RFC2350 (EN) – RCTS CERT

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA512

RFC 2350: RCTS CERT
Last Revision: Carlos Friacas

1 Information about this document

1.1 Last update date
Version 4.1 published on 2023/09/13.

1.2 Distribution lists for notifications
There is no distribution channel to notify changes on this document.

1.3 Access to this document
The updated version of this document can be found at
+ http://www.cert.rcts.pt/images/docs/RFC2350RCTSCERT_EN.pdf
A Portuguese version can be found at
+ http://www.cert.rcts.pt/images/docs/RFC2350RCTSCERT.pdf

1.4 Authenticity of this document
This version of RCTS CERT’s service description is signed with RCTS CERT’s
PGP key.

2 Contact information

2.1 Team Name
RCTS CERT

2.2 Postal Address
Fundacao para a Ciencia e a Tecnologia
Unidade de Computacao Cientifica Nacional
RCTS CERT
Apartado 50435
1700-001 Lisboa
Portugal

2.3 Time zone
Portugal/WEST (GMT+0, GMT+1 during summertime)

2.4 Phone Number
+351 218 440 177

2.5 Fax
+351 218 440 185

2.6 E-mail
report@cert.rcts.pt; info@cert.rcts.pt; seguranca@fccn.pt;
cert@cert.rcts.pt; security@cert.rcts.pt; abuse@cert.rcts.pt

2.7 Other Types of Telecommunications
Nonexistent.

2.8 Public Keys and Encryption Information
RCTS CERT’s PGP key has KeyID 0xb17d81a9e0161928 and its fingerprint is
F6E2 2181 8B84 28DA 5AF2 F163 B17D 81A9 E016 1928.
This key can be found at the usual key servers on the Internet
such as pgp.mit.edu or pgp.circl.lu.

2.9 Team Members
Coordination: Carlos Friacas
Members: Filipa Macieira, Pedro Silva, João Machado, Louise Altvater
Legal advice: Miguel Andrade

2.10 Further Information
Further information about RCTS CERT can be found at
http://www.cert.rcts.pt/.
Team info is also available at:
+ https://www.trusted-introducer.org/directory/teams/rcts-cert.html
+ https://www.first.org/members/teams/rcts_cert

2.11 Types of contact for users
RCTS CERT has the following types of contact (in order of preference):
E-mail for reporting security incidents:
report@cert.rcts.pt; cert@cert.rcts.pt; abuse@cert.rcts.pt; seguranca@fccn.pt
E-mail for other related issues with computer security:
info@cert.rcts.pt; security@cert.rcts.pt
Phone
+351 218 440 177
Fax
+351 218 440 185

3 Charter

3.1 Mission Statement
RCTS CERT’s central mission is contributing to the cybersecurity effort from
user communities tied to organizations connected to the Science, Technology
and Society Network (RCTS), namely through processing and coordination of
incident response, by producing security alerts and recommendations, and to
promote a cybersecurity culture.

3.2 Constituency
RCTS CERT provides incident handling on RCTS’ (Science, Technology and
Society Network) user community context. IP address ranges within RCTS
CERT’s scope are:

2001:690::/32
139.83.0.0/16
158.162.0.0/19
158.162.64.0/19
158.162.96.0/20
158.162.112.0/21
158.162.128.0/18
185.175.184.0/22
192.26.231.0/24
192.26.236.0/24
192.26.239.0/24
192.67.76.0/24
192.68.186.0/24
192.68.209.0/24
192.68.216.0/24
192.68.221.0/24
192.68.224.0/24
192.76.242.0/24
192.80.20.0/24
192.82.127.0/24
192.82.214.0/24
192.84.13.0/24
192.84.15.0/24
192.86.138.0/24
192.88.17.0/24
192.88.250.0/23
192.88.252.0/23
192.88.254.0/24
192.92.133.0/24
192.92.135.0/24
192.92.142.0/24
192.92.144.0/24
192.92.145.0/24
192.92.146.0/24
192.92.147.0/24
192.92.148.0/24
192.92.149.0/24
192.92.152.0/24
192.92.153.0/24
192.94.24.0/24
192.104.48.0/24
192.107.122.0/24
192.122.238.0/23
192.122.240.0/23
192.122.242.0/24
192.132.53.0/24
192.132.55.0/24
192.133.108.0/24
192.135.187.0/24
192.135.219.0/24
192.136.52.0/24
192.138.86.0/24
192.138.204.0/24
192.147.155.0/24
192.153.13.0/24
192.190.174.0/24
192.195.195.0/24
192.207.196.0/24
193.136.0.0/15
193.236.100.0/23
193.236.160.0/20
194.117.0.0/20
194.117.16.0/21
194.117.40.0/21
194.117.48.0/23
194.210.0.0/16

Incident handling is RCTS CERT’s responsibility, on the terms foreseen at
the “Medidas de Controlo de Incidentes de Seguranca Informatica” document
(http://www.cert.rcts.pt/images/docs/medidas_de_controlo_de_incidentes_de_seguranca_informatica.pdf),
specifically regarding feedback timeframes, incident types, communication
means and traffic control measures contained within.

