CERT-DEVOTEAM profile
Established according to RFC-2350.
1. Document Information
This document contains a description of CERT-DEVOTEAM according to RFC 2350.
It provides basic information about the CERT, the ways it can be contacted, describes its responsibilities and the services offered.
1.1. Date of Last Update
First version released on January 2011.
This is version 1.2 of November 2011.
Changes:
- V1.1: 2011/02 - TI Listed logo replaced by TI Accredited logo
- V1.2: 2011/11 - info@cert-devoteam.com PGP key changed
1.2. Distribution List for Notifications
This profile is kept up-to-date on the location specified in 1.3.
E-mail notification of updates are sent to:
Any questions about updates please address to the CERT-DEVOTEAM e-mail address.
1.3. Locations where this Document May Be Found
The current version of this profile is always available on http://www.cert-devoteam.com/CERT-DVT_RFC2350.html
2. Contact Information
2.1. Name of the Team
Full name: CERT-DEVOTEAM
Short name: CERT-DVT
CERT-DEVOTEAM is the CSIRT team for the DEVOTEAM Group.
2.2. Address
CERT-DEVOTEAM / DEVOTEAM Group
1, rue Galvani - F-91300 Massy-Palaiseau
France
2.3. Time Zone
GMT+1 (with DST or Summer Time, which starts on the last Sunday in March and ends on the last Sunday in October)
2.4. Telephone Number
+33 (0)1 69 85 78 90
2.5. Facsimile Number
Not available.
2.6. Other Telecommunication
Not available.
2.7. Electronic Mail Address
info@cert-devoteam.com
For inquiries on the CERT-DEVOTEAM activities and services, please use info@cert-devoteam.com
2.8. Public Keys and Encryption Information
PGP/GnuPG is supported for secure communication.
The current CERT-DEVOTEAM team-key can be found on http://www.cert-devoteam.com/CERT-DVT_info.pgp.txt
It is also present on the MIT public keyservers here
Please use this key when you want/need to encrypt messages that you send to CERT-DEVOTEAM.
When due, CERT-DEVOTEAM will sign messages using the same key.
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.0
mQGiBE7CGD4RBAD3UYSGUPpSxjGJq0RtRdF+92xfAaFdY57CNPGi7iVg9wh7zdLsp9dxEbRK
VzJshbk2c7VhH+F7mg4oPgnOJFma4W9yVPsyNHsolC+cDCnrbBl0pjjjHSJIwkH3odHJ8qE+
Ql5QISB/ewBY99QTdhlPyAUNVQAhJLpykJQr5d+fBwCg+q4zuc6P69D/UX2cT9nxnge9rPUD
/2ucsWBbGxeSwPWmGbWOf3J/An2Cug0bt9j8ry7t69YunsU2gjAesO6wyJ7e7zMwyIeI0Lpd
nQ6YK9mm+KmOP5q9EyIMQkFQWjJ78UZlLWGKuZpTl5W9TDvRUK3h0EOvW9Z+2eJBxORWfNV8
9fKcyspwoY5gqLgX7Cjlu5din6EhBACJsfQJvP7RmlS83iCI+njo5X42aPlX39cniNR7x4aH
qOMPkVZchjATdXRrQ7R8JOj0kL8WMOEO34pp2ZnHByjspSGESPjBii68nPhT2TdiBoq9HSs5
dvnQu3WlkCRYQxc1aJbGLZyy3cGgXoD8Vpa9Zd8P5pGCw0vQ1CxI7QanNbQ9Q0VSVC1ERVZP
VEVBTSAoREVWT1RFQU0gR3JvdXAgQ1NJUlQpIDxpbmZvQGNlcnQtZGV2b3RlYW0uY29tPoho
BBMRAgAoBQJOwhg+AhsjBQkCHq8yBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRArkjQD
Q+uVpOTuAJ0d9NM35sz6Yjhwp/D0JUmnr1+EQQCg6mzlChv79MIxr9y/JLbnTTjOJaa5Ag0E
TsIYPhAIAJASqxgEK+YHN1u/m3IXwWPsXZOPEargtrFcGbh7yolTHk+UA38fCO2R2oDFz9n9
IPMmfTs2uNm2JW1PFQwTZHnGzBTBMaOO36wLVKYJUtGgqEI7yScpo0reWmBs/McU6Rjfia5v
20TpL7tMKGXkZhVhVHZmAEV7k5cauydwvpiYJ9R+ct/TaIHyYN0bFot4TNq3wimJQ96TRRXY
xRMKIrOmP2a3RxhSsuv9pFZrSEZGaH7qsFLLc9ENtQKMl0+MZPBrBYzxlK2PVth3HD0qlh6d
cbtzTZ6BMwonHzekSoBlLzUf0dNLcjjav+PNiHlKxqp8gzgH5tsdgaoHiqZ4Ue8AAwcH/jyn
ar9EPLlEUYk7tD0k3gQXgDIzgz1Kf2xiLDpl2MYOa9O9Hs35+vRdAP7VlCLiLsKbyHQj5RT9
cNLe5eZM6/V9bR2+nDqDJRm/D2HpmLi1Txq3YQ55Jk4JagUMellvinvn/XxtPqnxxcgOr0Fm
xFy51BMEe8LUHvqiagdjKc0uW0xqr/Pa9ehxTHPOlB/yZBY+nCsRIXjzX7BGf3nVPh+woCGr
jOycEFEf5KcxGsXb2Cc5L9XeEYlAZpKr0w8DUWZYP6fU7AV8TgzJa5wM5nPddRrybl5+gdZl
k+5U5NDrfNMNmyvsjq2XgFrzJVK2a6v9aueqRjkiYVlscfp+03GITwQYEQIADwUCTsIYPgIb
DAUJAh6vMgAKCRArkjQDQ+uVpGiMAKDStaTlqAfLrRlTdBcCrn5eaGLAVQCghEOdJApdG9RJ
JMpDKiEr0sMqJnY=
=4oZs
-----END PGP PUBLIC KEY BLOCK-----
When due, sign your messages using your own key please - it helps when that key is verifiable using the public keyservers.
