KazRena - Ассоциация пользователей научно-образовательной компьютерной сети Казахстана
выберите язык:


RFC-2350: CSIRT Description for KAZRENA-CERT

- --------------------------------------------


1. About this document


1.1 Date of Last Update


This is version 1.0, 2015-01-13.


1.2 Distribution List for Notifications


Members of the constituency are informed of changes through their

closed channels.


1.3 Locations where this Document May Be Found


The current version of this CSIRT description document is

available from the KazRENA website; its URL is


Please make sure you are using the latest version.


1.4 Authenticating this Document


This document has been signed with KazRENA-CERT's PGP key.


2. Contact Information


2.1 Name of the Team


"KazRENA-CERT": the KazRENA Computer Emergency Response Team.


2.2 Address




Room 717,

16-18-18a Satpaev Street,





2.3 Time Zone



Winter GMT+0600

Summer GMT+0600


2.4 Telephone Number


+7 727 262 2372

2.5 Facsimile Number


+7 727 262 1725(this is *not* a secure fax)


2.6 Other Telecommunication


Video conferencing is available on request.


Members of the constituency have access to closed, secure communication

and collaboration platforms.


2.7 Electronic Mail Address


Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript .  This address will reach our team mailbox which is

monitored during working hours.


2.8 Public Keys and Other Encryption Information


KAZRENA-CERT has a PGP key, whose KeyID is A0B47A0C and

whose fingerprint is

FEDB 1037 0598 DF59 0B3F  AC02 B1C9 8454 A0B4 7A0C

The key and its signatures can be found at the public keyservers as

well as on the Web site:



2.9 Team Members


KAZRENA-CERT is operated by dedicated staff.  It can fall back to other

employes of KAZRENA for special needs.


2.10 Other Information


General public information about KazRENA-CERT is found on the Web site:



2.11 Points of Customer Contact


Normal contact is through e-mail using the address < Этот e-mail адрес защищен от спам-ботов, для его просмотра у Вас должен быть включен Javascript >.

In urgent cases and emergencies customers as well as other CERTs can

use the phone numbers given above.


KAZRENA-CERT follows standard Kazakhstan office-hours on working days:

9:00 - 18:00

Outside of these hours as well as on weekends, public holidays in

Kazakhstan,services are offered on a best effort basis and are not guaranteed.


3. Charter


3.1 Mission Statement


KAZRENA-CERT supports members of its constituency (see below) with

reactive and proactive services in the field of IT security.


KAZRENA-CERT provides support to third parties for problems originating

in AS41419 (the Kazakhstan research and education network).


KAZRENA-CERT supports the kazrena.kz registries with

reactive and proactive services in the field of IT security.


KAZRENA-CERT provides best-effort services for incidents involving

kazrena.kz domains or with other links to Kazakhstan.


3.2 Constituency


KAZRENA-CERT serves the following customers:


- - All sites part of AS41419, the Kazakhstan research and education network.

- - Selected third parties which have SLAs with KAZRENA-CERT.


3.3 Sponsorship and/or Affiliation


KAZRENA-CERT is operated by KAZRENA.


3.4 Authority


KAZRENA-CERT coordinates security incidents for its constituency.  It

does not have any formal authority over constituency members. Rather,

it is operating in an advisory capacity.


4. Policies


4.1 Types of Incidents and Level of Support


Incidents are prioritized according to their severeness.  Incidents

directly affecting members of the constituency are treated with higher



4.2 Co-operation, Interaction and Disclosure of Information


All requests to KAZRENA-CERT are treated with due care.  KAZRENA-CERT

adheres to the traffic light protocol (TLP).  See




for a description.  Classified messages should be tag in the subject as

[TLP Color].  A similar stamp should be clearly visible in other

documents, such as PDF files etc, sent to KAZRENA-CERT.  If contact is

through phone or video conference, the TLP classifications should be

stated prior to the delivery of the information.


It is recommended to encrypt sensitive information with the PGP key

mentioned above.  Unless required by law, KAZRENA-CERT will never

release information provided by third parties without their consent.

Other encryption methods are available upon request.


4.3 Communication and Authentication


See 4.2.  To ensure authenticity of information use PGP signatures.


5. Services


5.1 Incident Response


KAZRENA-CERT will assist its customers in the following areas.

KAZRENA-CERT requires an official security contact from each member of

its constituency, typically the site security team.  In particular, it

will provide assistance or advice with respect to the following aspects

of incident management:


5.1.1 Incident Triage


- Investigating whether indeed an incident occurred.

- Does the incident belong to our constituency.

- Determining the extent of the incident.


5.1.2 Incident Coordination


- Analyzing available information.

- Contact the organization affected.

- Facilitating contact with other sites which may be involved.

- Support the organization affected with intelligence and

additional information related to the incident.

- Performing specialized tasks, such as forensic analysis, malware

reverse engineering etc. if requested.


5.1.3 Incident Resolution


- Resolving incidents is primarily the customers' responsibility.

KAZRENA-CERT will provide support, where applicable.


5.2 Monitoring


- KAZRENA-CERT monitors the AS41419 backbone for malicious traffic.

- Where feasible KAZRENA-CERT monitors attack infrastructure.


5.3 Proactive Activities


KAZRENA-CERT provides the following proactive services:


- Information services

- Closed mailing-lists.

- Alerts for highly critical threats.

- Awareness materials.

- Proof of Concept demonstrations.


- Training services

- KAZRENA-CERT conducts trainings on current issues for members of

its constituency.


- Meetings

- KAZRENA-CERT organizes periodic meetings for members of its

constituency to facilitate information exchange and inform about

latest trends.


6. Incident Reporting Forms


There are no forms available.  The preferred way of reporting incidents

is by email.


7. Disclaimer


While every precaution will be taken in the preparation of information,

notifications and alerts, KAZRENA-CERT assumes no responsibility for

errors or omissions, or for damages resulting from the use of the

information contained within.


All information in this document is Copyright 2015, KAZRENA.  This

document may not be redistributed, in whole or in part, without the

explicit, written permission of KAZRENA.  Please use the URL given under

1.3 for redistribution.


Наши партнеры: