Following the establishment of the security team Coolhousing CSIRT, which we informed you in September this year, now we bring you the instructions about discovery of a security incident. With a security incidents is not a good to trifle!
How to report a computer security incident
The best way to report a problem for CSIRT Coolhousing is to send an e-mail to <firstname.lastname@example.org>. The report shall include a complete description of the problem. CSIRT Coolhousing will deal with the reported incident as soon as possible and will inform you that the problem, if any, has been solved and removed. You will receive a reply from <email@example.com> and the e-mail will be signed by our PGP Key.
Reported security incidents are processed in working days from 9:00 to 15:00.
Out of working hours or when it is not possible to report an incident via e-mail, you can always report an incident via phone number +420 777 310 000, which is operated 24/7.
Basic rules for creating incident report
- The report should be a simple text based e-mail, with an attachment if necessary.
- Only one IP address or one address block per report .
- The Subject should contain IP address or address block and case type (spam, virus, scanning, DDOS, hacking, phishing, pharming, alleged misuse of copyrighted work…).
A report about scanning must contain a small cut from a log showing the problem, e.g.:
- timestamp and time zone
- source and destination IP addresses
- source and destination ports
A report about spam or virus must contain a copy of the full mailheader from the e-mail which is considered to be a spam or virus.
A report about spam ("unwanted commercial emails") should contain both the full mailheader, and the original body text.
A report about alleged misuse of copyrighted work must contain following details:
- timestamp and time zone
- source and destination ip addresses deal with copyrighted work
- services used to public or share copyrighted work
- type (name…) of copyrighted work.
A report about phishing or pharming must contain URL, and source of the web page if possible.
A report must contain your contact and organizational information – name and organization name.
A report must be sent from a valid e-mail address.
Reporting security incident
Before you create and send security incident report to CSIRT.CZ, please make sure here that CSIRT.CZ is the right place for your report.
The best way to report a problem is to send an e-mail to <firstname.lastname@example.org>. The report shall include a complete description of the problem.
Basic safety incidents
- Any offences against Czech law, e.g. threats to physical safety of human beings,
- DOS and DDOS attacks,
- spamming (“unsolicited commercial email”),
- compromise of individual user accounts, i.e. unauthorised access to a user or service account,
- phishing and pharming,
- alleged misuse of copyrighted work.
What is a computer security incident?
- Security or availability of computer network of Coolhousing (DoS, brute-force attacks, scanning).
- Attacks against users and services in university network of Coolhousing (e.g., phishing, e-mail scams).
- An IT security threat/danger concerning more than one faculty or other similar part of the DC Coolhousing.
What is not a computer security incident?
- When your antivirus software detects infected file(s).
- Receiving of unsolicited e-mails in "usual amount".
- When you can not login to a computer in DC Coolhousing.
- "Funny" behaviour of your computer in DC Coolhousing.
- Stealing of IT accessories including important data (this covers USB flash drives, portable hard-drives, etc.).
Author: Coolhousing CSIRT