2.9. Team Members
The CERT-DEVOTEAM team leaders are O. Caleff and B. Velle.
2.10. Other Information
CERT-DEVOTEAM is accredited by the Trusted Introducer for CERTs in Europe, see
https://www.trusted-introducer.org/teams/country_AS.html .
See the CERT-DEVOTEAM webpages http://www.cert-devoteam.com/contact.html .
2.11. Points of Customer Contact
Regular cases: use the info@cert-devoteam.com common CERT-DEVOTEAM e-mail address.
- Regular response hours: Monday-Friday, 09:00-18:00 local time (except public holidays in France ).
EMERGENCY cases: use the info@cert-devoteam.com common CERT-DEVOTEAM e-mail address with EMERGENCY in the subject line.
- Outside business hours the duty-officer decides if CERT-DEVOTEAM will be involved directly or not.
3. Charter
3.1. Mission Statement
The missions of CERT-DEVOTEAM are:
- to provide high quality research services on current and potential information security threats facing its constituency,
- to provide information security prevention, response and mitigation strategies to its constituency
- to become a recognised centre of information security excellence for national and international organisations to refer to
- to co-ordinate the resolution of IT security incidents related to the DEVOTEAM community in responding to computer-security-related incidents when they occur
- to assist members of the DEVOTEAM community in implementing proactive measures to reduce the risk of such incidents to occur
3.2. Constituency
The constituency for CERT-DEVOTEAM is the DEVOTEAM Group.
However, please note that, notwithstanding the above, CERT-DEVOTEAM services are provided to supported Customers via a Service Level Agreement.
Current customers which are located in France and other European countries, are found among:
- Private Sector organisations
- Public sector bodies
- Commercial Bodies
- Non-Commercial Organisations
- Non-Governmental Organisations
3.3. Sponsorship and/or Affiliation
CERT-DEVOTEAM is part of DEVOTEAM Group.
CERT-DEVOTEAM maintains affiliations with various CSIRTs throughout France and Europe on an as-needed basis.
CERT-DEVOTEAM maintains relationships with various CSIRTs throughout the world, on all continents, on an as-needed basis.
3.4. Authority
CERT-DEVOTEAM main purpose in incident handling is the coordination of incident response.
As such, CERT-DEVOTEAM only advises local security teams and have no authority to demand any actions.
However CERT-DEVOTEAM is expected to make operational recommendations in the course of its work.
Such recommendations can include - but are not limited to - blocking addresses or networks.
Though, the implementation of such recommendations is not a responsibility of CERT-DEVOTEAM, but solely of those to whom the recommendations were made.
4. Policies
4.1. Types of Incidents and Level of Support
All incidents are considered normal priority unless they are labeled EMERGENCY.
CERT-DEVOTEAM itself is the authority that can set and reset the EMERGENCY label.
An incident can be reported to CERT-DEVOTEAM as EMERGENCY, but it is up to CERT-DEVOTEAM to decide whether or not to uphold that status.
CERT-DEVOTEAM is authorised to address all types of computer security incidents which occur, or threaten to occur, in our Constituency (see 3.2) and which require cross-organisational coordination. The level of support given by CERT-DEVOTEAM will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and CERT-DEVOTEAM's resources at the time. Special attention will be given to issues affecting critical infrastructure and cybercrime.
