====== CSIRT ====== {{template>:project:infobox| name=CSIRT| image=brmcsirtfin.png?200| sw=N/A| hw=N/A| founder=[[user:ruza]]| interested=[[user:zlo]]\\ [[user:kxt]]\\ [[user:pinky]]\\ [[user:da3m0n22]]\\ [[user:tomsuch]]\\ | status=active }} ~~META: status = active &relation firstimage = :project:brmcsirtfin.png ~~ ===== BRMlab Computer Security Incident Response Team ===== [[wp>Hackerspace]]s and [[wp>CSIRT]]s are both organizations that are focused on computer security so they can benefit from each other. Also, hackerspace is a place where young potentially talented people come to socialize. The value of a hackerspace organized CSIRT would be to engage such young talents into CSIRT oriented cybersecurity activities. ===== How we will establish an CSIRT and which role it will fullfill ===== ==== 1. Constituency ==== (aka to whom services are provided) Constituency Type: Non-Commercial Organisation - Incident handling: - ASNs, Domains, IP ranges: * 2001:67c:2190:c0de::/64 * 77.87.241.77/32 * brmlab.cz ==== 2. Contacts ==== * email/mailing list: [[https://brmlab.cz/cgi-bin/mailman/listinfo/csirt|csirt@brmlab.cz]] * GnuPG - TODO ==== 3. Services and teams ==== - what CSIRT offers and who does that. (Will be determined by results of our internal discussion.) === Incident handling === * [[user:ruza]] * ... ===== Can I haz an CSIRT? =^..^= ===== Roughly speaking anybody who declares his/her responsibility for providing an incident handling service can. That is the only prerequisite to being considered an **registered** CSIRT. That means responding to requests and reports and analyzing incidents and events related to the IP_range/infrastructure/etc. Other topics that CSIRT can do are optional and roughly described in the following overview presentation: ^ Presentation (ENG): | {{:user:ruza:csirt.pdf|}} | ^ Zaznam prezentace (CZE): | {{http://nat.brmlab.cz/talks/lightning_talks/lt-2016-11/2016-11-03-can-i-haz-csirt-ruza.mp4|}} | If You are into actively participating in of these topics just write down your nick/name into the "3. services and teams" section or drop [[user:ruza|me]] an email or to our mailing list. ===== More info ===== * [[https://www.cert.org/incident-management/csirt-development/csirt-faq.cfm|Common CSIRT FAQ]] on CERT.org * [[https://www.ietf.org/rfc/rfc2350.txt|RFC2350, Expectations for Computer Security Incident Response]] ===== History ===== 3.11.2016 - Internal {{:user:ruza:csirt.pdf|presentation on Talknight}} session.\\ 14.11.2016 - {{:user:ruza:brm-csirt.pdf|Brmlab presentation}} on "Pracovni skupina CSIRT"\\ ===== Topics on security to improve ===== aka i don't know what to do. * SELinux in Ubuntu is a bit derelict * debsecan is not working well on Ubuntu * Can we have privacy aware web browser? ([[user:jenda:spyzilla|]]) * Investigate [[https://wiki.debian.org/SCAPGuide|SCAP]] and its integration with Ubuntu/Debian. Seems that the situation in the RedHat world is noticeably better. * [[https://www.open-scap.org/security-policies/scap-security-guide/|scap-security-guide]] is not packaged for Ubuntu/Debian.