SURFcert: 24/7 support in case of security incidents

SURFcert provides your institute with security incident support 24 hours a day, 7 days a week. SURFcert also provides you with tools to optimise security within your institute yourself. For example, SURFcert is continuously minimising the nuisance of DDoS attacks.

Man achter computer aan tafel op verhoging, foto van verdieping lager genomen

Setting up a Computer Security Incident Response Team (CSIRT)

You can set up your own Computer Security Incident Response Team (CSIRT) for your institution. Such a team handles security incidents in networks. SURFcert supports setting up a CSIRT in your institution.

Responsibility for the institutional network

Local teams can be set up in a variety of ways, which can lead to a number of possible structures. The agreement between all CSIRTs within the SURFnet target group is that each CSIRT takes responsibility for its own institutional network, including any connected ancillary (e.g. departmental) networks.

Standardised method: RFC 2350

When setting up a CSIRT, it is important that the organisation, structure and methods used are standardised to a certain extent. This not only helps streamline a CSIRT's operational internal activities, but will also benefit collaboration with other CSIRTs.

Internet usage (and other) standards provide a useful blueprint that can help a CSIRT to implement the above aspects in a structured manner: the RFC 2350. Download the blueprint for use as a basis to be further adapted by the organisation itself.

Registering with SURFcert

Once your CSIRT has been set up and fulfils certain administrative requirements, the team will be registered by SURFcert (contact cert@surfcert.nl or 088 - 787 30 00. From that point on, your CSIRT will also be included in the index of SURFcert registered teams.

CSIRTs all over the world

The Netherlands

  • National Cyber Security Centre (NCSC) - domain: all government bodies. A warning service is available for private citizens and smaller-scale SMEs.
  • KCSIRT - domain: all schools in the Netherlands, excluding higher education.
  • KPN-CERT - domain: all KPN customers

Europe

Information on all European teams can be found at Trusted Introducer for CSIRTs in Europe by G√ČANT

Worldwide

  • FIRST - list of FIRST members (including SURFcert). A general list of all teams affiliated with FIRST, the international organisation for Incident Response and Security Teams.
  • AusCERT - the list maintained by AusCERT (the Australian CSIRT), focusing more on teams in Asia.

SCIRT: the SURFnet Community of Incident Response Teams

The SURFnet Community of Incident Response Teams (SCIRT) is a group comprising the members of the Computer Security Incident Response Teams (CSIRTs) at the institutions connected to SURFnet. SCIRT is the main forum where operational security experts discuss current security challenges and exchange the latest tips and information.