-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 RFC-2350: CSIRT Description for ETH CSIRT - ----------------------------------------- 1. About this document 1.1 Date of Last Update This is version .06, 2024-09-25. 1.2 Distribution List for Notifications Members of the constituency are informed of changes through their closed channels. 1.3 Locations where this Document May Be Found The current version of this CSIRT description is referenced at ETH Zurich under: https://www.ethz.ch/.well-known/security.txt Please make sure you are using the latest version. 1.4 Authenticating this Document This document has been signed with the PGP key of security@ethz.ch. 2. Contact Information 2.1 Name of the Team (as registered with Trusted Introducer) "ETH CSIRT": ETH Zurich, Switzerland. 2.2 Address See https://www.trusted-introducer.org/directory/teams/eth-csirt-ch.html 2.3 Time Zone Central European: Winter GMT+0100 Summer GMT+0200 Change date: Winter -> Summer: 02:00 UTC last Sunday of March Summer -> Winter: 01:00 UTC last Sunday of October 2.4 Telephone Number +41 44 632 66 66 This number will round-robin through ETH CSIRT team members. 2.5 Facsimile Number (Fax unavailable) 2.6 Other Telecommunication Members of the constituency have access to closed, secure communication and collaboration platforms. 2.7 Electronic Mail Address This address will reach our team which is monitored during working hours. 2.8 Public Keys and Other Encryption Information ETH CSIRT has a PGP key, KeyID: 6EEEFBFFD6437004 Fingerprint: 2CC2 9A19 4B25 DDD0 B750 B48B 6EEE FBFF D643 7004 The key and its signatures can be found at the public key-servers as well as on the Web site: /staffnet/de/it-services/katalog/sicherheit/pgpkey.html 2.9 Team Members ETH CSIRT is operated by dedicated staff. It can fall back to other employees of ETH Zurich for special needs. 2.10 Other Information General public information about ETH CSIRT can be found on the Web site: /staffnet/en/it-services/it-security.html 2.11 Points of Customer Contact Normal contact is through e-mail using the address . In urgent cases and emergencies customers as well as other CERTs can use the phone numbers given above. ETH CSIRT follows standard Swiss office-hours on weekdays: 8:00 - 18:00 Outside of these hours as well as on weekends, public holidays in Zurich and the days between Dec. 23 and Jan. 3, services are offered on a best effort basis and are not guaranteed. 3. Charter 3.1 Mission Statement ETH CSIRT supports members of its constituency (see below) with reactive and proactive services in the field of IT security. ETH CSIRT is responsible for helping to protect the campus network infrastructure from IT security-related attacks and abuse (Quality of Service). We support campus research, education and public service goals by helping to maintain a secure and open computing environment conducive to learning and collaboration. In addition we also help establish better security practices and awareness. ETH CSIRT can provide support to third parties for problems involving incidents originating outside our constituency. 3.2 Constituency ETH CSIRT serves the following customers: - All organizations within ETH Zurich, specifically support groups within departments, central services and the rectorship. - Selected third parties which have SLAs with ETH CSIRT. 3.3 Sponsorship and/or Affiliation ETH CSIRT is operated by the IT Services department of ETH Zurich. ETH CSIRT is also supported by and collaborates with the security team of the SWITCH-CERT (AS559). 3.4 Authority ETH CSIRT coordinates security incidents for its constituency. It has limited formal authority over constituency members based on the university Acceptable Use Policy. (https://www.ethz.ch/services/en/it-services/documents.html) 4. Policies 4.1 Types of Incidents and Level of Support Incidents are prioritized according to their severity. Incidents directly affecting members of the constituency are treated with higher priority. Incidents affecting external organizations are treated with the corresponding seriousness and urgency of the event. 