CSIRT Description for CERT.PROSERVICE.GE
This is version 1.01, published 1 February , 2014.
1.2 Distribution List for Notifications
Notifications of updates are submitted to our mailing list .
1.3 Locations where this Document May Be Found
The current version of this CSIRT description document is available from the site
http://cert.proservice.ge/
2. Contact Information
2.1 Name of the Team
Team Name : CERT.PRO
2.2 Address
CERT.PRO
Proservice Ltd
I. Abashidze st. No.42, 0179, Tbilisi, Georgia
E-mail : cert@proservice.ge
HomePage: http://cert.proservice.ge
2.3 Time Zone
Georgia Standard Time (UTC/GMT +4 hours)
2.4 Telephone Number
+995 32 243 00 44 (ask for CERT.PRO)
2.5 Facsimile Number
+995 32 223 30 05 (this is *not* a secure fax)
2.6 Electronic Mail Address
This is a mail alias that relays mail to the human(s) on duty for the CERT.PRO.
2.7 Team Members
George Natroshviliis the CERT Team Leader and Analysist.
Other members of the team are:
Levan Gogia – CERT Analysist.
Irakli Kvachantiradze – CERT Officer
Vakhtang Chkhenkeli – CERT Officer
2.8 Other Information
General information about CERT.PRO links to various recommended security
resources, can be found at:
http://cert.proservice.ge
2.9 Points of Customer Contact
The preferred method for contacting CERT.PRO is via e-mail at ;
email sent to this address will be handled by the responsible human. If you require urgent assistance, put "urgent" in your subject line.
If it is not possible (or not advisable for security reasons) to use e-mail, the CERT.PRO can be reached by telephone during regular office hours. Telephone messages are checked less often than e-mail. Tel: +995 32 243 00 44
The CERT.GE hours of operation are generally restricted to regular business hours
(10:00-19:00 Monday to Saturday and except holidays).
If possible, when submitting your report, use the form mentioned in section 6.
3. Charter
3.1 Mission Statement
CERT.PRO is a department of LTD Proservice
LTD Proservice is authorized Internet service provider (ISP) company.
Our services include :
• Internet connection and consulting,
• Network infrastructure accounting and auditing,
• Identifying and standardization of network weaknesses and inconsistencies,
• Distribution and maintenance of customer's local network,
• Organizing anti virus protection,
• With the customer's right's and regulations providing internet connection of the employers,
• With the customer's request organize and configuration of unauthorized access protection systems
( Firewall, IDS ) for local network and managed servers .
( Firewall, IDS ) for local network and managed servers .
• Security audit and assessment of vulnerabilities.
• Alerts and warnings;
• Incident handling;
• Intrusion detection services
For the last years we are having collaborating with Data Exchange Agency (DEA) www.dea.gov.ge, which provided us with your contact details. WE are the members of a network security forum organized by DEA aswell.
The purpose of the CERT.PRO is, first, to assist organizations in implementing proactive measures to reduce the risks of computer security incidents and to
assist them in responding to such incidents when they occur.
CERT.PRO also handles incidents that originate in Georgian networks and are reported
by any Georgian or foreign persons or institutions.
3.2 Constituency
The CERT.PRO constituency all adresses assigned to our network and critical infrastructure.
CERT.PRO does its best to closely cooperate with all large Georgian ISP's abuse teams,
establish direct contacts and exchange necessary data in order to prevent and recover from security incidents that affect their networks.
4. Policies
4.1 Types of Incidents and Level of Support
CERT.PRO is authorized to address all types of computer security incidents which
occur, or threaten to occur, in our network, and in some cases in Georgian critical infrastructure and other Georgian ISP's networks.
The level of support given by CERT.PRO will vary depending on the type and severity
of the incident or issue, the type of constituent, the size of the user community affected, and the CERT.PRO resources at the time, though in all cases some response will be made within two working days.
Incidents will be prioritized according to their apparent severity and extent.
End users are expected to contact their systems administrator, network administrator,
information security officer or department head for assistance. CERT.PRO will give full support to the letter people.
4.2 Co-operation, Interaction and Disclosure of Information
CERT.PRO exchanges all necessary information with other CSIRTs as well as with
affected parties' administrators. No personal nor overhead data are exchanged unless
explicitly authorized.
All sensible data (such as personal data, system configurations, known vulnerabilities with their locations) are encrypted if they must be transmitted over unsecured environment as stated below.
5. Services
5.1 Incident Response
CERT.PRO will assist system administrators in handling the technical and
organizational aspects of incidents. In particular, it will provide assistance or advice with respect to the following aspects of incident management:
5.1.1 Incident Triage
- Investigating whether indeed an incident occured.
- Determining the extent of the incident.
5.1.2 Incident Coordination
- Determining the initial cause of the incident (vulnerability exploited).
- Determining the initial cause of the incident (vulnerability exploited).
- Facilitating contact with other sites which may be involved.
- Making reports to other CSIRTs.
- Composing announcements to users, if applicable.
5.1.3 Incident Resolution
CERT.PRO will give advice but no physical support whatsoever to
customers from outside of our network with respect to the incident resolution.
- Removing the vulnerability.
- Securing the system from the effects of the incident.
- Collecting evidence of the incident.
In addition, CERT.PRO will collect statistics concerning incidents which occur within
or involve Georgian critical network, and will notify the community as
necessary to assist it in protecting against known attacks.
5.2 Proactive Activities
CERT.PRO coordinates and mantaines the following services to the extent possible
depending on its resources:
Penetration test service for public sector. Analyzing their cyber resources for vulnerabilities and reporting them.
The CERT.PRO is also responsible for promouting information security awareness in
different ways.
6. Disclaimers
While every precaution will be taken in the preparation of information, notifications and alerts, CERT.PRO assumes no responsibility for errors or omissions, or for damages
resulting from the use of the information contained within.
