RFC2350 EN

RFC2350 - CSIRT.UMINHO

1. Document information

1.1. Date of last update
     Version 2.2 published 2020/10/01.

1.2. Distribution list for notifications
     There is no distribution channel to notify changes to this document.

1.3. Locations where this document may be found
     The updated version of this document is available at https://csirt.uminho.pt/language/en/rfc2350-en/
     A versão portuguesa deste documento está disponível em https://csirt.uminho.pt/language/pt/rfc2350-pt/

1.4. Authenticity of this document
     For validation purposes, an ASCII version signed with PGP is available at https://csirt.uminho.pt/rfc2350-en.asc
     The PGP key used to sign is from CSIRT.UMINHO and is available in section 2.8.

2. Contact information

2.1. Team name
     Full name: University of Minho Computer Security Incident Response Team
     Short name: CSIRT.UMINHO

2.2. Address
     CSIRT.UMINHO
     Cybersecurity Center
     Information and Communications Systems Services Unit
     University of Minho 
     Campus de Gualtar
     4710-057 Braga 
     Portugal

2.3. Time zone
     Europe/Lisbon (GMT+0,GMT+1 DST)

2.4. Telephone number
     +351 253601020

2.5. Facsimile number
     +351 253601029

2.6. Other telecommunications
     Non-existent.

2.7. Electronic mail address
     Computer security incident reports should be sent to: report@csirt.uminho.pt
     For other matters please use: info@csirt.uminho.pt

2.8. Public keys and other encryption information
     Email address: report@csirt.uminho.pt
     User ID: CSIRT.UMINHO (CSIRT Universidade do Minho)  
     Key ID: BCE58917
     Key type: RSA
     Key size: 4096
     Expires: 2021-07-03
     Fingerprint: A044B54BB101A516A582C16A81BB39AFBCE58917
     The key is available at https://csirt.uminho.pt/pgp-csirt.uminho.asc and several public keyservers.

2.9. Team Members
     Coordination: Paulo Valverde
     Members: Amândio Antunes, José Ramada, Marco Teixeira, Nelson Nunes, Raul Ferreira

2.10. Other Information
      More information about CSIRT.UMINHO can be found at https://csirt.uminho.pt

2.11. Points of Customer Contact
      CSIRT.UMINHO points of contact are listed in sections 2.2, 2.4, 2.5, 2.6 and 2.7.

3. Charter

3.1.  Mission Statement
      CSIRT.UMINHO mission is to assure cybersecurity incident response, nammely to treat, assist, and coordinate cibersecurity incidents, to contribute to the cybersecurity effort of the academic community through preventive and reactive actions, as well as to promote a culture of cybersecurity at University of Minho.

3.2. Constituency
     CSIRT.UMINHO responds to computer security incidents in the context of UMinho’s academic community. The domains and IP addresses within within the scope of its operations are:
     *.uminho.pt
     192.68.209.0/24
     192.82.127.0/24
     192.86.138.0/24
     192.88.17.0/24
     192.88.250.0/24
     192.88.251.0/24
     192.88.252.0/24
     192.88.253.0/24
     192.88.254.0/24
     192.92.142.0/24
     192.135.187.0/24
     193.136.8.0/21
     193.136.16.0/22
     193.136.20.0/23
     193.136.22.0/24
     193.137.8.0/21
     193.137.16.0/22
     193.137.72.0/23
     193.137.74.0/24
     193.137.75.0/26
     193.137.88.0/22
     193.137.92.0/24
     2001:690:2208::/48

3.3. Filiation
     CSIRT.UMINHO is a computer security incident handling service integrated in the Cybersecurity Center from the Information and Communications Systems Services Unit of the University of Minho.

3.4. Authority
     CSIRT.UMINHO is one of the services in the area of computer security provided by the Cybersecurity Center from the Information and Communications Systems Services Unit of the University of Minho to its academic community, which comes from its mission and is inscribed in the Organic Regulation of Service Units, more specifically in article 35 (b).

4. Policies

4.1. Incident types and support level
     CSIRT.UMINHO responds to all types of cybersecurity incidents that occur within its academic community, including those that result in a security breach of the following types:
     a) Malicious code
     b) Availability
     c) Information Collection
     d) Intrusion Attempt
     e) Intrusion
     f) Information security
     g) Fraud
     h) Abusive Content
     i) Vulnerable
     j) Other
     The level of support given by CSIRT.UMINHO varies depending on the type, severity and scope of ongoing incidents and the resources available for its treatment.

4.2. Cooperation, interaction and privacy policy
     CSIRT.UMINHO’s privacy and data protection policy provides that sensitive information may be passed to third parties solely and exclusively in case of need and with the express prior authorization of the individual or entity to whom such information relates.

4.3. Communication and authentication
     From the means of communication provided by CSIRT.UMINHO, the telephone and unencrypted electronic mail are considered sufficient for the transmission of non-sensitive information. For the transmission of sensitive information the use of PGP ciphers is mandatory.

5. Services

5.1. Incident Response
     CSIRT.UMINHO plans to support network infrastructure administrators and systems in managing the technical and organizational aspects of security incidents. In particular, provide assistance and advice on the following aspects of incident management:

5.1.1 Incident Screening
      * Determine when an incident is authentic.
      * Evaluate and prioritize an incident.

5.1.2 Incident Coordination
      * Determine the organizations involved.
      * Contact the organizations involved to investigate the incident and take appropriate action.
      * Facilitate contact with other parties who can assist in resolving the incident.
      * Send reports to other CERTs.
      * Routing of information related to computer security incidents acting as a facilitator for its resolution among the various parties.

5.1.3 Incident Resolution
      * Advising the network and systems infrastructure administration teams on the appropriate actions to be taken.
      * Monitor the progress of network infrastructures and systems management teams on security issues.
      * Request reports.
      * Respond to requests.
      * Collect incident statistics in the context of your institution.

5.2. Proactive activities
     CSIRT.UMINHO coordinates and maintains the following services to expand its capabilities:
     * Dissemination of alerts.
     * Configuration and maintenance of security tools, applications and infrastructures.
     * Intrusion detection services.
     * Security audits.
     * Development of computer security solutions.
     * Dissemination of information related to security.

6. Incident reporting forms
   No forms are available for this purpose.

7. Safeguarding of liability
   Although all precautions are taken in the preparation of the information disclosed in the Internet portal or through distribution lists, CSIRT.UMINHO assumes no responsibility for errors or omissions, or for damages resulting from the use of this information.