AzNET Project
About CERT Education Software Clients Contacts Staff
 Contacts
Dilara Aliyeva str.
702 Drogal lane,
Post Delivery Office,
Baku AZ1010 Azerbaijan
Tel: (+99412) 5963741
Fax: (+99412) 5963742
E-mail: cert@cert.aznet.org
 Partners

 AzNET Founders
UNDP OSI
MinCom AzRENA
 ABOUT CERT
 

CSIRT Description for CERT Azerbaijan

1. About this document

1.1 Date of Last Update

This is version 1.00, published on 8 January 2007.

1.2 Distribution List for Notifications

Currently CERT Azerbaijan does not use any distribution lists to notify about changes in this document.

1.3 Locations where this Document May Be Found

The current version of this CSIRT description document is available from the CERT Azerbaijan WWW site; its URL is http://www.cert.aznet.org/rfc2350.txt. Please make sure you are using the latest version.

1.4 Authenticating this document

Not Available

2. Contact Information

2.1 Name of the Team

"CERT Azerbaijan": Computer Emergecy Response Team Azerbaijan

2.2 Address

Dilara Aliyeva str.
702 Drogal lane,
Post Delivery Office,
Baku AZ1010 Azerbaijan
E-mail: cert@aznet.org

2.3 Time Zone

Central European Time (GMT+0300, GMT+0400 from April to October)

2.4 Telephone Number

+99412 5963741

2.5 Facsimile Number

++99412 5963742 (note: this is *not* a secure fax)

2.6 Other Telecommunication

None available.

2.7 Electronic Mail Address

This is a mail alias that serves the human(s) on duty for CERT Azerbaijan.

2.8 Public keys and Other Encryption Information

None available.

2.9 Team Members

Eugene Khodosov
Emin Akhundov
Denis Rotkin
Arzu Abbasov

2.10 Other Information

General information about CERT Azerbaijan, as well as linksto various recommended security resources, can be found at http://www.cert.aznet.org/

2.11 Points of Customer Contact

The preferred method for contacting CERT Azerbaijan is via e-mail at ; e-mail sent to this address will be handled by the responsible human.

If it is not possible (or not advisable for security reasons) to use e-mail, CERT Azerbaijan can be reached by telephone during regular office hours. Off these hours incoming phone calls are transmitted to an aswering machine. All messages recorded are checked ASAP.

CERT Azerbaijan hours of operation are generally restricted to regular business hours (09:00 - 19:00 CET Monday to Friday except holidays).

If possible, when submitting your report, use the form mentioned in section 6.

3. Charter

3.1 Mission Statement

The purpose of CERT Azerbaijan is to assist non-profit and educational institutions in implementing proactive measures to reduce the risks of computer security incidents and to assist them in responding to such incidents when they occur. CERT Azerbaijan also handles incidents that originate in Azerbaijani networks and are reported by any Azerbaijani or foreign persons or institutions.

3.2 Consituency

CERT Azerbaijan constituency is non-profit and educational institutions connected to AzNET network.

3.3 Sponsorship and/or Affiliation

CERT Azerbaijan is currently financially supported by the Creation of Infrastructure for CERTs in Azerbaijan, Georgia, Tajikistan, Belarus, Moldova, Ukraine and their Initial Operation NATO NIG, which AzNET from Azerbaijan takes part in.

3.4 Authority

CERT Azerbaijan operates under the auspices of, and with authority delegated by, UNDP/AzNET Project.

CERT Azerbaijan expects to work cooperatively with system administrators and customers of AzNET. All members of CERT Azerbaijan are employees of AzNET and thus have wide possibilities of interacting with AzNET System Administrators.
CERT Azerbaijan does its best to closely cooperate with all large ISP's abuse teams, establish direct contacts and exchange necessary data in order to prevent and recover from security incidents that affect their networks.

