Alef CSIRT

1. Document Information

---

This document contains description of ALEF-CSIRT according to RFC 2350. It provides basic information about the CSIRT team, ways in which it can be contacted, its responsibilities and the services it offers.

1.1 Date of Last Update

Wed, 1 February 2022 10:00:00 +0100

1.2 Distribution List for Notifications

There is no distribution list for notifications.

1.3 Locations where this Document May Be Found

Current version of this document can always be found at http://www.alef.com/csirt.

2. Contact Information

---

2.1. Name of the Team
CSIRT ALEF NULA a.s. (ALEF-CSIRT)

2.2. Address
ALEF NULA, a.s. (ALEF)
Computer Security Incident Response Team (CSIRT)
Street: Pernerova 691/42 
City: Prague 8 
ZIP: 186 00
Country: Czech Republic
E-Mail:

2.3 Time Zone
Time zone (relative to GMT): GMT+0100/GMT+0200(DST)

2.4 Telephone Number
+420 225 090 380

2.5 Facsimile Number
+420 225 090 112

2.6 Other Telecommunication
None.

2.7 Electronic Mail Address
For incident reports, please use the address abuse@alef.com.
For non-incident related messages, please use .

2.8 Public Keys and Encryption Information

For communication with ALEF CSIRT, you may use the following key:
User-ID:
ALEF-CSIRT - ABUSE (ALEF NULA, a.s. Computer Security Incident Response Team) <abuse@alef.com>
ALEF CSIRT - ALEF NULA, a.s. Computer Security Incident Response Team<csirt@alef.com>
Key-ID: 089BD1BA
Fingerprint: AFBD E776 2110 FFA4 BD87 31A9 6A24 EDAC 089B D1BA

2.9 Team Members
The team leader of ALEF-CSIRT is Milan Habrcetl.
milan.habrcetl@alef.com 
+420 225 090 383

Full list of ALEF-CSIRT team members is not publicly available.

Security manager responsible for supervising ALEF-CSIRT operations is Petr Vacha.
petr.vacha@alef.com
+420 225 090 371

2.10 Other Information
General information about ALEF-CSIRT can be found at www.alef.com

2.11 Points of Customer Contact
The preferred method for contacting ALEF-CSIRT is via e-mail. Incident reports and related issues should be sent to abuse@alef.com. This will create a ticket in our tracking system and alert the incident responder on duty. For general questions please send an e-mail to .

„If it is not possible (or not advisable for security reasons) to use e-mail, the ALEF-CSIRT can be reached by telephone at +420 225 090 380. ALEF-CSIRT operates continuously 24/7/365 (00:00-24:00 Monday to Sunday).“

 

3. Charter

---

3.1 Mission Statement
The purpose of ALEF-CSIRT is to assist internal users and customers of ALEF NULA, a.s. in responding to computer security related incidents when they occur, and to assist customers of ALEF NULA, a.s. in implementing proactive measures to reduce the risk of occurrence of such incidents.

3.2 Constituency
The constituency are internal users and customers of ALEF NULA a.s.

3.3 Sponsorship and/or Affiliation
ALEF-CSIRT is part of ALEF NULA, a.s.

3.4 Authority

ALEF-CSIRT has a direct authority over AS35096 and works cooperatively with system administrators and users in response to incidents in autonomous systems belonging to customers of ALEF NULA, a.s.

 

4. Policies

---

4.1 Types of Incidents and Level of Support

ALEF-CSIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, at:

AS35096 IPv4 ranges: 193.239.0.0/22 IPv6 ranges:2001:67C:21D0::/48

The level of support offered by ALEF-CSIRT varies with the type and severity of the incident, the type of constituent, the size of the user community affected and ALEF-CSIRT resources available at the time; though in all cases some response will be made.

Note that direct support will only be given to internal end users and administrators or security managers of customers of ALEF NULA, a.s.

ALEF-CSIRT is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.

Further details about ALEF-CSIRT constituency may be found at https://www.trusted-introducer.org/directory/teams/alef-csirt.html 

4.2 Co-operation, Interaction and Disclosure of Information
ALEF-CSIRT is ready to cooperate with other organizations and teams.
We operate under the restrictions imposed by Czech law, especially the Civil code and the Data Protection Act.
All submitted information is treated as confidential, and will be forwarded to concerned parties only in order to resolve specific incidents.

4.3 Communication and Authentication
Unencrypted e-mail is used for normal communication not containing sensitive information. For secure communication, PGP-Encrypted e-mail is used.

5. Services

---

5.1 Incident Response
ALEF-CSIRT handles all technical and organizational aspects of incident response. In particular, it provides the following services:

5.1.1 Incident Triage

Investigating whether indeed an incident has occurred. Determining the extent of an incident.

5.1.2. Incident Coordination

Determining the initial cause of the incident. Facilitating contact with other organizations which may be involved. Sending reports to other CSIRTs (when possible, under NDA agreements with customers). Composing announcements to users, when applicable.

5.1.3. Incident Resolution

Providing advice or help to security teams of customers or directly taking appropriate actions. Following up on the progress of security teams of customers. Providing assistance in evidence collection and data interpretation.

5.2 Proactive activities ALEF-CSIRT tries to:

• raise security awareness in its constituency
• publish announcements concerning serious security threats
• observe current trends in technology
• distribute relevant knowledge to its constituency

 

6. Incident Reporting Forms

---

There are no local forms available yet. Please use our basic rules for sending incident reports using e-mail:

• A report must contain:
  • first name and last name of the reporter
  • telephone number
  • e-mail address
  • name of reporting organization
  • IP address and type of incident
  • approximate time when the incident started
  • time, when the incident was detected
  • logs relevant to the problem (where applicable)
• A report about spam (or a malicious e-mail attachment) must contain a copy of the full e-mail header from the e-mail which is considered to be spam (or which contains the attachment in question).
• A report about phishing or pharming must contain the URL and IP address of the web page along with its source code, if possible.
  
  

7. Disclaimers

---

While every precaution will be taken in the preparation of information, notifications, and alerts, ALEF-CSIRT assumes no responsibility for any errors or omissions, or for damages resulting from the use of the information contained within.