RFC 2350 Version: 1.0 Published 2020/11/12 1. About this document This document contains a description of NIRT according to RFC 2350. It provides basic information about the NIRT, the ways it can be contacted, describes its responsibilities and the services offered. 1.1 Date of Last Update This is version 1.1, published 2020/11/12. 1.2 Distribution List for Notifications Currently NIRT does not use any distribution lists to notify about changes in this document. 1.3 Locations where this Document May Be Found The current version of this IRT description document is available from the NASK WWW site; its URL is https://www.nask.pl/nirt Please make sure you are using the latest version. 1.4 Authenticating this Document This document have been signed with the NIRT PGP key. The signatures are also on our Web site, under: https://www.nask.pl/nirt 2. Contact Information 2.1 Name of the Team NIRT (NASK Incident Response Team) 2.2 Address NASK - National Research Institute Kolska 12 01-045 Warsaw Poland 2.3 Time Zone Central European Time (GMT+0100, GMT+0200 from April to October) 2.4 Telephone Number +48 182 00 22 2.5 Facsimile Number +48 22 380 82 01 (this is *not* a secure fax) 2.6 Other Telecommunication None available. 2.7 Electronic Mail Address nirt@nask.pl This is a mail alias that relays mail to the human(s) on duty for the NIRT. 2.8 Public Keys and Other Encryption Information -----BEGIN PGP PUBLIC KEY BLOCK----- mQINBFxlaKkBEADWtTWt5b362THfjQIirrYaZyxxCQuFwsZKk8BcBdjIHfE6CxnX Bnn/yhSWPl+W6fu8ruXnHoRi1naG/IzG6nIYX2E9WlX/N0E3IMkFoeWkJ3MchctO d2k5U9U8j19Gvt3mq3iEKdX75TbUxsLbIkiXQvVULPld82MGjIcEbRPn9CkJl567 YMOCGDHze+fPurAhN57RlrPvill42M/rJuBP3lsg68seKxmEyL4HnzP7ji1Hp6jz eMyxx6LH5De9Byn7GJRs5fARUYhQ5ssF3ITZk++Oa7GQO3/Bd90ofqojosjFnwUl wqbxzxOZduXWCkd+Nn1ZsetM2wrMLy5nhla0nqm9pWM6GAkhlw/oq8EsC660FCx8 VB9oAPEjqrxM4r/58JjS1cH68yLN3D75tKiSAeehkcaMKQoHhY+u+Wbohr74uD07 s+pPLGnjMG6MJLlmSl0bCtD8BcDhUGuSZcnIBycf5AcCoD61mKCkwSkHHTjzZbA8 HbkHKe766uhmBQDmHyd2DCdv7iYKIMboVZfq0dv1wTY2BbEsCvo4FoWUhkIkRNdp na9T6SeVx3+Podp1JdKOFp9YTmZJnKbP1ue7KSdLZRquk8kY6qV38iNyakYNmU0L kxQ3S1zTdyyLA9squ6MEJlE2/9oALjDOmVianIrulc9F1cjDYef8K9zz0wARAQAB tDZOQVNLIE5JUlQgKE5BU0sgSW5jaWRlbnQgUmVzcG9uc2UgVGVhbSkgPG5pcnRA bmFzay5wbD6JAlQEEwEKAD4WIQToVbb1qF0GsBJmriiv9KfFy5Ib6gUCXGVoqQIb AwUJCWYBgAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRCv9KfFy5Ib6qcVD/sE Dm4nR81ucDNc/ZiS7X2CglSYzSpO1+jiGQ+ew3ni0f7bYuVV+Gg+wlVRSY2nOqNk jB+zijlFNf0prTemJ+yyNeNy9J5iJJ3uqFiw9gG/LHXlP+gaadFKqCpuN+FPv0yb phm3kuK15yR9swCt9EHEeNe2R7BhZE4YM1gNxvY4raqpyFyyGwcP4WmzZs/pACPv ktsdExmiFzDvQPFNQBlo+pvF0JCFgJKdSn2zqpXY7lbv/kU+GwElQTB52us+SxN1 36tlMzfxmBxjcedJcip1IijcvAWYXmXne/PR9J/zSSblUI6FTu7ixLwQSy0yClUS J4zsVxVvF54HVflW59jWnq+PhAAMGyR1V4REhvUkC+wnmkxDSPmOk0G/ObJLip0L 5wDA6ejsOZfCVqwkXk0SjVmXvZXUppmT4B5EiHJW9nXawwX5ZWtjlViU4lRU1KMN pHwAFat2IM0irxNq2nZ8N7LS2ZmzO0KKZytCW6S4S0imKLs43w1sWDSLU6TiQeRe 1Oxp5V2rP8+EN2iUXEDDZEznfuQo4M3HbyLKh2FCR1ERG/UgTvuaqe1XOXrHU2XB nanctzNmsUL1ZKIqJmp/REJDrsb5vc8DVtqrDMpXBijcp25HgWoVlfmf1iwHTANa