RFC 2350 CIRCL - the CERT for the private sector, communes and non-governmental entities in Luxembourg

RFC 2350 CIRCL - the CERT for the private sector, communes and non-governmental entities in Luxembourg

Back to Mission Statement

  1. Date of last update
  2. Distribution list for notifications
  3. Locations where this document may be found
  4. Authenticating this document
  5. Name of the team
  6. Address
  7. Time zone
  8. Telephone number
  9. Facsimile number
  10. Other telecommunication
  11. Electronic mail address
  12. Public keys and other encryption information
  13. Team members
  14. Other information
  15. Mission statement
  16. Constituency
  17. Sponsorship and/or Affiliation
  18. Authority
  19. Types of incidents and level of support
  20. Co-operation, interaction and disclosure of information
  21. Communication and authentication
  22. Incident response
  23. Proactive services

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.

Search


CIRCL is accredited TI CIRCL is FIRST member

About this document

Date of last update

This is version 1.8, published on 4th January 2015.

Distribution list for notifications

Currently CIRCL does not use any distribution lists to notify about changes in this document.

Locations where this document may be found

The current version of this CSIRT description document is available from the CIRCL web site; its URL is http://www.circl.lu/mission/rfc2350/index.html. Please make sure you are using the latest version.

Authenticating this document

This document has been signed with the CIRCL PGP key. The signature is also on our web site, under: http://www.circl.lu/mission/rfc2350/index.html.

The integrity of a page from the CIRCL website can be verified using PGP. The procedure is described at the following location: https://www.circl.lu/verify/

Contact information

Name of the team

CIRCL - Computer Incident Response Center Luxembourg, the CERT for the private sector, communes and non-governmental entities in Luxembourg.

Address

CIRCL - Computer Incident Response Center Luxembourg
c/o smile - "security made in Lëtzebuerg" GIE
41, avenue de la gare
L-1611 Luxembourg
Grand Duchy of Luxembourg

Time zone

Central European Time (GMT+0100, GMT+0200 from April to October)

Telephone number

+352 247 88444

Facsimile number

+352 274 00 98 6698

Other telecommunication

None available.

Electronic mail address

Incident reports (including non-incident) related mail should be addressed to <info (a) circl lu>

Public keys and other encryption information

CIRCL has an OpenPGP public key, which KeyID is 0x22BD4CD5 and fingerprint is: CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 {BR}

pub 2048R/22BD4CD5 2010-11-03 Key fingerprint = CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 uid CIRCL info@circl.lu sub 2048R/68B49661 2010-11-03

The public key and its signatures can be found at the usual large public keyservers, or on CIRCL’s PGP key server.

Each CIRCL team member has also a respective OpenPGP public key that you can fetch from the CIRCL’s website.

Team members

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.

The team (in alphabetical order) is composed of:

Name Email PGP Fingerprint
Steve Clement steve.clement@circl.lu 3F4D 8CF6 08F9 4F88 2815 2CB1 69A2 0F50 9BE4 AEE9
Alexandre Dulaunoy alexandre.dulaunoy@circl.lu 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD
Michael Hamm michael.hamm@circl.lu 917D 0B62 1E88 BEC1 9081 792B F723 3773 DB0F 8DBD
Andras Iklody andras.iklody@circl.lu C0B2 39A5 D5D7 76A8 C2FE 322F BEA2 24F1 FEF1 13AC
Sascha Rommelfangen sascha.rommelfangen@circl.lu 85F1 E6D6 7988 03C6 5446 3133 89F7 60A9 A572 F306
Manuel Silvoso manuel.silvoso@circl.lu ADBD BDBB E940 C05D 85CD D2AD 9407 8431 6DEB A7A9
Pascal Steichen pascal.steichen@circl.lu D1DF 00E4 A9BD 1649 8A89 F62F 32C9 485E 0549 E7E1
Raphaël Vinot raphael.vinot@circl.lu 8647 F5A7 FFD3 50AE 38B6 E22F 32E4 E1C1 33B3 792F
Gerard Wagener gerard.wagener@circl.lu 41EC EDCE 3394 E3CE 3A18 98E3 D0EB 697E D81F 0490

A file containing all the PGP keys associated of CIRCL team members is also available at the following location: https://www.circl.lu/assets/files/team.asc.

Other information

Any other information about CIRCL can be found at http://www.circl.lu/

Points of customer contact

The preferred method for contacting CIRCL is via e-mail at <info (a) circl lu>. We encourage our constituency (customers) to use PGP encryption when sending any sensitive information to CIRCL.

