RFC2350 (EN) – RCTS CERT

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

RFC 2350: RCTS CERT
Last Revision: Carlos Friacas

1 Information about this document

1.1 Last update date
Version 4.2 published on 2025/04/14.

1.2 Distribution lists for notifications
There is no distribution channel to notify changes on this document.

1.3 Access to this document
The updated version of this document can be found at

http://www.cert.rcts.pt/images/docs/RFC2350RCTSCERT_EN.pdf
A Portuguese version can be found at
http://www.cert.rcts.pt/images/docs/RFC2350RCTSCERT.pdf

1.4 Authenticity of this document
This version of RCTS CERT’s service description is signed with RCTS CERT’s
PGP key.

2 Contact information

2.1 Team Name
RCTS CERT

2.2 Postal Address
Fundacao para a Ciencia e a Tecnologia
Unidade de Computacao Cientifica Nacional
RCTS CERT
Apartado 50435
1700-001 Lisboa
Portugal

2.3 Time zone
Portugal/WEST (GMT+0, GMT+1 during summertime)

2.4 Phone Number
+351 218 440 177

2.5 Fax
Non existent

2.6 E-mail
report@cert.rcts.pt; info@cert.rcts.pt; seguranca@fccn.pt;
cert@cert.rcts.pt; security@cert.rcts.pt; abuse@cert.rcts.pt;
report@csirt.fct.pt; info@csirt.fct.pt;
cert@csirt.fct.pt; security@csirt.fct.pt; abuse@csirt.fct.pt

2.7 Other Types of Telecommunications
Nonexistent.

2.8 Public Keys and Encryption Information
RCTS CERT’s PGP key has KeyID 0xd6332f59fea3184b8e479a5f212671f1a8cf0f77
and its fingerprint is D633 2F59 FEA3 184B 8E47 9A5F 2126 71F1 A8CF 0F77.
This key can be found at the usual key servers on the Internet
such as pgp.circl.lu.

2.9 Team Members
Coordination: Carlos Friacas
Members: Filipa Macieira, Pedro Silva, João Machado, Louise Altvater
Legal advice: Miguel Andrade

2.10 Further Information
Further information about RCTS CERT can be found at
http://www.cert.rcts.pt/.
Team info is also available at:

https://www.trusted-introducer.org/directory/teams/rcts-cert.html
https://www.first.org/members/teams/rcts_cert

2.11 Types of contact for users
RCTS CERT has the following types of contact (in order of preference):
E-mail for reporting security incidents:
report@cert.rcts.pt; cert@cert.rcts.pt; abuse@cert.rcts.pt; seguranca@fccn.pt
E-mail for other related issues with computer security:
info@cert.rcts.pt; security@cert.rcts.pt
Phone
+351 218 440 177

3 Charter

3.1 Mission Statement
RCTS CERT’s central mission is contributing to the cybersecurity effort from
user communities tied to organizations connected to the Science, Technology
and Society Network (RCTS), namely through processing and coordination of
incident response, by producing security alerts and recommendations, and to
promote a cybersecurity culture.

3.2 Constituency
RCTS CERT provides incident handling on RCTS’ (Science, Technology and
Society Network) user community context. IP address ranges within RCTS
CERT’s scope are:

2001:690::/32
139.83.0.0/16
158.162.0.0/19
158.162.64.0/19
158.162.96.0/20
158.162.112.0/21
158.162.128.0/18
185.175.184.0/22
192.26.231.0/24
192.26.236.0/24
192.26.239.0/24
192.67.76.0/24
192.68.186.0/24
192.68.209.0/24
192.68.216.0/24
192.68.221.0/24
192.68.224.0/24
192.76.242.0/24
192.80.20.0/24
192.82.127.0/24
192.82.214.0/24
192.84.13.0/24
192.84.15.0/24
192.86.138.0/24
192.88.17.0/24
192.88.250.0/23
192.88.252.0/23
192.88.254.0/24
192.92.133.0/24
192.92.135.0/24
192.92.142.0/24
192.92.144.0/24
192.92.145.0/24
192.92.146.0/24
192.92.147.0/24
192.92.148.0/24
192.92.149.0/24
192.92.152.0/24
192.92.153.0/24
192.94.24.0/24
192.104.48.0/24
192.107.122.0/24
192.122.238.0/23
192.122.240.0/23
192.122.242.0/24
192.132.53.0/24
192.132.55.0/24
192.133.108.0/24
192.135.187.0/24
192.135.219.0/24
192.136.52.0/24
192.138.86.0/24
192.138.204.0/24
192.147.155.0/24
192.153.13.0/24
192.190.174.0/24
192.195.195.0/24
192.207.196.0/24
193.136.0.0/15
193.236.100.0/23
193.236.160.0/20
194.117.0.0/20
194.117.16.0/21
194.117.40.0/21
194.117.48.0/23
194.210.0.0/16

Incident handling is RCTS CERT’s responsibility, on the terms foreseen at
the “Medidas de Controlo de Incidentes de Seguranca Informatica” document
(http://www.cert.rcts.pt/images/docs/medidas_de_controlo_de_incidentes_de_seguranca_informatica.pdf),
specifically regarding feedback timeframes, incident types, communication
means and traffic control measures contained within.

