INCIDENT HANDLING (IRIS-CERT Service)



Who can use IRIS-CERT services?

There are three types of security service user:
  1. RedIRIS member institutions.

    This includes universities and other research centres. These users are entitled to all services (by definition), and may participate in coordinating them.

  2. Other national and international security services.

    IRIS-CERT serves as a point of contact and incident coordination for other security services. The sphere of coordination is all of Spain. The sphere of representation is the whole world.

    IRIS-CERT is a member of FIRST, it contributed to the EuroCERT project and currently serves on the TERENA TF-CSIRT Task Force, to promote cooperation between CSIRTs in Europe.

    Since 23 March 2001, IRIS-CERT has been a level 2 team in the Terena Trusted Introducer service.

    IRIS-CERT can also act as liaison with the State Security forces (police and Civil Guard), although it does not take action on behalf of others and limits its participation in such processes to technical consultancy.

  3. Internet providers and users in Spain:

    The service offered to them, outside RedIRIS institutions, is limited to the following:

    • Use of the IRIS-CERT public resources (Web server, FTP, mailing lists).
    • Security incidents response service. The incident response service is offered to all alike, according to the criteria and priorities set forth.

You can find a formal description of the services provided by IRIS-CERT, according to the RFC 2350, here.

How much does it cost?

There is no charge for the service and it is offered only to RedIRIS member institutions.

The fact that there is no charge for the service for users does NOT mean it is free. The National R&D Plan funds a network for researchers and a security service that ensures its integrity. Coordination of incidents outside of RedIRIS is an additional task necessary to perform that service.

What are the services that IRIS-CERT cannot offer me?

  • To all:

    The service offered is limited by the availability of resources and personnel. When demand exceeds service capacity the following priority criteria will be considered.

  • To non-RedIRIS members:

    We try to train Internet users in general, in the collaborative spirit of RFC1281, from which we extract the following paragraph:

    The Internet is a cooperative venture. The culture and practice in the Internet is to render assistance in security matters to other sites and networks.

    We understand that this kind of cooperation benefits us all.

    However, from this and from the fact that we do not charge for our services, the conclusion should not be drawn that we are a free advisory service. The answering of inquiries not related to our services is provided exclusively in a personal capacity and without obligation, only when it is deemed appropriate and the workload permits.

What information should I send IRIS-CERT in an incident report?

When you send us a report about a security incident it is very important to provide as much information as you can collect about the affected machine/s. To assist you, we provide this form to avoid unnecessary downtime when IRIS-CERT needs information not provided in the initial report.
Once completed, the form should be sent to cert@rediris.es. If you can not access your e-mail, you can send it by fax to: +34 91 556 8864
RedIRIS undertakes not to use the information for its own benefit or that of others. It also undertakes not to disclose information to third parties without explicit permission, even if not doing so may hamper investigation.

Where can I find more information?

You can contact IRIS-CERT staff at cert@rediris.es.
You will find additional contact information here.
We recommend the use of PGP for confidential communication.