1. About this document
1.1. Date of last update
This is version 1.3, published on 1st March 2012.
1.2. Distribution list for notifications
Currently CIRCL does not use any distribution lists to notify about changes in this document.
1.3. Locations where this document may be found
The current version of this CSIRT description document is available from the CIRCL web site; its URL is http://www.circl.lu/mission/rfc2350/index.html. Please make sure you are using the latest version.
1.4. Authenticating this document
This document has been signed with the CIRCL PGP key. The signature is also on our web site, under: http://www.circl.lu/mission/rfc2350/index.html.
2. Contact information
2.1. Name of the team
CIRCL: Computer Incident Response Center Luxembourg
2.2. Address
CIRCL - Computer Incident Response Center Luxembourg
c/o smile - "security made in Lëtzebuerg" GIE
41, avenue de la gare
L-1611 Luxembourg
Grand Duchy of Luxembourg
2.3. Time zone
Central European Time (GMT+0100, GMT+0200 from April to October)
2.4. Telephone number
+352 247 88444
2.5. Facsimile number
None available.
2.6. Other telecommunication
None available.
2.7. Electronic mail address
Incident reports (including non-incident) related mail should be addressed to <info (a) circl lu>
2.8. Public keys and other encryption information
CIRCL has an OpenPGP public key, which KeyID is 0x22BD4CD5 and fingerprint is: CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5
pub 2048R/22BD4CD5 2010-11-03 Key fingerprint = CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 uid CIRCL <<info (a) circl lu>> sub 2048R/68B49661 2010-11-03
The public key and its signatures can be found at the usual large public keyservers, or on CIRCL's web site, under: http://www.circl.lu/files/CIRCL.asc
Each CIRCL team member has also a respective OpenPGP public key that you can fetch from the CIRCL's website.
2.9. Team members
CIRCL is the national Computer Security Incident Response Team (CSIRT) for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE ("security made in Lëtzebuerg"), a State funded "groupement d'intérêt économique" (GIE), designed to improve information security and create new opportunities for Luxembourg.
The team (in alphabetical order) is composed of:
| Name | PGP Fingerprint | |
|---|---|---|
| Steve Clement | <steve clement (a) circl lu> | 3F4D 8CF6 08F9 4F88 2815 2CB1 69A2 0F50 9BE4 AEE9 |
| Alexandre Dulaunoy | <alexandre dulaunoy (a) circl lu> | 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD |
| Michael Hamm | <michael hamm (a) circl lu> | 917D 0B62 1E88 BEC1 9081 792B F723 3773 DB0F 8DBD |
| Sascha Rommelfangen | <sascha rommelfangen (a) circl lu> | 85F1 E6D6 7988 03C6 5446 3133 89F7 60A9 A572 F306 |
| Manuel Silvoso | <manuel silvoso (a) circl lu> | ADBD BDBB E940 C05D 85CD D2AD 9407 8431 6DEB A7A9 |
| Pascal Steichen | <pascal steichen (a) circl lu> | D1DF 00E4 A9BD 1649 8A89 F62F 32C9 485E 0549 E7E1 |
| Gerard Wagener | <gerard wagener (a) circl lu> | 41EC EDCE 3394 E3CE 3A18 98E3 D0EB 697E D81F 0490 |
2.10. Other information
Any other information about CIRCL can be found at http://www.circl.lu/
2.11. Points of customer contact
The preferred method for contacting CIRCL is via e-mail at <info (a) circl lu>. We encourage our constituency (customers) to use PGP encryption when sending any sensitive information to CIRCL.
If it is not possible (or not advisable for security reasons) to use e-mail, CIRCL can be reached by telephone during regular office hours. Off these hours incoming phone calls are transmitted to an answering machine. All messages recorded are checked ASAP.
CIRCL hours of operation are restricted to: 09:00-12h00 and 14h00-17h00 CET Monday to Friday.
When submitting your incident report, use the form mentioned in section 6.
3. Charter
3.1. Mission statement
CIRCL is the national Computer Security Incident Response Team (CSIRT) for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE ("security made in Lëtzebuerg"), a State funded "groupement d'intérêt économique" (GIE), designed to improve information security and create new opportunities for Luxembourg.
