DFN-CERT The Computer Emergency Response Team for the German Research Network (DFN) The team which is building up the DFN-CERT is located in Hamburg. It is providing incident response as well as PKI services to the DFN community. For further information on DFN please connect to http://www.dfn.de The aims of the CERT are: - assisting the members of the German research network in setting up preventive measures to improve the security of the participating sites. - giving quick and effective help and information in case of security related accidents (e.g. attacks from hackers, computer virii, computer worms, etc.). - intensifying the flow of information between the DFN-CERT and similar international groups. This will establish a realiable cooperation. - setting up contacts to manufacturers, software distributors and providers. Due to the broad spectrum of the used technologies and systems within the constituency, the necessary know-how for handling incidents can not always be found within the team. Therefore a cooperation with other CERTs and software providers is necessary for a successful operation. As the DFN-CERT became member of the Forum of Incident Response and Security Teams (FIRST), this cooperation has already started. Vulnerabilities and security holes will be reported to each other and the analysis of incidents can be done in international cooperation. If confidential information has been given to the CERT, the distribution of this information will necessitate the consent of the originator. The removal of identifying data will be used for further protection of persons or sites. Sensitive information will be send via electronic mail only with the help of cryptographical methods. The team supports the use of S/MIME within the DFN-PKI and PGP/GPG. If new security holes are detected, the countermeasures will be done in cooperation with other CERTs and the involved vendors or providers. The information will be given to the constituency as soon as a solution has been found (or immediately, if further waiting will increase the damage). The DFN-CERT will continue publishing security bulletins for its constituency. Advisories of other CERTs will not be modified or translated into German. They will be distributed if necessary. Support of the DFN-CERT from its constituency is welcome. Establishing "self-help" started with the operation of two moderated mailing lists. The first list "win-sec" will be used for discussing security related problems within the DFN working group "security". A second list called "win-sec-ssc" is intended for the "Site Security Contacts" as a fast channel to the security administrators. Each site of the WIN-network should nominate at least one person as a site security contact. This will help to exchange sensitive information and will reduce the time for the distribution of alerts and warnings. All interested persons can subscibe to the mailing list "win-sec". The topics of this list will cover the discussion of all problems and questions related to computer security. Please note, that no details of security holes should be described in contributions to this list, as this could result in an abuse. These details should be mailed directly to the DFN-CERT which will handle the incident. The mailing list "win-sec-ssc" is intended as a direct channel to the security administrators at the participating sites of the WIN. All available advisories and warnings from the DFN-CERT and other CERTs will be send to this mailing list only. The DFN-CERT will collect and distribute information about programs or measures which help to improve the security. If available, they will be published as "DFN-CERT Information Bulletins". All information is available from two informations servers (AnonFtp and World-Wide-Web) as well. Use the following addresses to access our information services (the addresses are given as URLs for easier use with WWW Browsers): AnonFtp: ftp://ftp.cert.dfn.de/pub World-Wide-Web: http://www.dfn-cert.de/ (in German) http://www.dfn-cert.de/eng/ (in English) Electronic mail: dfncert@cert.dfn.de (Incidents/Vulnerabilities) info@cert.dfn.de (Information requests) For a subscription to the mailing lists "win-sec" or "win-sec-ssc" please send mail to: win-sec-request@lists.dfn-cert.de or win-sec-ssc@lists.dfn-cert.de