INCIDENT HANDLING (IRIS-CERT Service)
INCIDENT MANAGEMENT
IRIS-CERT, upon receiving a complaint, contacts the person managing the attacking IP through a ticket, either by telephone or by e-mail. In this ticket it requests an explanation of the origin and causes of the attack, and preventive measures for abating the aggression.
These tickets have a type identifier [IRIS-CERT #id] in the "Subject" field of the report, where id is an integer that uniquely and unmistakably identifies the incident.
Note: RedIRIS filters may be applied to serious security incidents, such as denial of service attacks or attacks on communications infrastructure. In these cases, it will be attempted as far as possible to include the regional network or the institution itself in the first application of the filter. In any case, the institution and the regional network will be notified of the application of filters as appropriate. |
Once the report is released, the recipient's response is awaited. If it is not received, IRIS-CERT will automatically send follow-up messages.
The procedure for sending follow-up messages will vary depending on whether the source of the attack is a RedIRIS member institution or an external institution.
RedIRIS member institutions
Once the ticket is opened, 7 calendar days will pass before the first follow-up message is sent (FOLLOW UP #1).
If no response is received within 7 calendar days, a follow-up message will be resent (FOLLOW UP #2).
Finally, if a response has still not been received, a message announcing the closure of ticket with resolution value "Problem not resolved (no response received)" will be sent.
Note: If the ticket is closed with "Problem not resolved (no response received)", the resolution value may be changed to "Solved successfully (solution provided)". This can be done by answering the ticket closure message indicating the cause of the attack and the solutions provided. |
RedIRIS non-member institutions
Once the ticket is opened, 7 calendar days must elapse before the first follow-up message is sent (FOLLOW UP #1).
If a response is not received within 7 calendar days, the ticket will be closed with the resolution value "Problem not resolved (no response received)".
Notice that in this case, no message is sent indicating the closing value.
Note: RedIRIS filters may be applied to serious security incidents, such as denial of service attacks or attacks on communications infrastructure. In the se cases, it will be attempted as far as possible to include the regional network or the institution itself in the first application of the filter. In any case, the in stitution and the regional network will be notified of the application of filters as appropriate. |