3.3 Affiliation
RCTS CERT is a service component of RCTS – Rede Ciencia, Tecnologia e
Sociedade:
+ https://www.fccn.pt/en/quem-somos/rede-rcts-rede-ciencia-tecnologia-e-sociedade/
RCTS CERT is a founding member of the National CSIRT Network:
+ https://www.redecsirt.pt/#membros
RCTS CERT is a certified member of TF-CSIRT:
+ https://www.trusted-introducer.org/directory/teams/rcts-cert.html
RCTS CERT is a full member at FIRST:
+ https://www.first.org/members/teams/rcts_cert
RCTS CERT is part of ENISA’s CERT inventory:
+ https://www.enisa.europa.eu/publications/inventory-of-cert-activities-in-europe/
+ https://www.enisa.europa.eu/topics/csirts-in-europe/csirt-inventory/certs-by-country-interactive-map

3.4 Authority
RCTS CERT is a service component of RCTS – Rede Ciencia, Tecnologia e
Sociedade. Its authority is defined on the RCTS User Letter
(https://www.fccn.pt/media/2021/06/AUP_RegulamentoRCTS-FCCN.pdf [Portuguese
version only]), specifically on:

(Translated)

FCCN’s Responsibilities

1. RCTS connectivity services do not implement filtering, encryption or
others that may introduce latency into communications.
2. By way of derogation from the previous number, FCCN’s RCTS CERT security
service ensures the monitoring of network operations, coordination of security
incident response, including total or partial, temporary or definitive service
cut actions, when these are deemed necessary for the protection of other
USER ENTITIES, RCTS or of the Internet in general, or the management of
vulnerabilities within RCTS.
3. Mechanisms and measures for the mitigation of security incidents and the
management of vulnerabilities arising from the operation provided for in the
previous number are regulated in the standalone document “MEDIDAS DE CONTROLO
DE INCIDENTES E EVENTOS DE SEGURANÇA INFORMÁTICA”.

4 Policies

4.1 Incident types and support level
RCTS CERT handles all types of security incidents, and has adopted the
Portuguese National CSIRT Network Taxonomy, available at:
https://www.redecsirt.pt/files/RNCSIRT_Taxonomia_v3.0.pdf

4.2 Privacy Policy
In the scope of the RCTS CERT activity and services, personal data is
collected and processed by the FCT – Foundation for Science and Technology,
in its FCCN Unit, which is intended exclusively for the purpose of
Execution and management of the system for IT security incidents response
within the context of all the services provided by FCCN to the research
and teaching community. For this purpose, data is collected regarding the
following categories of data subjects: RCTS network users, user entity
representatives, user entity employees, attendees in training sessions
(Workshops) and the following data categories: Identification: name
(in the context of training sessions and helping user entities); user logins
(in the context of incident response and endpoint protection); username and
passwords (in the context of phishing awareness campaigns) Contact: email
addresses; Professional IP addresses: entity where they
work/collaborate/study. This processing is lawful as it is necessary for the
performance of public interest functions in accordance with Article 6(1)(f)
and Article 6(2) of the General Data Protection Regulation – Regulation (EU)
2016/679 of the European Parliament and of the Council of 27.04.2016
(hereinafter GDPR).
In this case the public interest is based on FCT’s mission and duties set
out in Decree-Law No. 55/2013, of April 17 and article 9(1) c) of the
Annex to Ordinance No. 216/2015, of July 21, namely regarding the duties of:
Ensuring the management and operationalisation of the computer security
incident response. FCT is responsible for the processing of personal data,
with headquarters at Avenida D. Carlos I, 126, 1249-074 Lisbon, telephone:
+351 21 3924300, and it has appointed a Personal Data Protection Officer,
whose contact shall be made directly to the email address dpo@fct.pt for
all matters related to the personal data processed for this purpose.
It is further informed that the data shall be kept in accordance with
what is stipulated by law or regulation, or in the absence thereof, with
what is deemed necessary for the pursuit of the purpose.
As Data Subject, you have the right to request FCT – through any of the
contacts indicated above – to access your personal data, to rectify or
erase them, to limit the processing of your data and to request data
portability when technically possible. You may also object to the processing
or withdraw, at any time, the consent previously given, if applicable.
Without prejudice of sending a direct notification to FCT, through the
contacts available herein, data subjects may complain directly to the
National Commission for Data Protection (www.cnpd.pt), using the contacts
made available by this body for that purpose. FCT may also process personal
data for archiving purposes in the public interest, for scientific or
historical research purposes or for statistical purposes in accordance
with the principle of data minimisation, including anonymisation or
pseudonymisation, whenever the purposes can be achieved by one of these
means. Where personal data are to be processed for archiving purposes in
the public interest, for scientific or historical research purposes or for
statistical purposes, the rights of access, rectification, restriction of
processing and objection provided for in Articles 15, 16, 18 and 21 of the
GDPR shall be affected, to the extent necessary, if those rights are
likely to obstruct or seriously undermine the achievement of those purposes.
To ensure the protection of processed personal data, FCT implements strict
and internationally recognised rules applicable to all those who legally
handle personal data, adopting technical and organisational security
measures in order to protect the personal data that are made available,
such as confidentiality, integrity and authenticity of the processed data,
in this context articulated with the general principles on open data that
recommend free and online access to publications and data resulting from
scientific research funded by FCT, which, by default, ensure that the
data is traceable, accessible, interoperable and reusable.

