Security incident handling (CSIRT)

Basic features

CSIRT ensures methodological support in handling security incidents and addressing emergencies to security staff of the connected members’ networks; administers and provides a number of security services; and organises awareness-raising events.

The activities of the team include:

• Handling and coordination of the handling of security incidents within the CESNET e-infrastructure;
• Collation, assessment and distribution of information about security incidents;
  • SSERV, ORR, UCEPROT, N6, X2 and X4 systems and other non-public sources.
• Based on information available and upon agreement with the participant:
  • Interventions into the network infrastructure in cooperation with CESNET NOC,
  • Monitoring in cooperation with CESNET’s Service Desk.
• Administration and operation of the following systems:
  • IntrusionDetectionSystem (IDS);
  • Honeypot;
  • Warden;
  • Mentat.

CESNET-CERTS is the first CSIRT in the Czech Republic. At the same time, CESNET established the CSIRT.CZ the management of which was subsequently assigned to the CZ.NIC association (fulfils the role of the Czech national CSIRT).

The service is automatically provided to all connected entities.

The participants are obliged to handle the security incidents occurred in collaboration with the CESNET-CERTS team. In accordance with the RFC 2142 memorandum, the Participant should create and maintain the abuse@“participant’s domain” e-mail address to receive complaints about security incidents. The mail received is subsequently distributed to all staff members dealing with the security of the participant’s network.