Security Incident Response Team (SIRT)
Sikkerhet gjennomsyrer hele Orange Business sin virksomhet. Sikkerhetsperspektivet inngår som element i alt vi gjør, fra etablering av IT-arkitektur til prosesser og prosedyrer.
Blir sikrere gjennom et internasjonalt samarbeid
Ikke mange leverandører tilbyr et komplett spekter av både drifts– og sikkerhetstjenester. Vanligvis vil virksomheter hyre inn sikkerhetseksperter til analyse av driftssikkerhetssituasjonen eller for å dekke andre enkeltbehov. Hos Orange Business deltar imidlertid sikkerhetsrådgivere i alle deler av leveransene. Vårt Security Incident Response Team (SIRT) håndterer konkrete sikkerhetshendelser og følger proaktivt opp avdekkete sårbarheter. SIRT-teamet har hyppige kontakt med organisasjoner som NorCERT (Norge) og CERT- SE (Sverige) for dele fersk kunnskap og erfaring.
NorCERT er en avdeling i Norsk Nasjonal Sikkerhetsmyndighet som koordinerer forebyggende arbeid og tiltak mot IT- sikkerhetsbrudd som er rettet mot vital norsk infrastruktur.
CERT-SE er Sveriges nasjonale Computer Security Incident Response Team. Teamet støtter arbeidet med håndtering og forebygging av IT-sikkerhetshendelser i Sverige. Virksomheten drives fra the Swedish Civil Contingencies Agency.
Sammen med andre CERT-team starter Orange Business nå en nasjonal CERT-gruppe i Sverige. Målet for gruppen er å støtte medlemmene i sikkerhetsrelaterte spørsmål og være oppdatert på sikkerhetsfeltet i Sverige.
Orange Business SIRT – RFC 2350
1. Document Information
This document contains a description of Basefarm SIRT according to RFC 2350. It provides basic information about the Basefarm SIRT, the ways it can be contacted, describes its responsibilities and the services offered.
1.1 Date of Last Update
This is version 0.3 as of 2018/03/07.
1.2 Distribution List for Notifications
There is no distribution list for notifications as of 2018/03.
1.3 Locations where this Document May Be Found
The current version of this document can always be found at https://www.basefarm.com/en/collaboration/basefarm-sirt#section2
For validation purposes, a GPG signed ASCII version of this document is located here
The key used for signing is the Basefarm SIRT key as listed under 2.8.
2. Contact Information
2.1 Name of the Team:
Basefarm SIRT.
2.2 Address
Basefarm SIRT
Sveavägen 159
113 46 Stockholm
Sweden
2.3 Time Zone
We are located in the central European timezone (CET) which is GMT+0100 (+0200 during day-light saving time).
2.4 Telephone Number
+46 73 526 00 46.
2.5 Facsimile Number
None.
2.6 Other Telecommunication:
None.
2.7 Incident Reports
Please send non-encrypted incident reports to abuse@basefarm.com (24/7). Please send encrypted incident reports to sirt@basefarm.com (Looked at between 08:00 – 16:00 Mon-Fri). Non-incident related mail should be addressed to … (Looked at between 08:00 – 16:00 Mon-Fri).
2.8 Public Keys and Encryption Information
All official communication by Basefarm SIRT will be signed by the current operations key, which is:
pub rsa4096 2013-02-06 [SCEA] [expires: 2019-01-19]
636C337B32DFF865CA3999DEB0E73FAC52696A6C
uid Basefarm SIRT <sirt@basefarm.com>
sub rsa4096 2013-02-06 [SEA] [expires: 2019-01-19]
Encrypted communications with Basefarm SIRT should use this operational key. All keys (including the keys of individual team members) can be found https://www.basefarm.com/sirt/pgpkeys.asc
Basefarm SIRT uses a master signing key to sign all keys used for operational purposes. This trust anchor is:
pub rsa4096 2013-02-06 [SCEA] [expires: 2019-01-19]
636C337B32DFF865CA3999DEB0E73FAC52696A6C
uid Basefarm SIRT <sirt@basefarm.com>
sub rsa4096 2013-02-06 [SEA] [expires: 2019-01-19]
and can be found on most key-servers. Please do not use this key for communications with us.
2.9 Team Members
The SIRT team leader is Fredrik Svantes. Other team members, along with their areas of expertise and contact information, are listed at the bottom of this page.
Management, liaison and supervision are provided by Fredrik Svantes, Head of Security Operations.
2.10 Other Information
2.11 Points of Customer Contact
The preferred method for contacting Basefarm SIRT is via e-mail. Please send non-encrypted incident reports to abuse@basefarm.com (24/7). Please send encrypted incident reports to sirt@basefarm.com (Looked at between 08:00 – 16:00 Mon-Fri). Non-incident related mail should be addressed to sirt@basefarm.com (Looked at between 08:00 – 16:00 Mon-Fri). If it is not possible (or advisable due to security reasons) to use e-mail, you can reach us via telephone at +46 73 526 00 46. Basefarm SIRT hours of operation are generally restricted to regular business hours.
3. Charter
3.1 Mission Statement
The purpose of Basefarm SIRT is to coordinate security efforts, security proactivity and incident response for IT-security problems in the Basefarm Group.
3.2 Constituency
The constituency is the Basefarm Group (Basefarm AS (Norway), Basefarm AB (Sweden) and Basefarm BV (Netherlands). Pro-active and educational material will be provided for SMEs and the general public as well.
