RFC 2350 CIRCL - the CERT for the private sector, communes and non-governmental entities in Luxembourg

About this document

Date of last update

This is version 2.0, published on 04th September 2017.

Distribution list for notifications

Currently CIRCL does not use any distribution lists to notify about changes in this document.

Locations where this document may be found

The current version of this CSIRT description document is available from the CIRCL web site; its URL is http://www.circl.lu/mission/rfc2350/index.html. Please make sure you are using the latest version.

Authenticating this document

This document has been signed with the CIRCL PGP key. The signature is also on our web site, under: http://www.circl.lu/mission/rfc2350/index.html.

The integrity of a page from the CIRCL website can be verified using PGP. The procedure is described at the following location: https://www.circl.lu/verify/

Contact information

Name of the team

CIRCL - Computer Incident Response Center Luxembourg, the CERT for the private sector, communes and non-governmental entities in Luxembourg.

Address

CIRCL - Computer Incident Response Center Luxembourg
c/o smile - "security made in Lëtzebuerg" GIE
16, bd d'Avranches
L-1160 Luxembourg
Grand Duchy of Luxembourg

Time zone

Central European Time (GMT+0100, GMT+0200 from April to October)

Telephone number

+352 247 88444

Facsimile number

+352 274 00 98 6698

Other telecommunication

None available.

Electronic mail address

Incident reports (including non-incident) related mail should be addressed to <info (a) circl lu>

Public keys and other encryption information

CIRCL has an OpenPGP public key, which KeyID is 0x22BD4CD5 and fingerprint is: CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 {BR}

pub 2048R/22BD4CD5 2010-11-03 Key fingerprint = CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 uid CIRCL info@circl.lu sub 2048R/68B49661 2010-11-03

The public key and its signatures can be found at the usual large public keyservers, or on CIRCL’s PGP key server.

Each CIRCL team member has also a respective OpenPGP public key that you can fetch from the CIRCL’s website.

Team members

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.

The team (in alphabetical order) is composed of:

Operational Core Team

Name PGP Fingerprint OTR Fingerprints
Cedric Bonhomme 55F5 D60E EFCA 3591 0089 18E7 A1CB 94DE 57B7 A70D CF29F5D1 2779DF53 954435CD F21034A3 82987938
Steve Clement 3F4D 8CF6 08F9 4F88 2815 2CB1 69A2 0F50 9BE4 AEE9 1D02A8CC 5464280D 70C30D9B B66EDB67 188ED144
Alexandre Dulaunoy 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD 8605C87A 9DC63D3E 15E5458C 420D96FD AF7E0176
5D9080CA F9E9D39F 8238CD06 6C51BA29 5DA413C6
Michael Hamm 917D 0B62 1E88 BEC1 9081 792B F723 3773 DB0F 8DBD 9B80A58A 0355960F A8E5832E 6FB3B4A5 9266653F
Andras Iklody C0B2 39A5 D5D7 76A8 C2FE 322F BEA2 24F1 FEF1 13AC 645C632A 5CD7331E 2EEDA186 3A0A0DB6 E0F07800
Sascha Rommelfangen 85F1 E6D6 7988 03C6 5446 3133 89F7 60A9 A572 F306 D8EB4C54 C458D87C 3099641D 1C9FC93D A736CAA9
7AF4BC0F 72D8D0EE 9837408F 62DABFFE A7FDC1A9
Deborah Servili CE50 734F DD43 E982 3864 157D 7E3A 8328 50D4 D7D1 EB36D5E2 4049721C 0D0E216B BD35F148 ADD535AB
Raphaël Vinot 8647 F5A7 FFD3 50AE 38B6 E22F 32E4 E1C1 33B3 792F EED913FA F58647A4 FF33E87F B9121B7D 6F2E6224
Gerard Wagener 41EC EDCE 3394 E3CE 3A18 98E3 D0EB 697E D81F 0490 3A3D1E35 67111531 60690BA4 A40D5EB7 4F2A7BBF
EEE7C2A4 675A74C6 20DB8558 6802628B 842328C1

Operational Support Team

Name PGP Fingerprint
Manuel Silvoso FC76 7FFD 41EB 7EED 2D7E 08F1 AFE8 4603 2AE2 6893
Pascal Steichen D1DF 00E4 A9BD 1649 8A89 F62F 32C9 485E 0549 E7E1
Name PGP Fingerprint OTR Fingerprints
Melanie Delannoy 2BDD DD0D 7DED 4D56 653C FD51 F040 9E3C 9619 1531  
Rita Bressanutti 53FD AEB3 E4AA 286A 819C 9B24 052F FBC7 912A 19C9 DF7AFBA5 5ECCCECD 498D8322 4375F1FE 80297C16
Matthieu Farcot D920 2C05 1A90 32EE 1F7D C393 E7AA DF65 167A 7162  

A file containing all the PGP keys associated of CIRCL team members is also available at the following location: https://www.circl.lu/assets/files/team.asc.