CERT-DEVOTEAM is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited. This communication will be in the form of: Email alerts, or phone calls under certain circumstances.
4.2. Co-operation, Interaction and Disclosure of Information
ALL incoming information is handled confidentially by CERT-DEVOTEAM, regardless of its priority.
CERT-DEVOTEAM operates under the restrictions imposed by French laws.
CERT-DEVOTEAM will cooperate with other Organisations in the Field of Computer Security.
This Cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities.
Nevertheless CERT-DEVOTEAM will protect the privacy of their customers, and therefore (under normal circumstances) pass on information in an anonymised way only unless other contractual agreements apply.
Information that is evidently sensitive in nature is only communicated and stored in a secure environment, if necessary using encryption technologies.
When reporting an incident of sensitive nature, please state so explicitly, e.g. by using the label SENSITIVE in the subject field of e-mail, and if possible using encryption as well.
CERT-DEVOTEAM supports the Information Sharing Traffic Light Protocol (ISTLP - see https://www.trusted-introducer.org/links/ISTLP-v1.1-approved.pdf ) - information that comes in with the tags WHITE, GREEN, AMBER or RED will be handled appropriately.
CERT-DEVOTEAM will use the information you provide to help solve security incidents, as all CERTs do.
This means that by default the information will be distributed further to the appropriate parties - but only on a need-to-know base, and preferably in an anonymised fashion.
If you object to this default behavior of CERT-DEVOTEAM, please make explicit what CERT-DEVOTEAM can do with the information you provide.
CERT-DEVOTEAM will adhere to your policy, but will also point out to you if that means that CERT-DEVOTEAM cannot act on the information provided.
CERT-DEVOTEAM has defined:
4.3. Communication and Authentication
For normal communication not containing sensitive information CERT-DEVOTEAM will use conventional methods like unencrypted e-mail (see 2.8).
Usage of PGP/GnuPG in all cases where sensitive information is involved is highly recommended.
In cases where there is doubt about the authenticity of information or its source, CERT-DEVOTEAM reserves the right to authenticate this by any (legal) means.
5. Services
5.1. Incident Response (Triage, Coordination and Resolution)
CERT-DEVOTEAM is responsible for the coordination of security incidents somehow involving their constituency (as defined in 3.2).
CERT-DEVOTEAM therefore handles both the triage and coordination aspects. Incident resolution is left to the responsible administrators within the constituency - however CERT-DEVOTEAM will offer support and advice on request.
CERT-DEVOTEAM will assist IT-security team in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
- Incident Triage:
- by investigating whether indeed an incident occurred
- by determining the extent of the incident
- by determining the involved organisations...
- Incident Coordination:
- by determining the initial cause of the incident (vulnerability exploited)
- by facilitating contact with organisations or sites which may be involved or may help to investigate the incident, and take the appropriate steps to resolve the incident
- by facilitating contact with Security Contacts and/or appropriate law enforcement officials, if necessary
- by making reports to other CSIRTs
- by composing announcements to users, if applicable...
- Incident Resolution
- by removing the vulnerability
- by securing the system from the effects of the incident
- by evaluating whether certain actions are likely to reap results in proportion to their cost and risk
- by collecting evidence where criminal prosecution, or disciplinary action, is contemplated
- by collecting statistics concerning incidents which occur within or involve its constituency
Please remember that the amount of assistance available from CERT-DEVOTEAM will vary according to the parameters described in section 4.1 .
5.2. Proactive Activities
CERT-DEVOTEAM pro-actively advises their constituency on matters of computer and network security.
It can do so pro-actively in urgent cases, or on request.
CERT-DEVOTEAM is not responsible for implementation.
CERT-DEVOTEAM performs the following proactive activities:
- Announcements about existing vulnerabilities, and information services
- Technology watch
- Repository of security tools and documentation for use by sysadmins or security stakeholders
- Information dissemination and "clipping" service for various existing resources, such as major mailing lists and newsgroups.
The resulting clippings are made available to the CERT-DEVOTEAM constituency and customers
- Configuration and infrastructure maintenance
- Intrusion detection
- Threats Monitoring
- Education and raising awareness in the field of information security
5.3. Security Quality Management Activities
In order to supervise and to increase the quality of the offered services, CERT-DEVOTEAM performs the following services:
- Awareness Building
- Education/Training
- Documentation
- Statistics
5.4. Reactive Activities
CERT-DEVOTEAM performs the following reactive activities:
- Alerts and Warnings
- Incident response
- Analysis of ongoing incidents
- Provide documentation to help handle certain common incidents
- Coordinating responses to incident handling
- Response and analysis of malicious software
6. Incident reporting Forms
Not available as of today.
Preferably report in plain text using e-mail - or use the phone.
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CERT-DEVOTEAM assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.