4.3 Communication and authentication
– From the communication means made available by RCTS CERT, phone and
non-ciphered e-mail are considered to be sufficient to non-sensitive
information transmission. In order to transmit sensitive information, PGP
usage is mandatory.

5 Services

5.1 Handling of security incidents
Security incident handling is RCTS CERT’s main service. A security incident
is any action or set of actions developed against a compute or network of
computers, which results, or can result, in a loss of confidentiality,
integrity or performance of a data network or digital system, namely
non-authorized access, modification or removal of information, interference
or service denial in a digital system. RCTS CERT handles security incidents
in the context of RCTS – Rede Ciencia, Tecnologia e Sociedade – incidents
which source or target of an attack is within RCTS.

5.2 Alert dissemination
RCTS CERT aims to gather a set of information received from several
well-known sources, evaluate its severity degree and translate it to
Portuguese language. Depending on the severity degree, the analyzed
information can result in a security alert, on a recommendation or a simple
news entry published on the http://www.cert.rcts.pt/ portal.

5.3 New CSIRT teams support
RCTS CERT also intends to promote the creation of new security incident
handling teams within RCTS and in the Portuguese Public Administration
context. This service includes holding training events directed to security
incident handling, spreading the word about the theme on adequate fora, and
the support to the creation of new CSIRTs.

5.4 DNS Firewall
RCTS CERT makes available to its constituency a DNS-based mechanism that
prevents communications with malicious domains. The service encompasses the
maintenance and dissemination of a list of malicious domains. In the event
that a user accesses a URL that contains a malicious domain, the content
displayed will be a local page, indicating that the URL that you tried to
access includes malicious content.

5.5 Security Audits
Security audits are performed on request, strictly for RCTS CERT’s
constituency. Each audit involves the preparation of a report containing the
set of facts found and also suggestions for mitigation.

5.6 Monitoring against web defacements
Alarms against web defacements is a RCTS CERT pilot service, which includes
continuous monitoring, archiving several versions of a web server to be able
to register/evaluate any changes. This service is only available for the
constituency.

5.7 Anti-Phishing awareness campaigns
RCTS CERT develops on-demand phishing campaigns for members of its
constituency and other organisations that sign a specific agreement.
Following the development of a campaign, there will also be an awareness
session addressed to the set of people defined as the target group. The aim
of this service is to provide a tool to evaluate the degree of exposure of
an organization to potential future incidents, increasing awareness to
cybersecurity issues.

6 Disclaimer
While all precautions were taken in the preparation of disclosed information
on the Internet portal or through distribution lists, RCTS CERT assumes no
responsibility for errors or omissions or for damages resulting from the use
of that information.

—–BEGIN PGP SIGNATURE—–

iQJIBAEBCgAyFiEE9uIhgYuEKNpa8vFjsX2BqeAWGSgFAmUB9vQUHHJlcG9ydEBj
ZXJ0LnJjdHMucHQACgkQsX2BqeAWGSjFSg/+Nf/TQAbU/5dlhQjxrynRbGwS7QBz
OFOr58TPTuEsku2CcR+AGryPkliSQA8uEl9rjZHELsGOGqRe9X1Mbvu6Xgixebin
YANihF27MqpqVXvF+HSiwLTnoBsiWcA0uDh2LH3f20/ardlDCViBKnK7M3vU5Io5
YFzj3QPJ05pJYbJe6CfPCg4XCIl4uXipFaiiUp+8G1egfQeccphoxZONkJwU/7Xr
V5rYQstoW52CvdzkY5LJsIOGC6YzpGfX8gdbWEm64p3YI9h9TbbHl789DFPo7OA8
/dTXAo0xdghpwJY/8+9eZhZMEE0p/ve/KMRfaPwk6ACGli0k5TPtfiSfjgufj7ts
ZqjIOrF1OaoJOlVQLxJDB8RMEU9VPoRXdjAk26u++W4TG+8WJVXH/I+sB/FVbdIr
IWsPWgz/LRiMDS1eIopf/3DUZIA+SQid256zyeGh7WczHwbOY1eyWKGkOSv8JIm4
1FjAPwxc/ZfSNR1Xn0NKwQvC1H1C6ePjRI7yigZ+nXGnFsqTpYke9zW7QK8948M+
fRIa2SRe5T8a5YLyRD9S/mjlhr//EzT6Fkook2d6qMDIRDxU/IPo2Mksjg4bK0Br
2N+6gSSrSQY1CrUHy5ve+Wg4bAQDieaGwmKgrbOHHNgjUFalg/TnqCYOgUnM4Mqa
nJNgD91+aNIj5sk=
=3gff
—–END PGP SIGNATURE—–