About this document
Date of last update
This is version 1.8, published on 4th January 2015.
Distribution list for notifications
Currently CIRCL does not use any distribution lists to notify about changes in this document.
Locations where this document may be found
The current version of this CSIRT description document is available from the CIRCL web site; its URL is http://www.circl.lu/mission/rfc2350/index.html. Please make sure you are using the latest version.
Authenticating this document
This document has been signed with the CIRCL PGP key. The signature is also on our web site, under: http://www.circl.lu/mission/rfc2350/index.html.
The integrity of a page from the CIRCL website can be verified using PGP. The procedure is described at the following location: https://www.circl.lu/verify/
Contact information
Name of the team
CIRCL - Computer Incident Response Center Luxembourg, the CERT for the private sector, communes and non-governmental entities in Luxembourg.
Address
CIRCL - Computer Incident Response Center Luxembourg
c/o smile - "security made in Lëtzebuerg" GIE
41, avenue de la gare
L-1611 Luxembourg
Grand Duchy of Luxembourg
Time zone
Central European Time (GMT+0100, GMT+0200 from April to October)
Telephone number
+352 247 88444
Facsimile number
+352 274 00 98 6698
Other telecommunication
None available.
Electronic mail address
Incident reports (including non-incident) related mail should be addressed to <info (a) circl lu>
Public keys and other encryption information
CIRCL has an OpenPGP public key, which KeyID is 0x22BD4CD5 and fingerprint is: CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 {BR}
pub 2048R/22BD4CD5 2010-11-03 Key fingerprint = CA57 2205 C002 4E06 BA70 BE89 EAAD CFFC 22BD 4CD5 uid CIRCL info@circl.lu sub 2048R/68B49661 2010-11-03
The public key and its signatures can be found at the usual large public keyservers, or on CIRCL’s PGP key server.
Each CIRCL team member has also a respective OpenPGP public key that you can fetch from the CIRCL’s website.
Team members
CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.
The team (in alphabetical order) is composed of:
Name | PGP Fingerprint | |
---|---|---|
Steve Clement | steve.clement@circl.lu | 3F4D 8CF6 08F9 4F88 2815 2CB1 69A2 0F50 9BE4 AEE9 |
Alexandre Dulaunoy | alexandre.dulaunoy@circl.lu | 3B12 DCC2 82FA 2931 2F5B 709A 09E2 CD49 44E6 CBCD |
Michael Hamm | michael.hamm@circl.lu | 917D 0B62 1E88 BEC1 9081 792B F723 3773 DB0F 8DBD |
Andras Iklody | andras.iklody@circl.lu | C0B2 39A5 D5D7 76A8 C2FE 322F BEA2 24F1 FEF1 13AC |
Sascha Rommelfangen | sascha.rommelfangen@circl.lu | 85F1 E6D6 7988 03C6 5446 3133 89F7 60A9 A572 F306 |
Manuel Silvoso | manuel.silvoso@circl.lu | ADBD BDBB E940 C05D 85CD D2AD 9407 8431 6DEB A7A9 |
Pascal Steichen | pascal.steichen@circl.lu | D1DF 00E4 A9BD 1649 8A89 F62F 32C9 485E 0549 E7E1 |
Raphaël Vinot | raphael.vinot@circl.lu | 8647 F5A7 FFD3 50AE 38B6 E22F 32E4 E1C1 33B3 792F |
Gerard Wagener | gerard.wagener@circl.lu | 41EC EDCE 3394 E3CE 3A18 98E3 D0EB 697E D81F 0490 |
A file containing all the PGP keys associated of CIRCL team members is also available at the following location: https://www.circl.lu/assets/files/team.asc.
Other information
Any other information about CIRCL can be found at http://www.circl.lu/
Points of customer contact
The preferred method for contacting CIRCL is via e-mail at <info (a) circl lu>. We encourage our constituency (customers) to use PGP encryption when sending any sensitive information to CIRCL.
If it is not possible (or not advisable for security reasons) to use e-mail, CIRCL can be reached by telephone during regular office hours. Off these hours incoming phone calls are transmitted to an answering machine. All messages recorded are checked ASAP.
CIRCL hours of operation are restricted to: 09:00-12h00 and 14h00-17h00 CET Monday to Friday.
