Alef CSIRT

1. Document Information


This document contains description of ALEF-CSIRT according to RFC 2350. It provides basic information about the CSIRT team, ways in which it can be contacted, its responsibilities and the services it offers.

1.1 Date of Last Update
Thu, 17 April 2019 14:00:00 +0100

1.2 Distribution List for Notifications
There is no distribution list for notifications.

1.3 Locations where this Document May Be Found
Current version of this document can always be found at http://www.alef.com/csirt.

2. Contact Information


2.1. Name of the Team
CSIRT ALEF NULA a.s. (ALEF-CSIRT)

2.2. Address
ALEF NULA, a.s. (ALEF)
Computer Security Incident Response Team (CSIRT)
Street: Pernerova 691/42 
City: Prague 8 
ZIP: 186 00
Country: Czech Republic
E-Mail: csirt@alef.com

2.3 Time Zone
Time zone (relative to GMT): GMT+0100/GMT+0200(DST)

2.4 Telephone Number
+420 225 090 380

2.5 Facsimile Number
+420 225 090 112

2.6 Other Telecommunication
None.

2.7 Electronic Mail Address
For incident reports, please use the address abuse@alef.com.
For non-incident related messages, please use csirt@alef.com.

2.8 Public Keys and Encryption Information

For communication with ALEF CSIRT, you may use the following key:
User-ID:
ALEF-CSIRT - ABUSE (ALEF NULA, a.s. Computer Security Incident Response Team) <abuse@alef.com>
ALEF CSIRT - ALEF NULA, a.s. Computer Security Incident Response Team<csirt@alef.com>
Key-ID: 089BD1BA
Fingerprint: AFBD E776 2110 FFA4 BD87 31A9 6A24 EDAC 089B D1BA

2.9 Team Members
The team leader of ALEF-CSIRT is Jan Kopriva.
jan.kopriva@alef.com
+420 225 090 382

Full list of ALEF-CSIRT team members is not publicly available.

Security manager responsible for supervising ALEF-CSIRT operations is Petr Vacha.
petr.vacha@alef.com
+420 225 090 371

2.10 Other Information
General information about ALEF-CSIRT can be found at www.alef.com

2.11 Points of Customer Contact
The preferred method for contacting ALEF-CSIRT is via e-mail. Incident reports and related issues should be sent to abuse@alef.com. This will create a ticket in our tracking system and alert the incident responder on duty. For general questions please send an e-mail to csirt@alef.com.

„If it is not possible (or not advisable for security reasons) to use e-mail, the ALEF-CSIRT can be reached by telephone at +420 225 090 380. ALEF-CSIRT operates continuously 24/7/365 (00:00-24:00 Monday to Sunday).“

 

3. Charter


3.1 Mission Statement
The purpose of ALEF-CSIRT is to assist internal users and customers of ALEF NULA, a.s. in responding to computer security related incidents when they occur, and to assist customers of ALEF NULA, a.s. in implementing proactive measures to reduce the risk of occurence of such incidents.

3.2 Constituency
The constituency are internal users and customers of ALEF NULA a.s.

3.3 Sponsorship and/or Affiliation
ALEF-CSIRT is part of ALEF NULA, a.s.

3.4 Authority
ALEF-CSIRT has a direct authority over AS35096 and works cooperatively with system administrators and users in response to incidents in autonomous systems belonging to customers of ALEF NULA, a.s.

4. Policies


4.1 Types of Incidents and Level of Support
ALEF-CSIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, at:

AS35096
IPv4 ranges: 193.239.0.0/22
IPv6 ranges:2001:67C:21D0::/48

The level of support offered by ALEF-CSIRT varies with the type and severity of the incident, the type of constituent, the size of the user community affected and ALEF-CSIRT resources available at the time; though in all cases some response will be made.

Note that direct support will only be given to internal end users and administrators or security managers of customers of ALEF NULA, a.s.

ALEF-CSIRT is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.

Further details about ALEF-CSIRT constituency may be found at https://www.trusted-introducer.org/directory/teams/alef-csirt.html

4.2 Co-operation, Interaction and Disclosure of Information
ALEF-CSIRT is ready to cooperate with other organizations and teams.
We operate under the restrictions imposed by Czech law, especially the Civil code and the Data Protection Act.
All submitted information is treated as confidential, and will be forwarded to concerned parties only in order to resolve specific incidents.

4.3 Communication and Authentication
Unencrypted e-mail is used for normal communication not containing sensitive information. For secure communication, PGP-Encrypted e-mail is used.

5. Services


5.1 Incident Response
ALEF-CSIRT handles all technical and organizational aspects of incident response. In particular, it provides the following services:

5.1.1 Incident Triage

Investigating whether indeed an incident has occurred. Determining the extent of an incident.

5.1.2. Incident Coordination

Determining the initial cause of the incident. Facilitating contact with other organizations which may be involved. Sending reports to other CSIRTs (when possible under NDA agreements with customers). Composing announcements to users, when applicable.

5.1.3. Incident Resolution

Providing advice or help to security teams of customers or directly taking appropriate actions. Following up on the progress of security teams of customers. Providing assistance in evidence collection and data interpretation.

5.2 Proactive activities
ALEF-CSIRT tries to
raise security awareness in its constituency publish announcements concerning serious security threats observe current trends in technology distribute relevant knowledge to its constituency

6. Incident Reporting Forms


There are no local forms available yet. Please use our basic rules for sending incident reports using e-mail:

  • A report must contain:
    • first name and last name of the reporter
    • telephone number
    • e-mail address
    • name of reporting organization
    • IP address and type of incident
    • approximate time when the incident started
    • time, when the incident was detected
    • logs relevant to the problem (where applicable)
  • A report about spam (or a malicious e-mail attachment) must contain a copy of the full e-mail header from the e-mail which is considered to be spam (or which contains the attachment in question).
  • A report about phishing or pharming must contain the URL and IP address of the web page along with its source code, if possible.

7. Disclaimers


While every precaution will be taken in the preparation of information, notifications and alerts, ALEF-CSIRT assumes no responsibility for any errors or omissions, or for damages resulting from the use of the information contained within.