====== CSIRT ======

{{template>:project:infobox|
name=CSIRT|
image=brmcsirtfin.png?200|
sw=N/A|
hw=N/A|
founder=[[user:ruza]]|
interested=[[user:zlo]]\\ [[user:kxt]]\\ [[user:pinky]]\\ [[user:da3m0n22]]\\ [[user:tomsuch]]\\ |
status=active
}}
~~META:
status = active
&relation firstimage = :project:brmcsirtfin.png
~~

===== BRMlab Computer Security Incident Response Team =====

[[wp>Hackerspace]]s and [[wp>CSIRT]]s are both organizations that are focused on computer security so they can benefit from each other.

Also, hackerspace is a place where young potentially talented people come to socialize. The value of a hackerspace organized CSIRT would be to engage such young talents into CSIRT oriented cybersecurity activities.

===== How we will establish an CSIRT and which role it will fullfill =====

==== 1. Constituency ====
(aka to whom services are provided)

Constituency Type: Non-Commercial Organisation

- Incident handling:
  - ASNs, Domains, IP ranges:
    * 2001:67c:2190:c0de::/64
    * 77.87.241.77/32
    * brmlab.cz
==== 2. Contacts ====
  * email/mailing list: [[https://brmlab.cz/cgi-bin/mailman/listinfo/csirt|csirt@brmlab.cz]]
  * GnuPG -  TODO

==== 3. Services and teams ====
- what CSIRT offers and who does that. (Will be determined by results of our internal discussion.)

=== Incident handling ===
  * [[user:ruza]]
  * ...


===== Can I haz an CSIRT? =^..^= =====

Roughly speaking anybody who declares his/her responsibility for providing an incident handling service can. That is the only prerequisite to being considered an **registered** CSIRT. That means responding to requests and reports and analyzing incidents and events related to the IP_range/infrastructure/etc.

Other topics that CSIRT can do are optional and roughly described in the following overview presentation:

<note>
^ Presentation (ENG): |  {{:user:ruza:csirt.pdf|}} |
^ Zaznam prezentace (CZE): |  {{http://nat.brmlab.cz/talks/lightning_talks/lt-2016-11/2016-11-03-can-i-haz-csirt-ruza.mp4|}} |
</note>

If You are into actively participating in of these topics just write down your nick/name into the "3. services and teams" section or drop [[user:ruza|me]] an email or to our mailing list.

===== More info =====
  * [[https://www.cert.org/incident-management/csirt-development/csirt-faq.cfm|Common CSIRT FAQ]] on CERT.org
  * [[https://www.ietf.org/rfc/rfc2350.txt|RFC2350, Expectations for Computer Security Incident Response]]

===== History =====
3.11.2016 - Internal {{:user:ruza:csirt.pdf|presentation on Talknight}} session.\\
14.11.2016 - {{:user:ruza:brm-csirt.pdf|Brmlab presentation}} on "Pracovni skupina CSIRT"\\

===== Topics on security to improve =====
aka i don't know what to do.

  * SELinux in Ubuntu is a bit derelict
  * debsecan is not working well on Ubuntu
  * Can we have privacy aware web browser? ([[user:jenda:spyzilla|]])
  * Investigate [[https://wiki.debian.org/SCAPGuide|SCAP]] and its integration with Ubuntu/Debian. Seems that the situation in the RedHat world is noticeably better.
    * [[https://www.open-scap.org/security-policies/scap-security-guide/|scap-security-guide]] is not packaged for Ubuntu/Debian.