Go to Content

DNSPT-CSIRT

Mission
The DNSPT-CSIRT has a mission to contribute to a safer and more trustful use of the internet under .PT through coordination and cooperation in the answer to security incidents, promoting the awareness for a security culture in its clients and partners community.

RFC 2350

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

1. Scope of this document
This describes the DNS.PT response service to security incidents, in accordance with RFC2350. The DNS.PT has as its object the management, operation and maintenance of the top level domain corresponding to Portugal, .PT.

1.1Date of the last update
Version 1.00, 2017-05-05.

1.2Distribuition lists for notifications
The members of the community are informed of the changes made via closed channels.

1.3Access to this document
The up to date version of this document is available at:  http://www.dns.pt/pt/csirt/. 
The version in English language is available at:  http://www.dns.pt/en/csirt/.

1.4 Autenticity of this document
This document was signed with the PGP Key of the DNSPT-CSIRT, available at http://www.dns.pt/pt/dnspt-csirt/.

2.Contact information
2.1Name of the team
DNSPT-CSIRT

2.2Address
DNS.PT
Rua Latino Coelho n.º 13, 5.º Piso
1050-132 Lisboa
Portugal

2.3Time Zone
Portugal/WEST (GMT+0, GMT+1 from April to October)
2.4Telephone
808 20 10 39 ( Portugal only)
+351 211 583 341 (for international calls)
Working days from 08:00 to 20:00 (local time), Saturday and Sunday from  09:00 to 18:00 (local time)

2.5Fax
+351 211 312 720 

2.6Other contacts
Facebook: https://www.facebook.com/dns.pt
2.7Electronic mail
To report any security incidents: abuse [@]  dns.pt
For other subjects relating to the DNS.PT-CSIRT services: csirt [@] dns.pt

2.8Public keys and cypher information
The  DNSPT-CSIRT PGP Key <csirt [@] dns.pt>:
KeyID: BF477898
Fingerprint: 14F16BB71E9702A43459B6833620D149BF477898
        
2.9Members of the team
DNSPT-CSIRT is operated by:
  - Ricardo Pires <ricardo.pires [@] dns.pt>
  - Eduardo Duarte <eduardo.duarte [@] dns.pt>
  - Inês Esteves <ines.esteves [@] dns.pt>

2.10Other information
Public information in Portuguese about DNSPT-CSIRT can be found at https://www.dns.pt/pt/csirt/.
The version in English language is available at:  http://www.dns.pt/en/csirt/.

2.11Means of contact
DNSPT-CSIRT has the following communication channels:
- To report any security incidents: abuse [@] dns.pt
- For other subjects relating to the DNS.PT-CSIRT services: csirt [@] dns.pt

In case it is not possible (or not advisable for security reasons) to use electronic mail, as an alternative means of contact, the following phone numbers can be used:
808 20 10 39 ( Portugal only ) or +351 211 583 341 (international calls)  
Working days from 08:00 to 20:00 (local time), Saturday and Sunday from  09:00 to 18:00 (local time).

3.Script
3.1Mission
The DNSPT-CSIRT has a mission to contribute to a safer and more trustful use of the internet under .PT through coordination and cooperation in the answer to security incidents, promoting the awareness for a security culture in its clients and partners community

3.2The served Community
The  DNSPT-CSIRT responds to security incidents in the context of its clients community, registrars and in the scope of the technological infrastructure of the .PT consisting in:

  -all the networks within AS199993.

  -The .PT name servers in its DNs zone  root, available at: https://www.iana.org/domains/root/db/pt.html.

3.3Authority
DNSPT-CSIRT is a service that is part of the DNS.PT and cooperates in responding to security incidents within its community of clients and registrars.

4.Policies
4.1 Types of Incidents and Level of Support
The DNSPT-CSIRT responds to all kinds of security incidents, adopting the classification proposed by the National CSIRTs Network:

Malicious code
availability
Information gathering
Intrusion attempt
Intrusion
Information Security 
Fraud
Abusive content
Other

Under normal functioning conditions, the DNSPT-CSIRT proposes to give answer to the incidents above typified in a maximum 24 hours timeline.

The level of support given by DNSPT-CSIRT can vary according with the type and severity of the incident or occurrence identified and the available resources for its treatment.

4.2 Cooperation, interaction and privacy policy
The DNSPT-CSIRT ensures the confidentiality of the received, transmitted or stored communications, within the scope of its activity, establishing in its privacy and data protection policy, that sensitive information can be transmitted to third parties, only and exclusively in case of need and with previous and express authorization from the individual or collective person to whom that information respects to

The DNSPT-CSIRT adheres to the protocol of traffic light protocol (TLP).  The messages and/or files directed DNSPT-CSIRT can be classified by having the tag [TLP Color]. In contact by telephone, the TLP classifications should be previously communicated

4.3.Communication and Authentication
Of the communication means made available by DNSPT-CSIRT, the telephone and the non-cyphered electronic mail are deemed sufficient for the transmission of non-sensitive information. To transmit sensitive information it is mandatory the use of the PGP key, which was identified in point 2.8 of this document. 

5.Services

5.1Incidents response
The DNSPT-CSIRT ensures, in the scope of its activity, a security incidents response service in the context of its clients and partners community, applying an internal methodology based in international standards and best practices published by referenced and independent entities in this field.

5.1.1Incident Triage
Interpretation, classification and prioritizing of the treatment of the security occurrences.

5.1.2Coordenation of incidents
Analyzes the available information, identifies the causes and, if applicable, contacts the involved entities. The DNSPT-CSIRT cooperates with affected entities facilitating, whenever possible, additional information and the contact with third parties that can collaborate in the security incident resolution.

5.1.3Incidents resolution
In the context of its clients and partners community, it falls to DNSPT-CSIRT to counsel these entities about proper measures to the incident resolution, to accompany the incident resolution process. Interpret data and collect proof, if applicable.

5.2Monitoring 
The DNSPT-CSIRT ensures the traffic monitoring within the AS199993 network and also in the .PT name servers. 

5.3Proactive Activities 
DNSPT-CSIRT offers proactively to its community private mailing-lists and security awareness actions.

6.Incidents form
No forms are defined for filling out.

7.Legal warning
Although all precautions in preparing the information divulged in its communication channels, the  DNSPT-CSIRT does not assume any responsibility for errors or omissions, or by damages resulting from the use of that information.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQEcBAEBCAAGBQJZHG7XAAoJEDYg0Um/R3iYdTQH/0jfr4P+s82ToqUP14TpvOuZ
iDPhWmTpzg+PSKHeIGjJNCFFVbt1nH+q0PjTGNUtlmKdVy77+bIkzR5WEG26EABL
yhMk2W94SlFrjvlbtHl/S0EQ2WXb2AV4uL/qQ8XHI9zvQQeJpqaRZ4+t//hBXm+c
f7Rn43fvE90i3KP6zR3a6+F+YoriQCFK+s9uPYQcrOp5M3f4P+MZvZKdQbP+Iccv
q1UWkLnRHTt/8KcFA5OhoMY04jnHKJ92jygvQMyFyo2x8yx9NbNaEyTBss4aGsbw
7b05/6mB322hN8Q9r00ETuKPNAuh8bDaK4Y63Luw7aqWDvgTF5EX9VdzRky+pEo=
=y353
-----END PGP SIGNATURE-----