yUiSWIwLMXum2kimt/c7RvXUmAbmXfZjSB8uqq/l7bkCDQRcZWipARAArPn02eqs AjiFv7YWMPwBA1LVMjMSZYIM5p3+AQ4SFTnlklYCmB1pOKEkbrxkLLKvdpkfOEVr 85fuBoJqKdGUK54lscbaM4NoFK4GH96wsYfBcCe+ftLFkNtMfbsWo+TWOzPmn7YR 0HbnaqR5NhR7PLie5kRsgOXXAbyiAwojdcZnZ26asFhl/ul9S+t4pW2bx3QjPiIT sOnDCt4pQHk52gpryi6X3w/eOs7lFBvYkS869UoKQqeJ4e3/fFklraELCdbioGeM 9wx1TLZ/taoMBM9l9BFmgUn5BxRS6Y2jydcK/js3U1mQfkjA2hVa930D1mYBPzJf bimODerwnFewywz4lFsHxWuKOM6bzIP7V1dQ7/OLiUDOEgrliXvWzQPqJzgFz+w7 X7OUTE96sRlEuzfL5+OUj3IDmLEwFAX8jz9plZ+/9UtNaDgtyzrHHOYI/4S56fLq qBKKLZ0Hs+Ll5sbh3vcXUwF4AsZpsyrlLQzGw9A0KTKTjKaXiD3ltB7bFTpyWioS MGJos/kSyzkkE1WP7Q+5g3e1Lrb156M5U9lk8CO98MjS1pLaMxtmJdonwaX9Dodg TzPto5AoQaNG94kcSmRrnrWp2z/cFaRXMJnS2Mb4xffsISZMKbDjnomJCugdlG3D ONDCcRtHv+PI7u5Yw8oVjXGmiXEzGjLMXhkAEQEAAYkCPAQYAQoAJhYhBOhVtvWo XQawEmauKK/0p8XLkhvqBQJcZWipAhsMBQkJZgGAAAoJEK/0p8XLkhvqWA8P/A64 rJJqCkWcS8VBmeu25CKNiNnq7ziwF7dsr0WWy1TTKkkQuiIIvs8Pod4pvnJAhL4L b+JVWgK3PLDZRLfIM5WcQRXlFuNCKrcAJhbPHI9L84/RTrwpiR0p9JaahAo8Hppj EYXDEZEVDtvAkXyUxAWN1wo2vdlglNeiWIeBY8F5a110zg6V2fExZ0cnmjlo2Ru1 YZOed6vvqVXfJGiF94Lp2dSF8moZTP3nJ0SIhnJ4ZU6uylJaidMj2NXgBQpBYpA0 dwOlgI6iGlmTeTRtW8kh0mfK+26x/mxpzCVM5lSgXTYq4LjzpYywSut0l243tDyy JQ6t+mNyY4bTOEWjF1TznxET8QG/V9E8qlMw4H8U+3OM9q8c5CjLmZv/+dlEu0BQ JDZch4Z8U4amqrZJHhUpJqh4fA8Y4yRoK6OzCJ+TixxuXWRsbSaG3rq0gpO9PvpF DAc8ccbr/MH4fFHIWHBDCE6mxB9HrXVDAmNgBbnlRznm44Bx9VrohUSoITFSl7RA dna2U6AE+0qDITkEJoCi79rVD97gsLO13gh3+6AtQPgIQnHT5oExlG+paKEza6mc rZnZZSGd9N6sou00VpkUf7jn21U5J1CFJ+bm7JKMuSbcyYzQL7dFg7Lcux7wEWMa u9Wx4Cq5vM05tk4NLmBq+6fR8xpWjG/QJmi/ynXY =mg2T -----END PGP PUBLIC KEY BLOCK----- 2.9 Team Members Piotr Bisialski is the NIRT coordinator. Backup coordinators and other team members, along with their areas of expertise and contact information. 2.10 Other Information General information about the NIRT, as well as links to various recommended security resources, can be found at https://www.nask.pl/nirt 2.11 Points of Customer Contact The preferred method for contacting the NIRT is via e-mail at ; e-mail sent to this address will "biff" the responsible human, or be automatically forwarded to the appropriate backup person, immediately. If you require urgent assistance, put "urgent" in your subject line. If it is not possible (or not advisable for security reasons) to use e-mail, the NIRT can be reached by telephone during regular business hours. The NIRT hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays). 3. Charter 3.1 Mission Statement The purpose of the NIRT is suport commercial customers (SOC teams) and internal SOC at NASK in implementing proactive measures to reduce the risks of computer security incidents, and assist in effective responding to such incidents when they occur. NIRT actively participates in the national cybersecurity system in Poland. 3.2 Constituency The NIRT constituency is institutions from private, public sector who signed an commercial agreement to use our incident management services and internal NASK security department. The .pl domain is our goal to distribute the collected information to the national level CSIRTs. 