4.2 Co-operation, Interaction and Disclosure of Information All requests to ETH CSIRT are treated with due care. ETH CSIRT adheres to the Traffic Light Protocol (TLP). See https://www.first.org/tlp/ for a description. Classified messages should be tagged in the subject as [TLP: Color]. A similar stamp should be clearly visible in other documents sent to ETH CSIRT, such as PDF files, etc. If contact is through phone or video conference, the TLP classifications should be stated prior to the delivery of the information. It is recommended to encrypt sensitive information with the PGP key mentioned above. Unless required by law, ETH CSIRT will never release information provided by third parties without their consent. Other encryption methods are available upon request. 4.3 Communication and Authentication See 4.2. To ensure authenticity and confidentiality of information use PGP signatures and encryption or other agreed upon signing and encryption methods. 5. Services 5.1 Incident Response ETH CSIRT will assist its customers in the following areas. ETH CSIRT normally acts as a first-level contact supporting to other support groups within the departments and organs of ETH. In particular, it will provide assistance or advice with respect to the following aspects of incident management: 5.1.1 Incident Triage - Investigating whether indeed an incident occurred. - Does the incident belong to our constituency. - Determining the extent of the incident. 5.1.2 Incident Coordination - Analyzing available information. - Contact the organization or support team affected. - Facilitating contact with other sites which may be involved. - Support the organization affected with intelligence and additional information related to the incident. - Performing specialized tasks, such as forensic analysis, malware reverse engineering, etc., if requested. 5.1.3 Incident Resolution - Resolving the root cause of incidents is primarily the customers' responsibility. ETH CSIRT will provide support, where applicable. 5.2 Monitoring - ETH CSIRT monitors the ETH Zurich border gateway for malicious traffic. - Where feasible ETH CSIRT monitors attack surfaces to reduce potential risks. 5.3 Proactive Activities ETH CSIRT provides the following proactive services: - Information services - Alerts for highly critical threats. - Awareness material (In coordination with the ETH Security Awareness program). - Coordination/Consulting ETH CSIRT can consult its' constituency regarding IT-security-related matter and coordinate security efforts upon request. - Assessments/Vulnerability Scanning ETH CSIRT can initiate or support assessments of IT-systems and services, including vulnerability scanning of endpoints. - Training services ETH CSIRT can conduct trainings on security awareness issues for members of its constituency upon request. 6. Incident Reporting Forms Incident reporting (including form) can be found within our Responsible Disclosure Policy reference in security.txt (see 1.3 above). 7. ±Ø²©¹ÙÍø,±Ø²©ÌåÓý While every precaution will be taken in the preparation of information, notifications and alerts, ETH CSIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within. All information in this document is Copyright 2024, ETH Zurich. This document may not be redistributed, in whole or in part, without the explicit, written permission of ETH CSIRT. Please use the URL given under 1.3 for redistribution. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEELMKaGUsl3dC3ULSLbu77/9ZDcAQFAmbz9BUACgkQbu77/9ZD cARG9Q//e6gBNZpzkBIQsWo5s1uIAWAQa2r0Z9uQdvVve07pImgu7XTlqc9KQ8T7 TqykK2l1NnJ+tgzUSHPJj4Nqxx/h7q+NnWnrvemN8RXZOKV/QnGe3PpRROo6mWeM rl90RjzvI3ojkHhBJ/YkD4PgG2JRh1JCxASEI0r6EkHfiNy8l8bruCc8f6PKwqyW MP4c91SZtPOOls8gf+86NKS5sRd9NNOSo8nN51KO0Q0qaV0JEZeurEC3tmeV3iQL 0nDxzxwB3P6hU/ZXmhrJMPxbiNM393I9rJvFdljoGcpi1P4DMxBJ+Tavifj0eqKT 7ZzykB4rowiHDHs43Ikw/Hdmz4fyW7g7bGXEubWRX9QBSowJCwx/MM8qzC/QLJgd PxLaRn9yBnLr5TWD8t/2i3DzG7jmHaRIvN2qvT0C/OUGDYFQ3EjM4O1FAFUKLlXY 8nv7jFUQtzZT9ugglHJLfBl1PMC5zB82/7ix6MsVil/cY1/71ygrqMkvT29xJ9iS mXjyVmqfSE97H3j2gr8BUYSs0kl8wB7EG++6b+BfyjeCpsxgAO6Hsk/ENd+z6fM6 fTLrxDUH/efojG+QY/AK8ZLDLPZ0Q1UfEwgwQdj2eGW+1Oe39obGpv1B/VCkxhtJ tq/eIJVV3dmRtHYkvRLjzeJV8BFxQnpnSsV9DOgv0Qk4a/njEqg= =+/li -----END PGP SIGNATURE-----