NORDUnet CERT RFC 2350 Profile

1. Document Information

This document complies with RFC 2350.

1.1. Date of Last Update

This is version 1.3.3 as of August 5, 2019.

1.2. Distribution List for Notifications

This profile is kept up-to-date in the location specified in section 1.3.
E-mail notification of updates are sent to NORDUnet CERT management and investigators.
Please send any questions about updates to the NORDUnet CERT team e-mail address: cert@nordu.net

1.3. Locations where this Document May Be Found

The current version of this profile is always available at NORDUnet CERT RFC 2350 Profile

 

2. Contact Information

1. Name of the Team

Full name: NORDUnet CERT Computer Emergency Response Team.
Short name: NORDUnet CERT

2.2. Addresses

2.2.1 Mail address

NORDUnet CERT
NORDUnet A/S
Kastruplundgade 22
DK-2770 Kastrup
Denmark

2.2.2 Visiting address

NORDUnet CERT
Tulegatan 11

Stockholm, Sweden

2.3. Time Zone

CET/CEST

2.4. Telephone Number

NORDUnet CERT regular telephone number: +46 8 20 78 60
NORDUnet CERT emergency telephone number: +46 8 20 78 60

2.5. Facsimile Number

NORDUnet CERT facsimile number: +45 45 76 23 66

2.6. Other Telecommunication

Not applicable.

2.7. Electronic Mail Address

Please send incident reports that relate to NORDUnet, including copyright issues, spam and abuse to abuse@nordu.net.
For encrypted communication cert@nordu.net should be used, see further below.

2.8. Public Keys and Encryption Information

Please encrypt any sensitive e-mail with the NORDUnet CERT PGP key with 

PGP keyed 0x14711F43
and
PGP fingerprint 9FA7 D89D C01D A798 28BA  3569 5BC3 8A83 1471 1F43

and send it to cert@nordu.net

Please sign messages using a key that is verifiable using the public keyservers. Because all NORDUNET CERT investigators can read mail encrypted with the cert@nordu.net key, individuals can use it if they cannot find a key for a specific NORDunet CERT team member.

2.9. Team Members

No public information is provided about NORDUnet CERT team members.

2.10. Other Information

Further information about the NORDUnet CERT can be found at NORDUnet CERT

NORDUnet CERT is "Certified" by the Trusted Introducer (TI) since 1 June 2016 and has been registered as "TI Accredidited CERT" since 31 Aug 2000; see https://www.trusted-introducer.org/teams/nordunet-cert.html for details. NORDUnet CERT is a member of Forum for Incident Response and Security Teams (FIRST); see https://www.first.org/members/teams/nordunet for details.

2.11. Points of Customer Contact

The preferred method for contacting NORDUnet CERT is e-mail.

  • For general inquiries, please send e-mail to: cert@nordu.net
  • For abuse or security issues, please use abuse@nordu.net
  • For network, server, or service issues, please use noc@nordu.net
  • In an emergency, contact NORDUnet CERT on +46 8 20 78 60

 

NORDUnet CERT's hours of operation are generally restricted to regular business hours, or 07:00 to 19:00 Monday to Friday except public holidays.

 

3. Charter

3.1. Mission Statement

The NORDUnet CERT mission is to:

  • Keep informed of new security threats and vulnerabilities 
  • Respond promptly and when IT security incident's occur within the NORDUnet mgt services.
  • Cooperate and coordinate with CERT's and any relevant stakeholders that have specific tasks in the field of information security.
  • Act as NORDUnet's point of contact for equivalent services in other countries, and develop cooperation and information exchanges with them

3.2. Constituency

NORDUnet serves its own infrastructure and its member organisations where applicable.

The NORDUnet AS-number is: 2603

3.3. Sponsoring Organisation / Affiliation

NORDUnet CERT operates with the authority delegated by NORDUnet.

3.4. Authority

NORDUnet CERT operates under the auspices of the NORDUnet members and the supervision of the NORDUnet management.
 

 

4. Policies

4.1. Types of Incidents and Level of Support

All incidents classified in CERT - Security Severity Guidelines

4.2. Co-operation, Interaction, and Disclosure of Information

NORDUnet CERT strives to closely collaborate with the NREN and CSIRT community to protect the infrastructure and data of NORDUnet and its members. Only data that is required to resolve from the specific incident are disclosed to concerned parties (need to know). NORDUnet CERT provide means to support encryption and integrity of data that is submitted to or disclosed by NORDUnet CERT

When reporting an incident of sensitive nature, please state so explicitly by using an appropriate label in the Subject field (for example, SENSITIVE, EMERGENCY, etc.) and if possible, use encryption as well.
NORDUnet CERT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.first.org/tlp/ ; information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.

4.3. Communication and Authentication

See section 2.8; usage of PGP in all cases where sensitive information is involved is highly recommended.

 

5. Services

5.1. Incident Response (Triage, Coordination, and Resolution)

NORDUnet CERT can assist system administrators in handling the technical and organizational aspects of computer security incidents.

 

6. Incident Reporting Forms

Not available; please report using e-mail. When reporting an incident of sensitive nature use encrypted e-mail.

 

7. Disclaimers

None.

Highlights