Its missions are to:
- provide a systematic response facility to ICT-incidents
- support national ICT users to recover quickly and efficiently from security incidents
- minimize ICT incident-based losses, theft of information and disruption of services at a national level
- gather information related to incident handling to better prepare future incidents management and provide optimized protection for systems and data
- coordinate communication among national and international incident response teams during security emergencies and to help prevent future incidents
- provide a security related alert and warning system for national ICT users
- foster knowledge and awareness exchange in ICT security
3.2. Constituency
CIRCL is the national Computer Security Incident Response Team (CSIRT) for the Grand-Duchy of Luxembourg.
The constituency covers the .lu TLD, Internet Public ASN and IP addresses located/originated and/or operating in/from the Grand-Duchy of Luxembourg.
3.3. Sponsorship and/or Affiliation
CIRCL is the national Computer Security Incident Response Team (CSIRT) for the Grand-Duchy of Luxembourg. CIRCL is operated by SMILE ("security made in Lëtzebuerg"), a State funded "groupement d'intérêt économique" (GIE), designed to improve information security and create new opportunities for Luxembourg.
The GIE is composed of the following Luxembourgish ministries and administrations:
- Ministère de l'Economie et du Commerce extérieur
- Ministère de l'Education nationale et de la Formation professionnelle
- Ministère de la Famille et de l'Intégration
- Service National de la Jeunesse, SNJ
- Syndicat Intercommunal de Gestion Informatique, SIGI
- Syndicat des Villes et Communes Luxembourgeoises, SYVICOL
3.4. Authority
CIRCL operates under the auspices of, and with authority delegated by, the Grand Duchy of Luxembourg (official document).
4. Policies
4.1. Types of incidents and level of support
CIRCL is authorized to address all types of computer security incidents which occur, or threaten to occur, in the constituency networks.
The level of support given by CIRCL will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and CIRCL's resources at the time, though in all cases some response will be made within two working days.
Incidents will be prioritized according to their apparent severity and extent.
End users are expected to contact their systems administrator, network administrator, or department head for assistance.
4.2. Co-operation, interaction and disclosure of information
CIRCL exchanges all necessary information with other CSIRTs as well as with affected parties' administrators. Neither personal nor overhead data are exchanged unless explicitly authorized.
All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below.
4.3. Communication and authentication
In view of the types of information that CIRCL deals with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.
If it is necessary to send highly sensitive data by e-mail, encryption (preferrably PGP) will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.
All e-mail or data communication originating from CIRCL will be digitally signed, using the generic PGP key mentioned above, or the CIRCL agents' own signature keys.
5. Services
5.1. Incident response
CIRCL will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incidents management:
5.1.1. Incident triage
- Investigating whether indeed an incident occurred.
- Determining the extent of the incident.
5.1.2. Incident coordination
- Determining the initial cause of the incident (e.g. vulnerability exploited, ...).
- Facilitating contact with other sites which may be involved.
- Facilitating contact with appropriate law enforcement officials, if necessary.
- Making reports to other CSIRTs.
- Composing announcements to users, if applicable.
5.1.3. Incident resolution
- Helping to remove the vulnerability.
- Helping to secure the system from the effects of the incident.
- Collecting evidence of the incident.
In addition, CIRCL will collect statistics concerning incidents processed, and will notify the community as necessary to assist it in protecting against known attacks.
To make use of CIRCL's services please refer to section 2.11 for points of contact. Please remember that amount of assistance will vary as described in section 4.1
5.2. Proactive services
CIRCL coordinates and maintains the following services to the extent possible depending on its resources:
- Information services such as: list of security contacts, repository of security-related patches for various operating systems
- Training and educational services
Detailed information about obtaining these services is available from the CIRCL website: http://www.circl.lu/
6. Incident reporting forms
CIRCL has created a local form designated for reporting incidents to the team. We strongly encourage anyone reporting an incident to fill it out. The current version of the form is available from: http://www.circl.lu/report/
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CIRCL assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