If it is not possible (or not advisable for security reasons) to use e-mail, CIRCL can be reached by telephone during regular office hours. Off these hours incoming phone calls are transmitted to an answering machine. All messages recorded are checked ASAP.

CIRCL hours of operation are restricted to: 09:00-12h00 and 14h00-17h00 CET Monday to Friday.

When submitting your incident report, use the form mentioned in section 6.

Charter

Mission statement

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.

Its missions are to:

  • provide a systematic response facility to ICT-incidents
  • support ICT users in Luxembourg to recover quickly and efficiently from security incidents
  • minimize ICT incident-based losses, theft of information and disruption of services at a national level
  • gather information related to incident handling to better prepare future incidents management and provide optimized protection for systems and data
  • coordinate communication among national and international incident response teams during security emergencies and to help prevent future incidents
  • provide a security related alert and warning system for ICT users in Luxembourg
  • foster knowledge and awareness exchange in ICT security

Constituency

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg.

The constituency covers the .lu TLD, Internet Public ASN and IP addresses located/originated and/or operating in/from the Grand-Duchy of Luxembourg.

Sponsorship and/or Affiliation

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.

The GIE is composed of the following Luxembourgish ministries and administrations:

  • Ministère de l’Economie et du Commerce extérieur
  • Ministère de l’Education nationale et de la Formation professionnelle
  • Ministère de la Famille et de l’Intégration
  • Service National de la Jeunesse, SNJ
  • Syndicat Intercommunal de Gestion Informatique, SIGI
  • Syndicat des Villes et Communes Luxembourgeoises, SYVICOL

Authority

CIRCL operates under the auspices of, and with authority delegated by, the Grand Duchy of Luxembourg (official document). The 2015-2020 convention between SMILE gie and Ministry of Economy regarding the operation of CIRCL was signed on Thursday 18th December 2014.

Policies

Types of incidents and level of support

CIRCL is authorized to address all types of computer security incidents which occur, or threaten to occur, in the constituency networks.

The level of support given by CIRCL will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and CIRCL’s resources at the time, though in all cases some response will be made within two working days.

Incidents will be prioritized according to their apparent severity and extent.

End users are expected to contact their systems administrator, network administrator, or department head for assistance.

Co-operation, interaction and disclosure of information

CIRCL exchanges all necessary information with other CSIRTs as well as with affected parties’ administrators. Neither personal nor overhead data are exchanged unless explicitly authorized.

All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below.

Communication and authentication

In view of the types of information that CIRCL deals with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.

If it is necessary to send highly sensitive data by e-mail, encryption (preferrably PGP) will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.

All e-mail or data communication originating from CIRCL will be digitally signed, using the generic PGP key mentioned above, or the CIRCL agents’ own signature keys.

Services

Incident response

CIRCL will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incidents management:

Incident triage

  • Investigating whether indeed an incident occurred.
  • Determining the extent of the incident.

Incident coordination

  • Determining the initial cause of the incident (e.g. vulnerability exploited, …).
  • Facilitating contact with other sites which may be involved.
  • Facilitating contact with appropriate law enforcement officials, if necessary.
  • Making reports to other CSIRTs.
  • Composing announcements to users, if applicable.
  • Ensuring adequate threat sharing information for proactive measures.

Incident resolution

  • Helping to remove the vulnerability.
  • Helping to secure the system from the effects of the incident.
  • Collecting evidence of the incident.

In addition, CIRCL will collect statistics concerning incidents processed, and will notify the community as necessary to assist it in protecting against known attacks.

To make use of CIRCL’s services please refer to section 2.11 for points of contact. Please remember that amount of assistance will vary as described in section 4.1

Proactive services

CIRCL coordinates and maintains the following services to the extent possible depending on its resources:

  • Information services such as: list of security contacts, repository of security-related patches for various operating systems
  • Training and educational services

In addition, CIRCL provides different proactive tools and services to reduce security incidents and/or improve security incident handling:

  • Development of security tools in the field of analysis, threat and information sharing, security assessments.

Detailed information about obtaining these services is available from the CIRCL website: http://www.circl.lu/

Incident reporting forms

CIRCL has created a local form designated for reporting incidents to the team. We strongly encourage anyone reporting an incident to fill it out. The current version of the form is available from: http://www.circl.lu/report/ The reporting can also be done anonymously based on the requirements from the reporter.

Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, CIRCL assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.