When submitting your incident report, use the form mentioned in section 6.
Charter
Mission statement
CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.
Its missions are to:
- provide a systematic response facility to ICT-incidents
- support ICT users in Luxembourg to recover quickly and efficiently from security incidents
- minimize ICT incident-based losses, theft of information and disruption of services at a national level
- gather information related to incident handling to better prepare future incidents management and provide optimized protection for systems and data
- coordinate communication among national and international incident response teams during security emergencies and to help prevent future incidents
- provide a security related alert and warning system for ICT users in Luxembourg
- foster knowledge and awareness exchange in ICT security
Constituency
CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg.
The constituency covers the .lu TLD, Internet Public ASN and IP addresses located/originated and/or operating in/from the Grand-Duchy of Luxembourg.
Sponsorship and/or Affiliation
CIRCL is the CERT for the private sector, communes and non-governmental entities for the Grand Duchy of Luxembourg. CIRCL is operated by SMILE (“security made in Lëtzebuerg”), a State funded “groupement d’intérêt économique” (GIE), designed to improve information security and create new opportunities for Luxembourg.
The GIE is composed of the following Luxembourgish ministries and administrations:
- Ministère de l’Economie et du Commerce extérieur
- Ministère de l’Education nationale et de la Formation professionnelle
- Ministère de la Famille et de l’Intégration
- Service National de la Jeunesse, SNJ
- Syndicat Intercommunal de Gestion Informatique, SIGI
- Syndicat des Villes et Communes Luxembourgeoises, SYVICOL
Authority
CIRCL operates under the auspices of, and with authority delegated by, the Grand Duchy of Luxembourg (official document). The 2015-2020 convention between SMILE gie and Ministry of Economy regarding the operation of CIRCL was signed on Thursday 18th December 2014.
Policies
Types of incidents and level of support
CIRCL is authorized to address all types of computer security incidents which occur, or threaten to occur, in the constituency networks.
The level of support given by CIRCL will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and CIRCL’s resources at the time, though in all cases some response will be made within two working days.
Incidents will be prioritized according to their apparent severity and extent.
End users are expected to contact their systems administrator, network administrator, or department head for assistance.
Co-operation, interaction and disclosure of information
CIRCL exchanges all necessary information with other CSIRTs as well as with affected parties’ administrators. Neither personal nor overhead data are exchanged unless explicitly authorized.
All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below.
Communication and authentication
In view of the types of information that CIRCL deals with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data.
If it is necessary to send highly sensitive data by e-mail, encryption (preferrably PGP) will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.
All e-mail or data communication originating from CIRCL will be digitally signed, using the generic PGP key mentioned above, or the CIRCL agents’ own signature keys.
Services
Incident response
CIRCL will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incidents management:
Incident triage
- Investigating whether indeed an incident occurred.
- Determining the extent of the incident.
Incident coordination
- Determining the initial cause of the incident (e.g. vulnerability exploited, …).
- Facilitating contact with other sites which may be involved.
- Facilitating contact with appropriate law enforcement officials, if necessary.
- Making reports to other CSIRTs.
- Composing announcements to users, if applicable.
- Ensuring adequate threat sharing information for proactive measures.
Incident resolution
- Helping to remove the vulnerability.
- Helping to secure the system from the effects of the incident.
- Collecting evidence of the incident.
In addition, CIRCL will collect statistics concerning incidents processed, and will notify the community as necessary to assist it in protecting against known attacks.
To make use of CIRCL’s services please refer to section 2.11 for points of contact. Please remember that amount of assistance will vary as described in section 4.1
Proactive services
CIRCL coordinates and maintains the following services to the extent possible depending on its resources:
- Information services such as: list of security contacts, repository of security-related patches for various operating systems
- Training and educational services
In addition, CIRCL provides different proactive tools and services to reduce security incidents and/or improve security incident handling:
- Development of security tools in the field of analysis, threat and information sharing, security assessments.
Detailed information about obtaining these services is available from the CIRCL website: http://www.circl.lu/
Incident reporting forms
CIRCL has created a local form designated for reporting incidents to the team. We strongly encourage anyone reporting an incident to fill it out. The current version of the form is available from: http://www.circl.lu/report/ The reporting can also be done anonymously based on the requirements from the reporter.
Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CIRCL assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.