-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RFC-2350: CSIRT Description for ETHZ-NSG - ----------------------------------------- 1. About this document 1.1 Date of Last Update This is version .02, 2017-06-08. 1.2 Distribution List for Notifications Members of the constituency are informed of changes through their closed channels. 1.3 Locations where this Document May Be Found The current version of this CSIRT description document is available from the ETH Network Security website; its URL is https://www.ethz.ch/content/dam/ethz/associates/services/Service/IT-Services/files/catalogue/security/ETHZ-NSG.txt Please make sure you are using the latest version. 1.4 Authenticating this Document This document has been signed with ETHZ-NSG's GPG key. 2. Contact Information 2.1 Name of the Team "ETHZ-NSG": the ETH Zurich Network Security Group. 2.2 Address ETH Zurich ICT-Networks Network Security CH-8092 Zurich Switzerland 2.3 Time Zone Central European: Winter GMT+0100 Summer GMT+0200 Change date: Winter -> Summer: 1 am UTC last Sunday of March Summer -> Winter: 1 am UTC last Sunday of October 2.4 Telephone Number +41 44 632 66 66 This number will round-robin through ETHZ-NSG team members. 2.5 Facsimile Number +41 44 632 11 66 (this is *not* a secure fax) 2.6 Other Telecommunication Members of the constituency have access to closed, secure communication and collaboration platforms. 2.7 Electronic Mail Address This address will reach our team mailbox which is monitored during working hours. 2.8 Public Keys and Other Encryption Information ETHZ-NSG has a PGP key, whose KeyID is D6437004 and whose fingerprint is 2CC2 9A19 4B25 DDD0 B750 B48B 6EEE FBFF D643 7004 The key and its signatures can be found at the public keyservers as well as on the Web site: https://www.ethz.ch/services/de/it-services/katalog/sicherheit/gpgkey.html 2.9 Team Members ETHZ-NSG is operated by dedicated staff. It can fall back to other employees of ETH Zurich for special needs. 2.10 Other Information General public information about ETHZ-NSG can be found on the Web site: https://www.ethz.ch/services/en/it-services/catalogue/security.html 2.11 Points of Customer Contact Normal contact is through e-mail using the address . In urgent cases and emergencies customers as well as other CERTs can use the phone numbers given above. ETHZ-NSG follows standard Swiss office-hours on working days: 8:00 - 18:00 Outside of these hours as well as on weekends, public holidays in Zurich and the days between Dec. 23 and Jan. 3, services are offered on a best effort basis and are not guaranteed. 3. Charter 3.1 Mission Statement ETHZ-NSG supports members of its constituency (see below) with reactive and proactive services in the field of IT security. The Network Security Group (NSG) is responsible for helping to protect the campus network infrastructure from IT security-related attacks and abuse (Quality of Service). We support campus research, education, and public service goals by helping to maintain a secure and open computing environment conducive to learning and collaboration. In addition we also help establish better security practices and awareness. ETHZ-NSG can provide support to third parties for problems involving incidents originating outside our constituency. 3.2 Constituency ETHZ-NSG serves the following customers: - All organizations within ETH Zurich, specifically support groups within departments, central services and the rectorship. - Selected third parties which have SLAs with ETHZ-NSG. 3.3 Sponsorship and/or Affiliation - ETHZ-NSG is operated by the Informatics Services department of ETH Zurich. - ETHZ-NSG is also supported by and collaborates with the security team of the Swiss ISP SWITCH (AS559). 3.4 Authority ETHZ-NSG coordinates security incidents for its constituency. It limited formal authority over constituency members based on the university Acceptable Use Policy. (https://www.ethz.ch/services/en/it-services/documents.html) 4. Policies 4.1 Types of Incidents and Level of Support Incidents are prioritised according to their severity. Incidents directly affecting members of the constituency are treated with higher priority. Incidents affecting external organizations are treated with the corresponding seriousness and urgency of the event. 4.2 Co-operation, Interaction and Disclosure of Information All requests to ETHZ-NSG are treated with due care. ETHZ-NSG adheres to the traffic light protocol (TLP). See https://tiw.trusted-introducer.org/links/ISTLP-v1.1-approved.pdf for a description. Classified messages should be tagged in the subject as [TLP Color]. A similar stamp should be clearly visible in other documents, such as PDF files etc, sent to ETHZ-NSG. If contact is through phone or video conference, the TLP classifications should be stated prior to the delivery of the information. It is recommended to encrypt sensitive information with the PGP key mentioned above. Unless required by law, ETHZ-NSG will never release information provided by third parties without their consent. Other encryption methods are available upon request. 4.3 Communication and Authentication See 4.2. To ensure authenticity of information use PGP signatures or other agreed upon encryption methods. 5. Services 5.1 Incident Response ETHZ-NSG will assist its customers in the following areas. ETHZ-NSG normally acts as a third-level contact supporting to other support groups within the departments and organs of ETH. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1 Incident Triage - Investigating whether indeed an incident occurred. - Does the incident belong to our constituency. - Determining the extent of the incident. 5.1.2 Incident Coordination - Analyzing available information. - Contact the organization or support team affected. - Facilitating contact with other sites which may be involved. - Support the organization affected with intelligence and additional information related to the incident. - Performing specialized tasks, such as forensic analysis, malware reverse engineering etc., if requested. 5.1.3 Incident Resolution - Resolving incidents is primarily the customers' responsibility. ETHZ-NSG will provide support, where applicable. 5.2 Monitoring - ETHZ-NSG monitors the ETH Zurich backbone for malicious traffic. - Where feasible ETHZ-NSG monitors attack infrastructure. 5.3 Proactive Activities ETHZ-NSG provides the following proactive services: - Information services - Alerts for highly critical threats. - Awareness material (safeIT Security Awareness program). - Training services - ETHZ-NSG can conduct trainings on security awareness issues for members of its constituency upon request. - Meetings - ETHZ-NSG can organize meetings with its' constituency upon request. 6. Incident Reporting Forms There are no forms available. The preferred way of reporting incidents is by email. 7. Disclaimer While every precaution will be taken in the preparation of information, notifications and alerts, ETHZ-NSG assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. All information in this document is Copyright 2012, ETH Zurich. This document may not be redistributed, in whole or in part, without the explicit, written permission of ETHZ-NSG. Please use the URL given under 1.3 for redistribution. -----BEGIN PGP SIGNATURE----- iF0EARECAB0WIQSLipeHujgPEKNftouGFmOyvZUlhwUCWW0VAQAKCRCGFmOyvZUl h3qgAJ95hjL7X1juiXRpGFD6FAz8x6ZQKwCgmPm9HBmvfbrLFyF4ifntcmW4LEk= =N0Wi -----END PGP SIGNATURE-----