3.3 Affiliation
RCTS CERT is a service component of RCTS – Rede Ciencia, Tecnologia e
Sociedade:

https://www.fccn.pt/en/quem-somos/rede-rcts-rede-ciencia-tecnologia-e-sociedade/
RCTS CERT is a founding member of the National CSIRT Network:
https://www.redecsirt.pt/#membros
RCTS CERT is a certified member of TF-CSIRT:
https://www.trusted-introducer.org/directory/teams/rcts-cert.html
RCTS CERT is a full member at FIRST:
https://www.first.org/members/teams/rcts_cert
RCTS CERT is part of ENISA’s CERT inventory:
https://www.enisa.europa.eu/publications/inventory-of-cert-activities-in-europe/
https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-inventory/certs-by-country-interactive-map

3.4 Authority
RCTS CERT is a service component of RCTS – Rede Ciencia, Tecnologia e
Sociedade. Its authority is defined on the RCTS User Letter
(https://www.fccn.pt/media/2021/06/AUP_RegulamentoRCTS-FCCN.pdf [Portuguese
version only]), specifically on:

(Translated)

FCCN’s Responsibilities

RCTS connectivity services do not implement filtering, encryption or
others that may introduce latency into communications.
By way of derogation from the previous number, FCCN’s RCTS CERT security
service ensures the monitoring of network operations, coordination of security
incident response, including total or partial, temporary or definitive service
cut actions, when these are deemed necessary for the protection of other
USER ENTITIES, RCTS or of the Internet in general, or the management of
vulnerabilities within RCTS.
Mechanisms and measures for the mitigation of security incidents and the
management of vulnerabilities arising from the operation provided for in the
previous number are regulated in the standalone document “MEDIDAS DE CONTROLO
DE INCIDENTES E EVENTOS DE SEGURANÇA INFORMÁTICA”.

4 Policies

4.1 Incident types and support level
RCTS CERT handles all types of security incidents, and has adopted the
Portuguese National CSIRT Network Taxonomy, available at:
https://www.redecsirt.pt/files/RNCSIRT_Taxonomia_v3.3.pdf

4.2 Privacy Policy
In the scope of the RCTS CERT activity and services, personal data is
collected and processed by the FCT – Foundation for Science and Technology,
in its FCCN Unit, which is intended exclusively for the purpose of
Execution and management of the system for IT security incidents response
within the context of all the services provided by FCCN to the research
and teaching community. For this purpose, data is collected regarding the
following categories of data subjects: RCTS network users, user entity
representatives, user entity employees, attendees in training sessions
(Workshops) and the following data categories: Identification: name
(in the context of training sessions and helping user entities); user logins
(in the context of incident response and endpoint protection); username and
passwords (in the context of phishing awareness campaigns) Contact: email
addresses; Professional IP addresses: entity where they
work/collaborate/study. This processing is lawful as it is necessary for the
performance of public interest functions in accordance with Article 6(1)(f)
and Article 6(2) of the General Data Protection Regulation – Regulation (EU)
2016/679 of the European Parliament and of the Council of 27.04.2016
(hereinafter GDPR).
In this case the public interest is based on FCT’s mission and duties set
out in Decree-Law No. 55/2013, of April 17 and article 9(1) c) of the
Annex to Ordinance No. 216/2015, of July 21, namely regarding the duties of:
Ensuring the management and operationalisation of the computer security
incident response. FCT is responsible for the processing of personal data,
with headquarters at Avenida D. Carlos I, 126, 1249-074 Lisbon, telephone:
+351 21 3924300, and it has appointed a Personal Data Protection Officer,
whose contact shall be made directly to the email address dpo@fct.pt for
all matters related to the personal data processed for this purpose.
It is further informed that the data shall be kept in accordance with
what is stipulated by law or regulation, or in the absence thereof, with
what is deemed necessary for the pursuit of the purpose.
As Data Subject, you have the right to request FCT – through any of the
contacts indicated above – to access your personal data, to rectify or
erase them, to limit the processing of your data and to request data
portability when technically possible. You may also object to the processing
or withdraw, at any time, the consent previously given, if applicable.
Without prejudice of sending a direct notification to FCT, through the
contacts available herein, data subjects may complain directly to the
National Commission for Data Protection (www.cnpd.pt), using the contacts
made available by this body for that purpose. FCT may also process personal
data for archiving purposes in the public interest, for scientific or
historical research purposes or for statistical purposes in accordance
with the principle of data minimisation, including anonymisation or
pseudonymisation, whenever the purposes can be achieved by one of these
means. Where personal data are to be processed for archiving purposes in
the public interest, for scientific or historical research purposes or for
statistical purposes, the rights of access, rectification, restriction of
processing and objection provided for in Articles 15, 16, 18 and 21 of the
GDPR shall be affected, to the extent necessary, if those rights are
likely to obstruct or seriously undermine the achievement of those purposes.
To ensure the protection of processed personal data, FCT implements strict
and internationally recognised rules applicable to all those who legally
handle personal data, adopting technical and organisational security
measures in order to protect the personal data that are made available,
such as confidentiality, integrity and authenticity of the processed data,
in this context articulated with the general principles on open data that
recommend free and online access to publications and data resulting from
scientific research funded by FCT, which, by default, ensure that the
data is traceable, accessible, interoperable and reusable.