4. Policies

4.1 Types of Incidents and Level of Support

CERT Azerbaijan is authorized to address all types of computer security incidents which occur, or threaten to occur, in Azerbaijani networks.

The level of support given by CERT Azerbaijan will vary depending on the type and severity of the incident or issue, the type of constituent, the size of the user community affected, and the CERT Azerbaijan's resources at the time, though in all cases some response will be made within two working days.

Incidents will be prioritized according to their apparent severity and extent.

End users are expected to contact their systems administrator, network administrator, or department head for assistance. CERT Azerbaijan will give full support to the letter people. Only limited support can be given to end users.

4.2 Co-operation, Interaction and Disclosure of Information

CERT Azerbaijan exchanges all necessary information with other CSIRTs as well as with affected parties' administrators. No personal nor overhead data are exchanged unless explicitly authorized.

All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if the must be transmitted over unsecured environment as stated below.

4.3 Communication and Authentication

In view of the types of information that CERT Azerbaijan deals with, telephones will be considered sufficiently secure to be used even unencrypted. Unencrypted e-mail will not be considered particularly secure, but will be sufficient for the transmission of low-sensitivity data. If it is necessary to send highly sensitive data by e-mail, PGP will be used. Network file transfers will be considered to be similar to e-mail for these purposes: sensitive data should be encrypted for transmission.

Where it is necessary to establish trust, for example before relying on information given to CERT Azerbaijan, or before disclosing confidential information, the identity and bona fide of the other party will be ascertained to a reasonable level of trust. Within AzNET, and with known neighbor sites, referrals from known trusted people will suffice to identify someone. Otherwise, appropriate methods will be used, such as a search of FIRST members, the use of WHOIS and other Internet registration information, etc, along with telephone call-back or e-mail mail-back to ensure that the party is not an impostor. Incoming e-mail whose data must be trusted will be checked with the originator personally, or by means of digital signatures (PGP in particular is supported).

5. Services

5.1 Incident Response

CERT Azerbaijan will assist system administrators in handling the technical and organizational aspects of the incidents. In particular, it will provide assistance or advice with respect to the following aspects of incidents management:

5.1.1 Incident Triage

- Investigating whether indeed an incident occured.
- Determining the extent of the incident.

5.1.2 Incident Coordination

- Determining the initial cause of the incident (vulnerability exploited)
- Facilitating contact with other sites which may be involved.
- Facilitating contact with appropriate law enforcement officials, if necessary.
- Making reports to other CSIRTs
- Composing announcements to users, if applicable

5.1.3 Incident Resolution

CERT Azerbaijan will give advice but no physical support whatsoever to customers from outside of AzNET internal network with respect to the incident resolution.

- Removing the vulnerability.
- Securing the system from the effects of the incident.
- Collecting the evidence of the incident.

In addition, CERT Azerbaijan will collect statistics concerning incidents processed, and will notify the community as necessary to assist it in protecting against known attacks.

To make use of CERT Azerbaijan's services please refer to section 2.11 for points of contact. Please remember that amount of assistance will vary as described in section 4.1

5.2 Proactive Services

CERT Azerbaijan coordinates and mantaines the following services to the extent possible depending in its resources:

- Information services such as: list of security contacts, repository of securitty-related patches for various operating systems
- Training and educational services

CERT Azerbaijan will organize annual Secure event covering current important security issues which is open for all interested parties.

Detailed information about obtaining these services is available from CERT Azerbaijan website at: http://www.cert.aznet.org/

6. Incident Reporting Forms

CERT Azerbaijan had created a local form designated for reporting incidents to the team. We strongly encourage anyone reporting an incident to fill it out, although this is never required. The current version of the form is available from: http://www.cert.aznet.org/report.txt

Note: This form is available in Azerbaijani, English and Russian.

7. Disclaimers

While every preacution will be taken in the preparation of information, notifications and alerts, CERT Azerbaijan assumes no responsibility for errors or omissions, or for damages resulting from the use of the information contained within.