3.3 Sponsorship and/or Affiliation NIRT is financially maintained by the NASK Research and Academic Network in Poland which it is formally a part of. 3.4 Authority NIRT operates under the auspices of, and with authority delegated by, NASK Research and Academic Network in Poland. NIRT deals with incident handling for commercial clients with whom it is bound by the terms of the contract. NIRT however is regularly expected to make recomendations during the incident handling process where parties affected have not signed an agreement to use our incident management services. 4. Policies 4.1 Types of Incidents and Level of Support The NIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, at NIRT constituency. The level of support given by NIRT will vary depending on the type and severity of the incident and the availability of NIRT resources at the time. 4.2 Co-operation, Interaction and Disclosure of Information NIRT declares that all information related to incidents handled is considered Confidential. All sensitive data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below. Information submitted to NIRT may be distributed on a need-to-know basis to trusted parties (such as ISPs, other CERT teams) for the sole purpose of incident handling. 4.3 Communication and Authentication NIRT uses PGP encryption to ensure the confidentiality and integrity of communication. All sensitive information sent in should be encrypted. In view of the types of information that the NIRT will likely be dealing with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data. 5. Services 5.1 Incident Response NIRT will assist system administrators in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1 Incident Triage - Investigating whether indeed an incident occured. - Determining the extent of the incident (including a potencial impact on the constituency). 5.1.2 Incident Coordination The goal follow is to provide a complex coordination incidents with particular emphasis on exchanging information between various involved parties. These include but are not limited to: - Determining the initial cause of the incident (vulnerability exploited). - Facilitating contact with other sites which may be involved. - Facilitating contact with appropriate law enforcement officials, if necessary - Making reports to other CSIRTs, if applicable - Composing announcements to customer (member of the constituency), if applicable. 5.1.3 Incident Resolution - Advising local administrators on appropriate actions - Collecting statistics about incidents within its constituency - Collected evidence analysis and Recommendation 5.2 Proactive Activities - Raising security awareness in its constituency. - Creating and distributing reports to our constituency basing on own research 6. Incident Reporting Forms There are no specific forms developed for reporting incidents to NIRT. 7. Disclaimers While every precaution will be taken in the preparation of information, notifications and alerts, NIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.