important Notice

While every precaution will be taken in the preparation of information, notifications and alerts, National CERT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.

Top