NORDUnet CERT

CERT

The NORDUnet Computer Emergency Response Team (CERT) performs security incident handling in cooperation with the CERT’s of the Nordic national research and education networks.

1. Document Information

This document complies with RFC 2350.

1.1. Date of Last Update

This is version 1.3.4 as of May 4, 2020

1.2. Distribution List for Notifications

This profile is kept up-to-date in the location specified in section 1.3.
E-mail notification of updates are sent to NORDUnet CERT management and investigators.
Please send any questions about updates to the NORDUnet CERT team e-mail address: cert@nordu.net

1.3. Locations where this Document May Be Found

The current version of this profile is always available at NORDUnet CERT RFC 2350 Profile

 

2. Contact Information

2.1 Name of the Team

Full name: NORDUnet CERT Computer Emergency Response Team.
Short name: NORDUnet CERT

2.2. Addresses
2.2.1 Mail address

NORDUnet CERT
NORDUnet A/S
Kastruplundgade 22
DK-2770 Kastrup
Denmark

2.2.2 Visiting address

NORDUnet CERT
Kastruplundgade 22
DK-2770 Kastrup
Denmark

2.3. Time Zone

CET/CEST

2.4. Telephone Number

NORDUnet CERT regular telephone number: +45 32 46 25 00
NORDUnet CERT emergency telephone number: +45 31 62 14 03

2.5. Facsimile Number

NORDUnet CERT facsimile number: +45 45 76 23 66

2.6. Other Telecommunication

Not applicable.

2.7. Electronic Mail Address

Please send incident reports that relate to NORDUnet, including copyright issues, spam and abuse to abuse@nordu.net

For encrypted communication cert@nordu.net should be used, see further below.

2.8. Public Keys and Encryption Information

Please encrypt any sensitive e-mail with the NORDUnet CERT PGP key with PGP keyed 64A8DC9A and PGP fingerprint 44CF 46BF 8DC8 64CA EF91  D966 D91A 49C7 64A8 DC9A and send it to cert@nordu.net

Please sign messages using a key that is verifiable using the public keyservers. Because all NORDUNET CERT investigators can read mail encrypted with the cert@nordu.net key, individuals can use it if they cannot find a key for a specific NORDunet CERT team member.

2.9. Team Members

No public information is provided about NORDUnet CERT team members.

2.10. Other Information

Further information about the NORDUnet CERT can be found at NORDUnet CERT

NORDUnet CERT is “Certified” by the Trusted Introducer (TI) since 1 June 2016 and has been registered as “TI Accredidited CERT” since 31 Aug 2000; see https://www.trusted-introducer.org/teams/nordunet-cert.html for details. NORDUnet CERT is a member of Forum for Incident Response and Security Teams (FIRST); see https://www.first.org/members/teams/nordunet for details.

2.11. Points of Customer Contact

The preferred method for contacting NORDUnet CERT is e-mail.

  • For general inquiries, please send e-mail to: cert@nordu.net
  • For abuse or security issues, please use abuse@nordu.net
  • For network, server, or service issues, please use noc@nordu.net
  • In an emergency, contact NORDUnet CERT on +45 31 62 14 03

NORDUnet CERT’s hours of operation are generally restricted to regular business hours, or 09:00 to 17:00 Monday to Friday except Danish public holidays.

 

3. Charter

3.1. Mission Statement

The NORDUnet CERT mission is to:

  • Keep informed of new security threats and vulnerabilities
  • Respond promptly and when IT security incident’s occur within the NORDUnet mgt services.
  • Cooperate and coordinate with CERT’s and any relevant stakeholders that have specific tasks in the field of information security.
  • Act as NORDUnet’s point of contact for equivalent services in other countries, and develop cooperation and information exchanges with them
3.2. Constituency
NORDUnet serves its own infrastructure and its member organisations where applicable.
Organisation partners include SUNET, Sikt, RHnet, DeiC and FUNET.
3.3. Sponsoring Organisation / Affiliation

NORDUnet CERT operates with the authority delegated by NORDUnet.

3.4. Authority

NORDUnet CERT operates under the auspices of the NORDUnet members and the supervision of the NORDUnet management.

 
4. Policies
4.1. Types of Incidents and Level of Support

All incidents classified in CERT – Security Severity Guidelines

CLASSIFICATIONRESPONSE TIMES
Critical2 Hours
MajorNext business day
Minor5 business days
Low10 business days

4.2. Co-operation, Interaction, and Disclosure of Information

NORDUnet CERT strives to closely collaborate with the NREN and CSIRT community to protect the infrastructure and data of NORDUnet and its members. Only data that is required to resolve from the specific incident are disclosed to concerned parties (need to know). NORDUnet CERT provide means to support encryption and integrity of data that is submitted to or disclosed by NORDUnet CERT

When reporting an incident of sensitive nature, please state so explicitly by using an appropriate label in the Subject field (for example, SENSITIVE, EMERGENCY, etc.) and if possible, use encryption as well.
NORDUnet CERT supports the Information Sharing Traffic Light Protocol (ISTLP; see https://www.first.org/tlp/ ; information that arrives with the tags WHITE, GREEN, AMBER, or RED will be handled appropriately.

4.3. Communication and Authentication

See section 2.8; usage of PGP in all cases where sensitive information is involved is highly recommended.

5. Services

5.1. Incident Response (Triage, Coordination, and Resolution)

NORDUnet CERT can assist partnering CERT’s in handling the technical and organisational aspects of computer security incidents.

THE NORDIC CERT PARTNERS:
DK-CERTcert@cert.dk
RHnet CERTcert@rhnet.is
FUNET CERTcert@cert.funet.fi
Uninett CERTcert@uninett.no
SUNET CERTcert@cert.sunet.se

6. Incident Reporting Forms

Not available; please report using e-mail. When reporting an incident of sensitive nature use encrypted e-mail.

7. Disclaimers

None.

Contacting the Nordic national CERT teams

DK-CERT, email cert@cert.dk

RHnet CERT, email cert@rhnet.is

FUNET CERT, email cert@cert.funet.fi

Uninett CERT, email cert@uninett.no

SUNET CERT, email cert@cert.sunet.se

Contacting the NORDUnet CERT

You can contact the NORDUnet CERT by email to cert@nordu.net

Classification:
Response time:
Critical
2 Hours
Major
Next business day
Minor
5 business days
Low
10 business days