4.3 Communication and authentication

– From the communication means made available by RCTS CERT, phone and
non-ciphered e-mail are considered to be sufficient to non-sensitive
information transmission. In order to transmit sensitive information, PGP
usage is mandatory.

5 Services

5.1 Handling of security incidents
Security incident handling is RCTS CERT’s main service. A security incident
is any action or set of actions developed against a compute or network of
computers, which results, or can result, in a loss of confidentiality,
integrity or performance of a data network or digital system, namely
non-authorized access, modification or removal of information, interference
or service denial in a digital system. RCTS CERT handles security incidents
in the context of RCTS – Rede Ciencia, Tecnologia e Sociedade – incidents
which source or target of an attack is within RCTS.

5.2 Alert dissemination
RCTS CERT aims to gather a set of information received from several
well-known sources, evaluate its severity degree and translate it to
Portuguese language. Depending on the severity degree, the analyzed
information can result in a security alert, on a recommendation or a simple
news entry published on the http://www.cert.rcts.pt/ portal.

5.3 New CSIRT teams support
RCTS CERT also intends to promote the creation of new security incident
handling teams within RCTS and in the Portuguese Public Administration
context. This service includes holding training events directed to security
incident handling, spreading the word about the theme on adequate fora, and
the support to the creation of new CSIRTs.

5.4 DNS Firewall
RCTS CERT makes available to its constituency a DNS-based mechanism that
prevents communications with malicious domains. The service encompasses the
maintenance and dissemination of a list of malicious domains. In the event
that a user accesses a URL that contains a malicious domain, the content
displayed will be a local page, indicating that the URL that you tried to
access includes malicious content.

5.5 Security Audits
Security audits are performed on request, strictly for RCTS CERT’s
constituency. Each audit involves the preparation of a report containing the
set of facts found and also suggestions for mitigation.

5.6 Monitoring against web defacements
Alarms against web defacements is a RCTS CERT pilot service, which includes
continuous monitoring, archiving several versions of a web server to be able
to register/evaluate any changes. This service is only available for the
constituency.

5.7 Anti-Phishing awareness campaigns
RCTS CERT develops on-demand phishing campaigns for members of its
constituency and other organisations that sign a specific agreement.
Following the development of a campaign, there will also be an awareness
session addressed to the set of people defined as the target group. The aim
of this service is to provide a tool to evaluate the degree of exposure of
an organization to potential future incidents, increasing awareness to
cybersecurity issues.

6 Disclaimer
While all precautions were taken in the preparation of disclosed information
on the Internet portal or through distribution lists, RCTS CERT assumes no
responsibility for errors or omissions or for damages resulting from the use
of that information.

—–BEGIN PGP SIGNATURE—–

iQJIBAEBCgAyFiEE1jMvWf6jGEuOR5pfISZx8ajPD3cFAmf9PsQUHHJlcG9ydEBj
ZXJ0LnJjdHMucHQACgkQISZx8ajPD3eSFA//erEiatPNt90ld85y3EpPWTZw7mLD
ZrsEz2b6W6gLpTW5CzdTFvYpQCAGAI2O5qwgc/fOErEWHjHBiuxOog2wFssYaEGZ
yDYRpzl92ZflyOZglh5mfEUJmqh4xhSDMvtIBadY73NKsO1ob2FIyFr+IR218tNW
zoIUO5dqNMMXDc/Mg5cWFThxJK936ykJLkB21eW7CpkLlxb2+qJc215m2DjiDH/l
cCgrO3SYMOq8w3M1PPCh2r7taiKmcfqHLZTPtpiQyso4FZG/FN0kilEnzJcuLNor
Sx57Bl8u6vWv0ah1iBMoM7B8dV/jyQd9ChvuinGAFTauRAQskRW+fUVFJQ2Dh+qQ
LfSbCLi2+n2bMxoo5DO3atiPNsKaR89/2sJ7M9FcF9o7iJsU/rX1ioFjp+xF0req
9fnYl7RwCwJwdgh03zbDRXC9IaktAa1iOptbAZa9C+3wXl8v7OQ5HXFlyms2oOV7
RRBQ8itlyyEvAUZ6mBGk/Igv7H4w2Tmkf9NIaHF24SXVQ4+b89B2nul2XChmzoQH
Oo8qappcnZ/V0BvdZZrm+JfGIWZZMWpVqQ1jUcNXrKGL68XMEAK1SpdLQ2qMD+oO
q7y9vQD8ERdqTlMCSFcHhnxxLe1412jHeUPvGrFWBpZ3UK7fZ2FNw2lxzYtthxyl
j2E7tg1/XKCsXi8=
=lHrA
—–END PGP SIGNATURE—–