3.3 Sponsorship and/or Affiliation
Basefarm SIRT is an initiative of the Basefarm Group. Funding is provided by the Basefarm Group.
3.4 Authority
Basefarm SIRT’s main purpose in incident handling is to take part handling incident response and being proactive in security work at Basefarm Group.
4. Policies
4.1 Types of Incidents and Level of Support
Basefarm SIRT is authorized to address all types of computer security incidents which occur, or threaten to occur, in our Constituency (see 3.2) and which require cross-organizational coordination.
The level of support given by Basefarm SIRT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and Basefarm SIRT’s resources at the time. Special attention will be give to issues affecting critical infrastructure.
Note that no direct support will be given to end users; they are expected to contact Basefarm Support. Basefarm SIRT will support the latter people.
Basefarm SIRT is committed to keeping its constituency informed of potential vulnerabilities, and where possible, will inform this community of such vulnerabilities before they are actively exploited.
4.2 Co-operation, Interaction and Disclosure of Information
Basefarm SIRT will cooperate with other Organizations in the Field of Computer Security. This Cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless Basefarm SIRT will protect the privacy of their customers, and therefore (under normal circumstances) pass on information in an anonymous manner unless other contractual agreements apply.
Basefarm SIRT operates under the restrictions imposed by Swedish, Norwegian or Dutch law depending on where the incident occurs. This involves careful handling of personal data as required by the respective country’s Data Protection law, but it is also possible that – according to the law – Basefarm SIRT may be forced to disclose information due to a Court’s order.
4.3 Communication and Authentication
For normal communication not containing sensitive information, Basefarm SIRT will use conventional methods like unencrypted e-mail or fax.
For secure communication, PGP-Encrypted e-mail or telephone will be used. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST) or by other methods like call-back, mail-back, or even face-to-face meeting if necessary.
5. Services
5.1 Incident Response
Basefarm SIRT will assist the Basefarm Group in handling the technical and organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1. Incident Triage
Determining whether an incident is authentic.
Assessing and prioritizing the incident.
5.1.2. Incident Coordination
Determine the involved customers.
Contact the involved customers to investigate the incident and take the appropriate steps. Facilitate contact to other parties which can help resolve the incident.
Send reports to customer teams.
5.1.3. Incident Resolution
Advise customer teams on appropriate actions.
Follow up on the progress of the concerned customer teams.
Ask for reports.
Report back.
Basefarm SIRT will also collect statistics about incidents within its constituency.
5.2 Proactive Activities
Basefarm SIRT tries to raise security awareness in its constituency.
Publish announcements concerning serious security threats.
Observe current trends in technology and distribute relevant knowledge to the constituency.
Provide for a for community building and information exchange within the constituency.
Data mining early warning systems
Vulnerability Scanning
Penetration testing
Researching new zero-day vulnerabilities and attacks, discovery and disclosure of newly identified vulnerabilities to software and hardware vendors Perform other security-related work.
6. Incident Reporting Forms
If possible, please make use of the Incident Reporting Form.
7. Disclaimers
While every precaution will be taken in the preparation of information, notifications, and alerts, Basefarm SIRT assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.
Policies
Types of Incidents and Level of Support
Basefarm SIRT is authorized to address every type of computer security incident that occurs, or threatens to occur, in our Constituency (see 3.2) and which requires cross-organizational coordination.
The level of support given by Basefarm SIRT will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and Basefarm SIRT’s resources at the time. Special attention will be give to issues affecting critical infrastructure.
Note that no direct support will be given to end users; they are expected to contact Orange Business Support. Basefarm SIRT is committed to keeping its customers informed of potential vulnerabilities and, when possible, will inform this community of such vulnerabilities before they are actively exploited.
Co-operation, Interaction and Disclosure of Information
Basefarm SIRT will cooperate with other Organizations in the Field of Computer Security. This Cooperation also includes and often requires the exchange of vital information regarding security incidents and vulnerabilities. Nevertheless, Basefarm SIRT will protect the privacy of their customers and (under normal circumstances) pass on information anonomously, unless other contractual agreements apply.
Depending on where the incident has occured, Basefarm SIRT operates under the restrictions imposed by Norwegian, Swedish, or Dutch law. This involves careful handling of personal data as required by the respective country’s Data Protection laws. However, it is also possible that – according to the law – Basefarm SIRT may be forced to disclose information due to a Court’s order.
Communication and Authentication
For normal communication that does not contain sensitive information, Basefarm SIRT will use conventional methods like unencrypted e-mail or fax. PGP-Encrypted e-mail or telephone will be used for secure communication. If it is necessary to authenticate a person before communicating, this can be done either through existing webs of trust (e.g. FIRST) or by other methods such as call-back, mail-back, or even face-to-face if necessary.
Basefarm SIRT team
Fredrik Svantes
GPG ID: 6522A8A5
Hans-Petter Fjeld
GPG ID: 526BBF7B
Trond Hagen
GPG ID: 32C05E77
Fredrik Vogel
GPG ID: 29ED1DA6
Abel De Kat Angelino
GPG ID: 595C1855
Kim Weckström
GPG ID: 8FB47A29
Richard Westhof
GPG ID: 0B3B3754
Sebastiaan Wildenboer
GPG ID: 667CED64
Raymond Aarseth
GPG ID: 2824FBF2
Iryna Yuzhyna
GPG ID: 0C704039
Sjir Bagmeijer
GPG ID: 8B8B8481