Other information

Any other information about CIRCL can be found at http://www.circl.lu/

Points of customer contact

The preferred method for contacting CIRCL is via e-mail at <info (a) circl lu>. We encourage our constituency (customers) to use PGP encryption when sending any sensitive information to CIRCL.

If it is not possible (or not advisable for security reasons) to use e-mail, CIRCL can be reached by telephone during regular office hours. Off these hours incoming phone calls are transmitted to an answering machine. All messages recorded are checked ASAP.

CIRCL hours of operation are restricted to: 09:00-12h00 and 14h00-17h00 CET Monday to Friday.

When submitting your incident report, use the form mentioned in section 6.

Charter

Mission statement

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.

Its missions are to:

  • provide a systematic response facility to ICT-incidents
  • support ICT users in Luxembourg to recover quickly and efficiently from security incidents
  • minimize ICT incident-based losses, theft of information and disruption of services at a national level
  • gather information related to incident handling to better prepare future incidents management and provide optimized protection for systems and data
  • coordinate communication among national and international incident response teams during security emergencies and to help prevent future incidents
  • provide a security related alert and warning system for ICT users in Luxembourg
  • foster knowledge and awareness exchange in ICT security

Constituency

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg.

The constituency covers the .lu TLD, Internet Public ASN and IP addresses located/originated and/or operating in/from the Grand-Duchy of Luxembourg.

Sponsorship and/or Affiliation

CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.

The GIE is composed of the following Luxembourgish ministries and administrations:

  • Ministère de l’Economie et du Commerce extérieur
  • Ministère de l’Education nationale et de la Formation professionnelle
  • Ministère de la Famille et de l’Intégration
  • Service National de la Jeunesse, SNJ
  • Syndicat Intercommunal de Gestion Informatique, SIGI
  • Syndicat des Villes et Communes Luxembourgeoises, SYVICOL

Authority

CIRCL operates under the auspices of, and with authority delegated by, the Grand Duchy of Luxembourg (official document). The 2015-2020 convention between SMILE gie and Ministry of Economy regarding the operation of CIRCL was signed on Thursday 18th December 2014.

Policies

Types of incidents and level of support

CIRCL is authorized to address all types of computer security incidents which occur, or threaten to occur, in the constituency networks.

The level of support given by CIRCL will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and CIRCL’s resources at the time, though in all cases some response will be made within two working days.

Incidents will be prioritized according to their apparent severity and extent.

End users are expected to contact their systems administrator, network administrator, or department head for assistance.

Co-operation, interaction and disclosure of information

CIRCL exchanges all necessary information with other CSIRTs as well as with affected parties’ administrators. Neither personal nor overhead data are exchanged unless explicitly authorized.

All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below.

Communication and authentication

In view of the types of information that CIRCL deals with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.

If it is necessary to send highly sensitive data by e-mail, encryption (preferrably PGP) will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.

All e-mail or data communication originating from CIRCL will be digitally signed, using the generic PGP key mentioned above, or the CIRCL agents’ own signature keys.

Services

Incident response

CIRCL will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incidents management:

Incident triage

  • Investigating whether indeed an incident occurred.
  • Determining the extent of the incident.

Incident coordination

  • Determining the initial cause of the incident (e.g. vulnerability exploited, …).
  • Facilitating contact with other sites which may be involved.
  • Facilitating contact with appropriate law enforcement officials, if necessary.
  • Making reports to other CSIRTs.
  • Composing announcements to users, if applicable.
  • Ensuring adequate threat sharing information for proactive measures.

Incident resolution

  • Helping to remove the vulnerability.
  • Helping to secure the system from the effects of the incident.
  • Collecting evidence of the incident.

In addition, CIRCL will collect statistics concerning incidents processed, and will notify the community as necessary to assist it in protecting against known attacks.

To make use of CIRCL’s services please refer to section 2.11 for points of contact. Please remember that amount of assistance will vary as described in section 4.1

Proactive services

CIRCL coordinates and maintains the following services to the extent possible depending on its resources:

  • Information services such as: list of security contacts, repository of security-related patches for various operating systems
  • Training and educational services

In addition, CIRCL provides different proactive tools and services to reduce security incidents and/or improve security incident handling:

  • Development of security tools in the field of analysis, threat and information sharing, security assessments.

Detailed information about obtaining these services is available from the CIRCL website: http://www.circl.lu/

Incident reporting forms

CIRCL has created a local form designated for reporting incidents to the team. We strongly encourage anyone reporting an incident to fill it out. The current version of the form is available from: http://www.circl.lu/report/ The reporting can also be done anonymously based on the requirements from the reporter.

Disclaimers

While every precaution will be taken in the preparation of information, notifications and alerts, CIRCL assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.